diff --git a/hosts/muho/configuration.nix b/hosts/muho/configuration.nix index 22716c4..773a9d7 100644 --- a/hosts/muho/configuration.nix +++ b/hosts/muho/configuration.nix @@ -39,6 +39,7 @@ in { mods.server.share.enable = true; mods.server.vault.enable = true; mods.server.git.enable = true; + mods.server.cal.enable = true; mods.tailscale.enable = true; mods.wireguard.id = 3; diff --git a/hosts/ports.nix b/hosts/ports.nix index de80ebc..2a71808 100644 --- a/hosts/ports.nix +++ b/hosts/ports.nix @@ -6,6 +6,7 @@ share = 3004; vault = 3005; git = 3006; + cal = 3007; search = 8081; videos = 8082; diff --git a/modules/nixos/server/cal.nix b/modules/nixos/server/cal.nix new file mode 100644 index 0000000..63d0759 --- /dev/null +++ b/modules/nixos/server/cal.nix @@ -0,0 +1,46 @@ +{ pkgs, lib, config, ... }: +let + cfg = config.mods.server.cal; + port = config.mods.server.nginx.ports.cal; +in with lib; { + options.mods.server = { + cal = { + enable = mkEnableOption { + default = false; + description = "enables radicale server"; + }; + }; + }; + + config = mkIf cfg.enable { + services.radicale = { + enable = true; + settings = { + server = { hosts = [ "0.0.0.0:${toString port}" ]; }; + auth = { + type = "htpasswd"; + htpasswd_filename = "${toString config.sops.secrets.htpasswd.path}"; + htpasswd_encryption = "bcrypt"; + }; + storage = { filesystem_folder = "/var/lib/radicale/collections"; }; + }; + rights = { + root = { + user = ".+"; + collection = ""; + permissions = "R"; + }; + principal = { + user = ".+"; + collection = "{user}"; + permissions = "RW"; + }; + calendars = { + user = ".+"; + collection = "{user}/[^/]+"; + permissions = "rw"; + }; + }; + }; + }; +} diff --git a/modules/nixos/server/default.nix b/modules/nixos/server/default.nix index b3ef4ad..3953abc 100644 --- a/modules/nixos/server/default.nix +++ b/modules/nixos/server/default.nix @@ -17,5 +17,6 @@ ./share.nix ./vault.nix ./git.nix + ./cal.nix ]; } diff --git a/modules/nixos/sops/default.nix b/modules/nixos/sops/default.nix index 77e6493..30c4d4d 100644 --- a/modules/nixos/sops/default.nix +++ b/modules/nixos/sops/default.nix @@ -10,5 +10,9 @@ in with lib; { owner = "zipline"; group = "zipline"; }; + secrets.htpasswd = mkIf cfg.server.cal.enable { + owner = "radicale"; + group = "radicale"; + }; }; } diff --git a/modules/nixos/sops/secrets.yaml b/modules/nixos/sops/secrets.yaml index 384fbbf..631279b 100644 --- a/modules/nixos/sops/secrets.yaml +++ b/modules/nixos/sops/secrets.yaml @@ -1,5 +1,6 @@ muon-password: ENC[AES256_GCM,data:K2ifHvs8hQXK4//FXf3vfDliiklx0dTn8gpirTBT07Q1XIMJR1Vgn/f1uo62bu4a/bknAR5gEBfd/cSRUTdBBxd7Lec2k3fxQg==,iv:j1JTzyfjcKEqh+PK5tyCWBMV7MpwvIG9MJ9eiajksxM=,tag:ZcSEVBW1UOCvE40yIsaBFQ==,type:str] zipline-secret: ENC[AES256_GCM,data:cdqPWBUg6FZkBrUYNkm7imntc2hXUAxDjd1Ymr3j9y763cbXDYEu44wJF0W1Ng==,iv:sdjV4SkRCTO04AvXqtoPOPyASlitrS4nS+M0Z2lZURA=,tag:gNcOdJvg9PtrRlm84CdbsQ==,type:str] +htpasswd: ENC[AES256_GCM,data:YbDNElLsvRtC1ezgxIYI6U+ZZES1Lr6BXamNdbxQibj0NfC9oobP7ed8MQpFTlhhJZx5I5Xa6XtFrvjdo13NtdU=,iv:P98P1XxtdCp7+TuAwKybzjcWGF1OQtnAuQs4ObZct7o=,tag:gXrQaBxUvuVSB5yYhWcihA==,type:str] sops: kms: [] gcp_kms: [] @@ -33,8 +34,8 @@ sops: cThxTVpmcEMrcG9Lczd3dkdyQ0paSHMKUfkx9jh7zIqBkUjxaH3dVKvNJG3Mipts OjmJ5aVVIR5U8MhgSgECb22mGlOgW8SU/x4gxcWgafZwbv2vbON6OA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-19T19:59:53Z" - mac: ENC[AES256_GCM,data:6bOKL2CLWkezZKFQ/xvOwDDjf4uCd8vCdaahB9Mk9rPu9rLQSUbUrkI8dH1cOwHrVGAOHiIs3wA5jiZ15LUMLu2Hb/sL1WXKRbGAPpe1OiHEojzqof1DhcVbKp325eDOuzFwymAAI+UUrIyjpiXz/2TP0S8DlE2GrijKEiwrarc=,iv:86TLsmeJwRWBxbaA24wyrqSBBLRzTf7OFhKLnn6wOGc=,tag:gO75zauaNt0C4yu6v1iMWw==,type:str] + lastmodified: "2025-01-25T15:55:13Z" + mac: ENC[AES256_GCM,data:M/IPR1hqkiLHqt/fgmZ+HezGrmAKbu0LJJkMMr0895neP6WB571AQ29+VLRm+7jDp9qjKgelwDOU/t/UdUgKP1hSK0cOcHR1B7KecHVCFKHNdfaD70xzA4PUQpTFIc6bHyLSMeQAwoEDKkW3inuKwD6k1RVQmOOUMT9shs6Oe48=,iv:I6XbpfScaJwZPXyVkvreKL2tDwgt7p8Eub/pSD6Bm8g=,tag:6wdBYdoOgf9iX0cGT63v3Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.2 + version: 3.9.3