From 0523784b9c4a9f9a0bd45daf9c001e3e3bed3eaf Mon Sep 17 00:00:00 2001
From: jopejoe1 <johannes@joens.email>
Date: Fri, 3 May 2024 08:59:02 +0200
Subject: [PATCH] add radical server

---
 systems/hetzner/default.nix  |  1 +
 systems/hetzner/radicale.nix | 40 ++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)
 create mode 100644 systems/hetzner/radicale.nix

diff --git a/systems/hetzner/default.nix b/systems/hetzner/default.nix
index 378fe40..7f9b7d5 100644
--- a/systems/hetzner/default.nix
+++ b/systems/hetzner/default.nix
@@ -10,6 +10,7 @@
     ./mail.nix
     ./matrix.nix
     ./nginx.nix
+    ./radicale.nix
   ];
 
   jopejoe1 = {
diff --git a/systems/hetzner/radicale.nix b/systems/hetzner/radicale.nix
new file mode 100644
index 0000000..b35f56f
--- /dev/null
+++ b/systems/hetzner/radicale.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  mailAccounts = config.mailserver.loginAccounts;
+  htpasswd = pkgs.writeText "radicale.users" (concatStrings
+    (flip mapAttrsToList mailAccounts (mail: user:
+      mail + ":" + user.hashedPassword + "\n"
+    ))
+  );
+
+in {
+  services.radicale = {
+    enable = true;
+    config = ''
+      [auth]
+      type = htpasswd
+      htpasswd_filename = ${htpasswd}
+      htpasswd_encryption = bcrypt
+    '';
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "cal.missing.ninja" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:5232/";
+          extraConfig = ''
+            proxy_set_header  X-Script-Name /;
+            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_pass_header Authorization;
+          '';
+        };
+      };
+    };
+  };
+}