55 lines
1.4 KiB
ReStructuredText
55 lines
1.4 KiB
ReStructuredText
Add Radicale
|
|
============
|
|
|
|
Configuration by @dotlambda
|
|
|
|
Starting with Radicale 3 (first introduced in NixOS 20.09) the traditional
|
|
crypt passwords are no longer supported. Instead bcrypt passwords
|
|
have to be used. These can still be generated using `mkpasswd -m bcrypt`.
|
|
|
|
.. code:: nix
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
mailAccounts = config.mailserver.loginAccounts;
|
|
htpasswd = pkgs.writeText "radicale.users" (concatStrings
|
|
(flip mapAttrsToList mailAccounts (mail: user:
|
|
mail + ":" + user.hashedPassword + "\n"
|
|
))
|
|
);
|
|
|
|
in {
|
|
services.radicale = {
|
|
enable = true;
|
|
settings = {
|
|
auth = {
|
|
type = "htpasswd";
|
|
htpasswd_filename = "${htpasswd}";
|
|
htpasswd_encryption = "bcrypt";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts = {
|
|
"cal.example.com" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:5232/";
|
|
extraConfig = ''
|
|
proxy_set_header X-Script-Name /;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_pass_header Authorization;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
}
|