diff --git a/hosts/astral/default.nix b/hosts/astral/default.nix index cc03584..3ad498a 100644 --- a/hosts/astral/default.nix +++ b/hosts/astral/default.nix @@ -7,6 +7,7 @@ agenix.nixosModules.default ./forgejo.nix ./links.nix + ./radicale.nix ./vaultwarden.nix ]; diff --git a/hosts/astral/radicale.nix b/hosts/astral/radicale.nix new file mode 100644 index 0000000..68d3c08 --- /dev/null +++ b/hosts/astral/radicale.nix @@ -0,0 +1,25 @@ +{ config, ... }: +let domain = "radicale.leaf.ninja"; +in { + age.secrets.radicale-htpasswd = { + file = ./secrets/radicale-htpasswd; + mode = "400"; + owner = "radicale"; + }; + + services.radicale = { + enable = true; + settings = { + server.hosts = [ "localhost:5232" ]; + auth = { + type = "htpasswd"; + htpasswd_filename = config.age.secrets.radicale-htpasswd.path; + htpasswd_encryption = "plain"; + }; + }; + }; + + services.caddy.virtualHosts.${domain}.extraConfig = '' + reverse_proxy localhost:5232 + ''; +} diff --git a/hosts/astral/secrets/radicale-htpasswd b/hosts/astral/secrets/radicale-htpasswd new file mode 100644 index 0000000..36c140f --- /dev/null +++ b/hosts/astral/secrets/radicale-htpasswd @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 f+PJrQ pKqLrqz0R7kAzNQZ3ChRsoWa63JEN2H2KHtGguF5nSc +6Mk1qDWKx26jPdEzaVMh0vgUeVWjAGcmIPpvSU8BFNE +-> ssh-ed25519 nz/vnw 0PuVNQ97Qa6iCk4pPf34lgS1aPb4CeDB4Qclk5F24T4 +OwJOYMTlTY9+Pj/BwG09z4q2/QViii710Kh3xPU5FRA +--- mSdutlC3gFq8lDjeOGqi361i+DUI1Yg6Bpl7hCfznJA +tQ/rNeKeѥ~ן{_o +y_ܭ}ûP*W5F.ECZ#; +liԧ*]yT \ No newline at end of file diff --git a/secrets.nix b/secrets.nix index 58ceb27..33a040c 100644 --- a/secrets.nix +++ b/secrets.nix @@ -13,4 +13,5 @@ in { "hosts/astral/secrets/vaultwarden-env.age".publicKeys = [ marauder astral ]; "hosts/astral/secrets/forgejo-mailer-password.age".publicKeys = [ marauder astral ]; + "hosts/astral/secrets/radicale-htpasswd".publicKeys = [ marauder astral ]; }