From a6fe8d37ed2e72efecaff58223c6517e1dcb604c Mon Sep 17 00:00:00 2001
From: Infinidoge <infinidoge@inx.moe>
Date: Wed, 15 Jan 2025 23:26:48 -0500
Subject: [PATCH] Infini-DL360/radicale: init

---
 hosts/Infini-DL360/default.nix  |   1 +
 hosts/Infini-DL360/radicale.nix |  33 ++++++++++++++++++++++++++++++++
 overlays/patches/default.nix    |   6 ++++++
 secrets/default.nix             |   3 +++
 secrets/radicale-ldap.age       | Bin 0 -> 3023 bytes
 secrets/secrets.nix             |   1 +
 6 files changed, 44 insertions(+)
 create mode 100644 hosts/Infini-DL360/radicale.nix
 create mode 100644 secrets/radicale-ldap.age

diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix
index 036ef59..de2b631 100644
--- a/hosts/Infini-DL360/default.nix
+++ b/hosts/Infini-DL360/default.nix
@@ -17,6 +17,7 @@
     ./jellyfin.nix
     ./jupyter.nix
     ./postgresql.nix
+    ./radicale.nix
     ./searx.nix
     ./ssh.nix
     ./thelounge.nix
diff --git a/hosts/Infini-DL360/radicale.nix b/hosts/Infini-DL360/radicale.nix
new file mode 100644
index 0000000..3caba9f
--- /dev/null
+++ b/hosts/Infini-DL360/radicale.nix
@@ -0,0 +1,33 @@
+{ common, secrets, ... }:
+
+let
+  domain = common.subdomain "calendar";
+in
+{
+  services.radicale = {
+    enable = true;
+    settings = {
+      server = {
+        hosts = [
+          "0.0.0.0:5232"
+        ];
+      };
+      auth = {
+        type = "ldap";
+        ldap_uri = "ldap://ldap.inx.moe:389";
+        ldap_base = "dc=ldap,dc=inx,dc=moe";
+        ldap_reader_dn = "cn=radicale,ou=users,DC=ldap,DC=inx,DC=moe";
+        ldap_secret_file = secrets.radicale-ldap;
+        ldap_filter = "(&(objectClass=user)(cn={0}))";
+        lc_username = true;
+      };
+      storage.filesystem_folder = "/srv/radicale";
+      rights.type = "owner_only";
+      logging.level = "debug";
+    };
+  };
+
+  services.nginx.virtualHosts.${domain} = common.nginx.ssl // {
+    locations."/".proxyPass = "http://localhost:5232";
+  };
+}
diff --git a/overlays/patches/default.nix b/overlays/patches/default.nix
index 494f021..431c3fd 100644
--- a/overlays/patches/default.nix
+++ b/overlays/patches/default.nix
@@ -23,4 +23,10 @@ in
   hydra_unstable = addPatches prev.hydra_unstable [ ./hydra-force-allow-import-from-derivation.patch ];
 
   openssh-srv = addPatches prev.openssh [ ./srv-records.patch ];
+
+  pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
+    (pythonFinal: pythonPrev: {
+      ldap3 = addPatches pythonPrev.ldap3 [ ./ldap3.patch ];
+    })
+  ];
 }
diff --git a/secrets/default.nix b/secrets/default.nix
index 18cf7ed..ad9c062 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -58,6 +58,9 @@ in
       (mkIf config.services.authentik.enable {
