fw/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added radicale

Browse source
This commit is contained in:
fwastring 2025-09-09 21:30:23 +02:00
parent 7f89ce17ab
commit fbd8f1fc96
2 changed files with 38 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

19
maskiner/desktop/configuration.nix
View file

@ -15,6 +15,7 @@
../../moduler/base.nix ../../moduler/base.nix
../../moduler/users.nix ../../moduler/users.nix
../../moduler/kitchenowl.nix ../../moduler/kitchenowl.nix
../../moduler/radicale.nix
#../../moduler/nginx.nix #../../moduler/nginx.nix
#../../moduler/k3s.nix #../../moduler/k3s.nix
../../moduler/vaultwarden.nix ../../moduler/vaultwarden.nix
@ -23,34 +24,33 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
unstable.lego unstable.lego
k9s k9s
neovim neovim
git git
]; ];
security.acme = {
security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "fredrik@wastring.com"; defaults.email = "fredrik@wastring.com";
certs."shop.wastring.com" = { certs."shop.wastring.com" = {
dnsProvider = "gandiv5"; dnsProvider = "gandiv5";
webroot = null; webroot = null;
credentialsFile = /run/secrets/gandi_key; credentialsFile = /run/secrets/gandi_key;
dnsPropagationCheck = true; dnsPropagationCheck = true;
}; };
}; };
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
# other Nginx options
virtualHosts."shop.wastring.com" = { virtualHosts."shop.wastring.com" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:8080"; proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true; # needed if you need to use WebSocket proxyWebsockets = true;
extraConfig = extraConfig =
# required when the target is also TLS server with multiple hosts
"proxy_ssl_server_name on;" "proxy_ssl_server_name on;"
+ +
# required when the server wants to use HTTP Authentication # required when the server wants to use HTTP Authentication
@ -59,7 +59,6 @@
}; };
}; };
# services.tailscale.enable = true; # services.tailscale.enable = true;
# services.tailscale.package = pkgs.unstable.tailscale; # services.tailscale.package = pkgs.unstable.tailscale;

29
moduler/radicale.nix Normal file
View file

@ -0,0 +1,29 @@
{
...
}:
{
security.acme = {
certs."cal.wastring.com" = {
dnsProvider = "gandiv5";
webroot = null;
credentialsFile = /run/secrets/gandi_key;
dnsPropagationCheck = true;
};
};
services.nginx = {
virtualHosts."cal.wastring.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:5232";
proxyWebsockets = true; # needed if you need to use WebSocket
extraConfig = "proxy_ssl_server_name on;" + "proxy_pass_header Authorization;";
};
};
};
services.radicale = {
enable = true;
settings.server.hosts = [ "0.0.0.0:5232" ];
};
}