nettika/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: nettika:master
Branches Tags
nettika:master
nettika:radicale-sync
nettika:apogee
...
pull from: nettika:radicale-sync
Branches Tags
nettika:master
nettika:radicale-sync
nettika:apogee
Sign in to create a new pull request.

1 commit
master ... radicale-s

Author SHA1 Message Date
Nettika
f1f2043fba WIP 2025-10-15 14:26:28 -07:00
6 changed files with 132 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/astral/default.nix
View file

@ -7,6 +7,7 @@
agenix.nixosModules.default agenix.nixosModules.default
./forgejo.nix ./forgejo.nix
./links.nix ./links.nix
./radicale.nix
./vaultwarden.nix ./vaultwarden.nix
]; ];
@ -35,6 +36,11 @@
services.caddy = { services.caddy = {
enable = true; enable = true;
package = pkgs.caddy.withPlugins {
plugins =
[ "github.com/abiosoft/caddy-exec@v0.0.0-20240914124740-521d8736cb4d" ];
hash = "sha256-ef6/x7wjKk0axjX6MfAzTTwPM2FTOTSSyI9zLLrczV0=";
};
virtualHosts = { virtualHosts = {
"astral.leaf.ninja".extraConfig = '' "astral.leaf.ninja".extraConfig = ''
respond "astral is online" respond "astral is online"

18
hosts/astral/links.nix
View file

@ -22,15 +22,15 @@ let
httpd.serve_forever() httpd.serve_forever()
''; '';
in { in {
systemd.services.links-webhook = { # systemd.services.links-webhook = {
wantedBy = [ "multi-user.target" ]; # wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; # after = [ "network.target" ];
serviceConfig = { # serviceConfig = {
Type = "simple"; # Type = "simple";
ExecStart = "${pkgs.python3}/bin/python3 ${webhookHandler}"; # ExecStart = "${pkgs.python3}/bin/python3 ${webhookHandler}";
Restart = "always"; # Restart = "always";
}; # };
}; # };
services.caddy.virtualHosts.${domain}.extraConfig = '' services.caddy.virtualHosts.${domain}.extraConfig = ''
root * ${root} root * ${root}

100
hosts/astral/radicale.nix Normal file
View file

@ -0,0 +1,100 @@
{ pkgs, config, lib, ... }:
let domain = "radicale.leaf.ninja";
in {
users.users.radicale-sync = {
isSystemUser = true;
group = "radicale-sync";
};
users.groups.radicale-sync = { };
age.secrets = {
radicale-htpasswd = {
file = ./secrets/radicale-htpasswd;
mode = "400";
owner = "radicale";
};
radicale-sync-secrets = {
file = ./secrets/radicale-sync-secrets.fish;
mode = "400";
owner = "radicale-sync";
};
};
services.radicale = {
enable = true;
settings = {
server.hosts = [ "localhost:5232" ];
auth = {
type = "htpasswd";
htpasswd_filename = config.age.secrets.radicale-htpasswd.path;
htpasswd_encryption = "plain";
};
};
rights = {
root = {
user = ".+";
collection = "";
permissions = "R";
};
principal = {
user = ".+";
collection = "{user}";
permissions = "RW";
};
calendars = {
user = ".+";
collection = "{user}/[^/]+";
permissions = "rw";
};
remote = {
user = ".+";
collection = "remote/.+";
permissions = "r";
};
};
};
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy localhost:5232
'';
systemd.timers.radicale-sync = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5min";
OnCalendar = "*-*-* *:0/4:00";
};
};
systemd.services.radicale-sync = let
radicaleUrl = "http://localhost:5232";
remoteCollections = [{
collection = "devhack";
url = "https://devhack.net/calendar.ics";
}];
remoteCollectionsFile = pkgs.writers.writeText "remote-collections"
(lib.concatMapStringsSep "\n"
({ collection, url }: "${collection} ${url}") remoteCollections);
syncScript = pkgs.writers.writeFish "sync.fish" ''
alias curl ${lib.getExe pkgs.curl}
source ${config.age.secrets.radicale-sync-secrets.path}
while read -l name url
set tempfile (mktemp)
curl -sf $url -o $tempfile
curl -sf -u "remote:$password" \
-X PUT "${radicaleUrl}/remote/$name" \
-H 'Content-Type: text/calendar; charset=utf-8' \
--data-binary @$tempfile
echo "Uploaded $name"
end < ${remoteCollectionsFile}
'';
in {
serviceConfig = {
Type = "oneshot";
User = "radicale-sync";
Group = "radicale-sync";
ExecStart = syncScript;
};
};
}

7
hosts/astral/secrets/radicale-htpasswd Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 f+PJrQ iGtaCi4amFijPCydakWm6qo6eYPiRHp5Rrr7TpnRLxo
MiFAmPkU9gDBYdNqGA9CdYike2n780nQ7o8nAZ0GGtE
-> ssh-ed25519 nz/vnw FiTGU3HNakVR1VNVyUPdiu+WhEMf9t/ONBgoQRILExA
TjDSkxA6z1ovqu2mA0G1UY1k29f35HFHDZQWA90XSzM
--- WK1KjkiLaqH1jN3zIgetSHEe5xEddBYjlt3Qu5Z/Bcg
„™æ¤Ï¹%sçlmaæ†á@OÔ§ë> K<ç(<28>š†©CoÕ6ªLÁëÉ (ö_h”ð¶R2ð²ÈŠ"®znp/M¿W}—æÕLòNàe»ª˜%²’ÂC̺•¡7?#jè3—ÒG? Ã<>X{­V%Ym¯æ  lf™Õ

7
hosts/astral/secrets/radicale-sync-secrets.fish Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 f+PJrQ f+4sexgdKNmdc7DQe3h6v8CveCiHN+dLFX0vdMzBOBQ
/nSP3nPNdxKjOUIn0xzH/ht4QC68aMxCLplP8kIeKr4
-> ssh-ed25519 nz/vnw ejIzeXNfCDxPhho7426oR6WQWlJxDprp1j90lgCGnmM
yaq9bU726x5xtHhK7ZQc1Onlg681cSQsSxSCRU/GBAU
--- UT7B9uDmsNJwTLroGj+JQdKbsOHhgSnnlhMru4tY7/M
uKÒ ¿Tiö,®Mß`‚ø“S4<EFBFBD>÷~š™6Ï¿jÓÑçÒ«9­Õï$H0dô¡?ñ<>ÒpƒXV%ÙIËJؘ "Ò¾dËùâÓWO¹ÓÄ

3
secrets.nix
View file

@ -13,4 +13,7 @@ in {
"hosts/astral/secrets/vaultwarden-env.age".publicKeys = [ marauder astral ]; "hosts/astral/secrets/vaultwarden-env.age".publicKeys = [ marauder astral ];
"hosts/astral/secrets/forgejo-mailer-password.age".publicKeys = "hosts/astral/secrets/forgejo-mailer-password.age".publicKeys =
[ marauder astral ]; [ marauder astral ];
"hosts/astral/secrets/radicale-htpasswd".publicKeys = [ marauder astral ];
"hosts/astral/secrets/radicale-sync-secrets.fish".publicKeys =
[ marauder astral ];
} }