diff --git a/systems/hetzner/default.nix b/systems/hetzner/default.nix
index 378fe40..7f9b7d5 100644
--- a/systems/hetzner/default.nix
+++ b/systems/hetzner/default.nix
@@ -10,6 +10,7 @@
     ./mail.nix
     ./matrix.nix
     ./nginx.nix
+    ./radicale.nix
   ];
 
   jopejoe1 = {
diff --git a/systems/hetzner/radicale.nix b/systems/hetzner/radicale.nix
new file mode 100644
index 0000000..b35f56f
--- /dev/null
+++ b/systems/hetzner/radicale.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  mailAccounts = config.mailserver.loginAccounts;
+  htpasswd = pkgs.writeText "radicale.users" (concatStrings
+    (flip mapAttrsToList mailAccounts (mail: user:
+      mail + ":" + user.hashedPassword + "\n"
+    ))
+  );
+
+in {
+  services.radicale = {
+    enable = true;
+    config = ''
+      [auth]
+      type = htpasswd
+      htpasswd_filename = ${htpasswd}
+      htpasswd_encryption = bcrypt
+    '';
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "cal.missing.ninja" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:5232/";
+          extraConfig = ''
+            proxy_set_header  X-Script-Name /;
+            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_pass_header Authorization;
+          '';
+        };
+      };
+    };
+  };
+}