         inherit (secrets) authentik authentik-ldap;
       })
+      (mkIf config.services.radicale.enable {
+        radicale-ldap = withOwnerGroup "radicale" secrets.radicale-ldap;
+      })
     ];
   };
 }
diff --git a/secrets/radicale-ldap.age b/secrets/radicale-ldap.age
new file mode 100644
index 0000000000000000000000000000000000000000..09194eebda6c3e5b48825213d4053f25367911c4
GIT binary patch
literal 3023
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH4%9b@bX3R=NHebp
zvoOjxjx5efGAj!Aatli_PIdEg2`J9?i%M|~%`PkPNVP1kD(5OQ$_y%W4{$9H3n>W-
zDmKX})wgi<&#KH!@yQMk_H=bME{Q6NN_D9WNk+FVF)}A4Gf=_I)8EM`JlHumKO(!#
zGs&bVA}GZ@-`}m+z0|lO$1u0pF{-rGHL^6<EuG81+|<X^IJYXNFu>1SyTI8y(mS*~
z%GlefG$PC+J0#G}xFXNO(90#sBOTqgOv?&)Z%2g!@9e;&jH0CE$V9)=l*rViWcOV6
zwDi<G4+G0Qv*a+-^2AUxeZ$oJs&uY!qx78gEU&PzsHn1nEX%^&!o;ZDGEb-M@Ki_V
z@Jw%4U$X*zuTlf&NDFk^DpM+o+|w0`GK#V*3iHej{VnqhE4<Q@Gfi?_O|x?JgOhy1
zk_`<k(o0QpTs@pjb3?gIB8>_Hy@D)UeGIhA(uy-Z!z;WEO;bb4jY1raGW<%tBD}SO
z$~_`HLJiPu%P(}&_77CZN^!T;_HoH93<yaNi7@eW_Hs9MDljxpHm)qU$SBPzjBv{-
zFN~<P2({qS*UqS_^b5{Ua;bDobgj%SG_fdg%r^{hE-Oq8uSzuzOA9v1P7JoJFmXh;
zE#1@0FUe6MIm)oi+%MeSxI8~2-_N-;*{vYlHM`t9z{JThtHQ@H&(+%}sVXASqr#V~
zpdh!Xyt2s2DM#PL(%7=dDK$T;)YZeHDBmL~Ju2M0&?7S{$-KZjBRCM<wu~$v{mOC$
zuTqa(?d;$re+xs8%HjY&A3wK9mz1!|Ecb$BpRnZ8<bbq_f~XWrC--bF|AG_~3m;eg
z<ie1wlpuqs;zZ}%)KIh1NS~5G^ThOu!aQ$t{Rkf)gCq>Ud8Qi_6{jnNSA}_2CRdj0
zhvXPK8Jh={6qc7(`Icr?6<7uuSDBfIWIN^gh3Y4#7zA=TxmOzJ2OGGVyQVsM`xtqZ
zy9P#hMui%=>u2O>2kB>9xOy5C_?Tu^q+q1UP?Lbvv~-04^CJE9kTSR2sLZrta|3Pj
z5U(P?sFd6yPv_*!;N(*6MCY>L0PO;cY)7u#<N|M3%fM_Wmr}RP+|uMA18?tif8&f2
zryR@hvVuIvfV{x`@Pe$elx*~n3@*&gi3(ImPAV#L_f0J;_ASeI3Uv3+$nZ*b^DYU?
z&-Mr?Ni7byObW1!GRhBdF*4ywFNw-d4f1qx(hqQTPb*9^3)jyvN;FS*F)Q&5_OtK{
zH+C%WH1ago_s0lH_YkAtl5_<NZ~q+26yJ0oKjU<d$f}A=Gqb3?yd-b^z>4Ig(p2v-
zqbk2h!@S^<@^r3L%cv5AbknlZ$iOT&W1|A2ko0mlZ_7ycR39JLyoeO13|}`>pK@O_
zW6T`j=v!HquHfgCk>{0e=;P;_WSo_i>lp5y?;Mm?US1L8RS{ZLnwOrD<sOyh>Q|JT
z%$1Uo?B<m2UE-o|WDu<Fq3<2&Tj>~_mX?^8n&M>O<mO!LUE$%EmSL2K5pQ9h9$69T
z3dV*Z7RAPuX>LYk1;LIc#d&^}ULJY5<w21p7TzW4*=9v4VM!tBiHVM$TxBU4uHKdD
z9+e&yriBGTp~aq#h7n15?uJ2yX4;l!&OWZ?skuI7m62u`AsOacW?Yr7;E`IE>h4;W
zT3Hch9FZ54W>QgV5aj2S>EWMUX`Wr;Tv48@pY5OLWsp<OWl(79<eVOyW9*Wam0D`x
z;hbA!5>Xmd9+qjDo0j8W<Q8G<k(QWI<ZMxno=S4fz057s74jmyvkfBMOA<3((^G@p
zearnrg9C~a%>&c(Q%k~~%e^DKjPs4N^#gMaxT4A<ebarls|tJ#jSYi*qD)g=j9kr%
z%M;zBf>W|8vVFCavMb99QzP_!(QPvdHV;ouS4cNcigK(p$#Aa7@bsz*i}G_!4k)g2
z@h$Q2^YOI|NXpB~wJde_HY#v0=Sp`fa&>ms_w$Vii_D8E^3u)>&o!*{kEqHGO)1N(
z$}A~NcS|%Y&WTKNMYqk>H$Nb?T)`}=)UU|Psno@(z%eDDBG=T>%OgC|&&<O!(={>0
z(=55%HORlz$J;o}lPfAI$J?#cGuPClDnvieNISC3ydpHy+#=mSA}P_+AkoPs!z0JH
zsw_V}65Y1UswiW(K!u>hQd8}c>?AX%q;#heM}2Sa6#o?0;IgEEia_@gOG|xYe*<Hq
zsGRUnS1u=a_marmY^S0yr&5ce0KfDQOK<;DL!V@q?0~X>vZzeIEKg$t*J48h48K+R
zC0V!xDg<N&x@KuRI;Xi+21k_#d*pk0xF%;Am<I;t7U??{`kPv2MtPKZnFa)#a3!a?
