universe/hosts/Infini-DL360/radicale.nix

{ common, secrets, ... }:

let
  domain = common.subdomain "calendar";
in
{
  services.radicale = {
    enable = true;
    settings = {
      server = {
        hosts = [
          "0.0.0.0:5232"
        ];
      };
      auth = {
        type = "ldap";
        ldap_uri = "ldap://ldap.inx.moe:389";
        ldap_base = "dc=ldap,dc=inx,dc=moe";
        ldap_reader_dn = "cn=radicale,ou=users,DC=ldap,DC=inx,DC=moe";
        ldap_secret_file = secrets.radicale-ldap;
        ldap_filter = "(&(objectClass=user)(cn={0}))";
        lc_username = true;
      };
      storage.filesystem_folder = "/srv/radicale";
      rights.type = "owner_only";
      logging.level = "debug";
    };
  };

  services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
    locations."/".proxyPass = "http://localhost:5232";
  };
}