Infini-DL360/radicale: init

hosts/Infini-DL360/default.nix

@@ -17,6 +17,7 @@
     ./jellyfin.nix
     ./jupyter.nix
     ./postgresql.nix
+    ./radicale.nix
     ./searx.nix
     ./ssh.nix
     ./thelounge.nix

hosts/Infini-DL360/radicale.nix

@@ -0,0 +1,33 @@
+{ common, secrets, ... }:
+
+let
+  domain = common.subdomain "calendar";
+in
+{
+  services.radicale = {
+    enable = true;
+    settings = {
+      server = {
+        hosts = [
+          "0.0.0.0:5232"
+        ];
+      };
+      auth = {
+        type = "ldap";
+        ldap_uri = "ldap://ldap.inx.moe:389";
+        ldap_base = "dc=ldap,dc=inx,dc=moe";
+        ldap_reader_dn = "cn=radicale,ou=users,DC=ldap,DC=inx,DC=moe";
+        ldap_secret_file = secrets.radicale-ldap;
+        ldap_filter = "(&(objectClass=user)(cn={0}))";
+        lc_username = true;
+      };
+      storage.filesystem_folder = "/srv/radicale";
+      rights.type = "owner_only";
+      logging.level = "debug";
+    };
+  };
+
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+    locations."/".proxyPass = "http://localhost:5232";
+  };
+}

overlays/patches/default.nix

@@ -23,4 +23,10 @@ in
   hydra_unstable = addPatches prev.hydra_unstable [ ./hydra-force-allow-import-from-derivation.patch ];
 
   openssh-srv = addPatches prev.openssh [ ./srv-records.patch ];
+
+  pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
+    (pythonFinal: pythonPrev: {
+      ldap3 = addPatches pythonPrev.ldap3 [ ./ldap3.patch ];
+    })
+  ];
 }

secrets/default.nix

@@ -58,6 +58,9 @@ in
       (mkIf config.services.authentik.enable {
         inherit (secrets) authentik authentik-ldap;
       })
+      (mkIf config.services.radicale.enable {
+        radicale-ldap = withOwnerGroup "radicale" secrets.radicale-ldap;
+      })
     ];
   };
 }

secrets/secrets.nix

@@ -45,4 +45,5 @@ generate [
   "ovpn.age"
   "authentik.age"
   "authentik-ldap.age"
+  "radicale-ldap.age"
 ]