{ config, pkgs, ... }: let radicalePort = 8002; in { services.radicale = { enable = true; package = pkgs.radicale2; config = '' [server] hosts = 127.0.0.1:${toString radicalePort} ssl = false dns_lookup = false [storage] filesystem_folder = /var/lib/radicale/collections [auth] type = htpasswd htpasswd_filename = /var/lib/radicale/htpasswd [rights] type = owner_only ''; }; security.acme.certs."gebner.org".extraDomainNames = [ "radicale.gebner.org" ]; services.nginx = { recommendedProxySettings = true; virtualHosts."radicale.gebner.org" = { forceSSL = true; useACMEHost = "gebner.org"; locations."/" = { proxyPass = "http://127.0.0.1:${toString radicalePort}"; }; }; }; environment.systemPackages = with pkgs; [ apacheHttpd ]; }