60 lines
1.5 KiB
Nix
60 lines
1.5 KiB
Nix
{ config, ... }:
|
|
|
|
let
|
|
inherit (config.networking) ports;
|
|
in
|
|
{
|
|
sops.secrets.radicale-htpasswd = {
|
|
owner = "nginx";
|
|
sopsFile = ../secrets.yaml;
|
|
};
|
|
|
|
services.nginx.virtualHosts = {
|
|
"cal.jalr.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
basicAuthFile = config.sops.secrets.radicale-htpasswd.path;
|
|
locations = {
|
|
"/radicale/" = {
|
|
proxyPass = "http://127.0.0.1:${toString ports.radicale.tcp}/";
|
|
recommendedProxySettings = true;
|
|
#basicAuthFile = "";
|
|
extraConfig = ''
|
|
proxy_set_header X-Script-Name /radicale;
|
|
proxy_set_header X-Remote-User $remote_user;
|
|
'';
|
|
# proxy_pass_request_headers = on;
|
|
# underscores_in_headers = on;
|
|
};
|
|
"/.well-known/caldav".return = "301 $scheme://$host:$server_port/radicale";
|
|
"/.well-known/carddav".return = "301 $scheme://$host:$server_port/radicale";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.radicale = {
|
|
enable = true;
|
|
settings = {
|
|
server = {
|
|
hosts = "127.0.0.1:${toString ports.radicale.tcp},[::1]:${toString ports.radicale.tcp}";
|
|
ssl = false;
|
|
};
|
|
encoding = {
|
|
request = "utf-8";
|
|
stock = "utf-8";
|
|
};
|
|
auth = {
|
|
type = "http_x_remote_user";
|
|
};
|
|
rights = {
|
|
type = "owner_only";
|
|
};
|
|
storage = {
|
|
filesystem_folder = "/var/lib/radicale/collections";
|
|
};
|
|
logging = {
|
|
level = "warning";
|
|
};
|
|
};
|
|
};
|
|
}
|