z6lxc_2AYIsq`M|YR(hHGB!}e%<QHXUI8|i$CK}`xWmcqk=X;uC<TrOGBj2b%1ryKG
zz{n_Vuk_UXD9ezvtSXDp^6X@{stE1EJija#?Vzl1W6Ka%-|RqNuH^J$Q_oa0uZY}=
zTsJqbQggSeU>EN^pOWk>r-*_ycY~<V$kM7%vjS5S^pJE*&GF1CSI~B>aE>hUC~yuo
z%dRjm49*Wo4z$ehF3k=0GYK;e$td>E%c(MtD$EbF;Brbe2rx~mEH#O6^YAtD4fZRo
zFgDMQOe{<c&y4ghv2-)f@(3^~P0LQkC?`XL3OusQ6>=Se+>$Eu&3ppWO7inETwN2>
z6McfR%)|9fL(}u!60<`+JtK{SDpHN|xeVRH466eD15C1lg3TR01D$<>vy=VwbIcsw
z3nB~hJq#>@J-sc9GW>%va(9t;K~Pnof~iGzYJjDSTY+JynQ@s<uwjK?fT62#Qc{+8
zUZGoZnn$opnnhSuPD-{fm%g)aMY3CdqHkGts$pJmNT9oWcwUC5g<-g5XnBxPSV}=u
zZg^67sdgfUZ5H}2RfXjWt|6J}xhBp<*?CFH`2qT6Degs;6~U24MnwiWZXS*)E?KTw
zF5wmFZpNWpt_9`3j@p&lt}bQ<KE6)n1(^{kC8k~l&JmVg!JdXmejy?GuHhL)zC{=z
zS>jb$nqICD5b7LMS(RO2l4}^@?wwtp7+FzZlI33-pr4i)6lxTirJoW|Rh}JCUhc|e
z<daot<{1!S7VPX8<y34Q=pK=lVeXlh=x^v87Fy<&6X;b?lHrn-6M#`F=M)5lMwTnM
zg*cT4yF2G-JLVST`S_Ja_#1`=ITdMJBzmXkm>HB67#d{;q?UyF8hCPrn)o~UBpGA{
z=UbX;yGLdjd6xU-WCfOG1ZXFP23vS!I~F+kTAG_A=0|er>gp;O6ghf_R^&v6WCSON
zB|8P=SD7RRL>gx5M`;JU`1@t}n&-MknY)<y=4Ep^&iWQ8admQ+AeUwAKVgoKTipLP
zAMW|F`^Nu!ocf}lWEjFS_pQBJ^Pu2mQtNl-C+h1X)Ma%q`^~fF$`;?0b@*U_W6o85
e@hyBU6F0qXZIANXxBtZ_^>2X^JxlcdJOBU}6W6x@

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 24b8595..a9d032c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -45,4 +45,5 @@ generate [
   "ovpn.age"
   "authentik.age"
   "authentik-ldap.age"
+  "radicale-ldap.age"
 ]