colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
Files
de070bd5d898062a2f5a7e904bfe1091f10106b3
nix-files/hosts/common/programs/radicale.nix

51 lines
2.0 KiB
Nix
Raw Blame History

# radicale is a CalDAV/CardDAV server.
# it receives http queries from calendar or contacts managers
# and translates that into reads/writes of vcard .vcf files in some persisted folder
#
# admin interface: <http://localhost:5232>
# enter username: "colin", password: (empty)
#
# settings: <https://radicale.org/v3.html#configuration>
#
# TODO: this setup allows access to *anything* on the machine with net access;
# but i don't really want e.g. my web browser to know all my personal contacts:
# maybe run this in a net namespace? `JoinsNamespaceOf=evolution` (or vice versa)?
{ config, lib, ... }:
let
cfg = config.sane.programs.radicale;
in
{
sane.programs.radicale = {
# sane.programs.radicale is a sentinel for the nixpkgs' radicale service,
# which is well-sandboxed, and there's no benefit to having it on PATH
packageUnwrapped = null;
};
services.radicale = lib.mkIf cfg.enabled {
enable = true;
settings.storage.type = "multifilesystem_nolock";
settings.storage.use_cache_subfolder_for_history = true; #< requires radicale > 3.3.1
settings.storage.use_cache_subfolder_for_item = true;
settings.storage.use_cache_subfolder_for_synctoken = true;
# settings.storage.filesystem_cache_folder = "/var/lib/radicale/cache";
# settings.storage.filesystem_folder = "/path/to/storage"
# settings.auth.type = "none"; # default: none
};
# TODO: service is considered 'up' too early: we should wait, and notify once the http port is bound/listening
systemd.services.radicale = lib.mkIf cfg.enabled {
serviceConfig.User = lib.mkForce "colin";
# serviceConfig.Group = "users";
serviceConfig.ReadWritePaths = [
"/mnt/persist/private/home/colin/knowledge/social/contacts/db"
];
unitConfig.RequiresMountsFor = [
"/mnt/persist/private/home/colin/knowledge/social/contacts/db"
];
};
sane.fs = lib.optionalAttrs cfg.enabled {
"/var/lib/radicale/collections/collection-root/colin/pkm".symlink.target = "/mnt/persist/private/home/colin/knowledge/social/contacts/db";
};
}
Reference in New Issue View Git Blame Copy Permalink