From faa4251d3d088f606ec8a38c36b70aa229ddb916 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Tue, 5 Jan 2021 20:25:16 +0100
Subject: [PATCH] Install dav server on web-2

---
 hosts/web-2/configuration.nix |  2 +-
 hosts/web-2/radicale.nix      | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 hosts/web-2/radicale.nix

diff --git a/hosts/web-2/configuration.nix b/hosts/web-2/configuration.nix
index af57e20..04a1be3 100644
--- a/hosts/web-2/configuration.nix
+++ b/hosts/web-2/configuration.nix
@@ -8,6 +8,7 @@
       ./bubblesort.nix
       ./ip.nix
       ./meow.nix
+      ./radicale.nix
       ./znc.nix
     ];
 
@@ -32,7 +33,6 @@
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-  };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
 
diff --git a/hosts/web-2/radicale.nix b/hosts/web-2/radicale.nix
new file mode 100644
index 0000000..0a9f01e
--- /dev/null
+++ b/hosts/web-2/radicale.nix
@@ -0,0 +1,32 @@
+{ ... }:
+
+{
+  services.radicale = {
+    enable = true;
+    config = ''
+    [server]
+    hosts = 127.0.0.1:61865
+
+    [auth]
+    type = htpasswd
+    htpasswd_filename = /var/src/secrets/radicale/htpasswd
+    htpasswd_encryption = bcrypt
+
+    [storage]
+    filesystem_folder = /var/lib/radicale/collections
+    '';
+  };
+
+  services.nginx.virtualHosts."dav.clerie.de" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:61865";
+      extraConfig = ''
+        proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header  Host $host;
+        proxy_pass_header Authorization;
+      '';
+    };
+  };
+}