diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix
index 036ef59..de2b631 100644
--- a/hosts/Infini-DL360/default.nix
+++ b/hosts/Infini-DL360/default.nix
@@ -17,6 +17,7 @@
     ./jellyfin.nix
     ./jupyter.nix
     ./postgresql.nix
+    ./radicale.nix
     ./searx.nix
     ./ssh.nix
     ./thelounge.nix
diff --git a/hosts/Infini-DL360/radicale.nix b/hosts/Infini-DL360/radicale.nix
new file mode 100644
index 0000000..3caba9f
--- /dev/null
+++ b/hosts/Infini-DL360/radicale.nix
@@ -0,0 +1,33 @@
+{ common, secrets, ... }:
+
+let
+  domain = common.subdomain "calendar";
+in
+{
+  services.radicale = {
+    enable = true;
+    settings = {
+      server = {
+        hosts = [
+          "0.0.0.0:5232"
+        ];
+      };
+      auth = {
+        type = "ldap";
+        ldap_uri = "ldap://ldap.inx.moe:389";
+        ldap_base = "dc=ldap,dc=inx,dc=moe";
+        ldap_reader_dn = "cn=radicale,ou=users,DC=ldap,DC=inx,DC=moe";
+        ldap_secret_file = secrets.radicale-ldap;
+        ldap_filter = "(&(objectClass=user)(cn={0}))";
+        lc_username = true;
+      };
+      storage.filesystem_folder = "/srv/radicale";
+      rights.type = "owner_only";
+      logging.level = "debug";
+    };
+  };
+
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+    locations."/".proxyPass = "http://localhost:5232";
+  };
+}
diff --git a/overlays/patches/default.nix b/overlays/patches/default.nix
index 494f021..431c3fd 100644
--- a/overlays/patches/default.nix
+++ b/overlays/patches/default.nix
@@ -23,4 +23,10 @@ in
   hydra_unstable = addPatches prev.hydra_unstable [ ./hydra-force-allow-import-from-derivation.patch ];
 
   openssh-srv = addPatches prev.openssh [ ./srv-records.patch ];
+
+  pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
+    (pythonFinal: pythonPrev: {
+      ldap3 = addPatches pythonPrev.ldap3 [ ./ldap3.patch ];
+    })
+  ];
 }
diff --git a/secrets/default.nix b/secrets/default.nix
index 18cf7ed..ad9c062 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -58,6 +58,9 @@ in
       (mkIf config.services.authentik.enable {
         inherit (secrets) authentik authentik-ldap;
       })
+      (mkIf config.services.radicale.enable {
+        radicale-ldap = withOwnerGroup "radicale" secrets.radicale-ldap;
+      })
     ];
   };
 }
diff --git a/secrets/radicale-ldap.age b/secrets/radicale-ldap.age
new file mode 100644
index 0000000..09194ee
Binary files /dev/null and b/secrets/radicale-ldap.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 24b8595..a9d032c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -45,4 +45,5 @@ generate [
   "ovpn.age"
   "authentik.age"
   "authentik-ldap.age"
+  "radicale-ldap.age"
 ]