{ config, pkgs, ... }: let radicalePort = 8002; in { services.radicale = { enable = true; package = pkgs.radicale2; settings = { server = { hosts = "127.0.0.1:${toString radicalePort}"; ssl = false; dns_lookup = false; }; storage = { filesystem_folder = "/var/lib/radicale/collections"; }; auth = { type = "htpasswd"; htpasswd_filename = "/var/lib/radicale/htpasswd"; }; rights = { type = "owner_only"; }; }; }; security.acme.certs."gebner.org".extraDomainNames = [ "radicale.gebner.org" ]; services.nginx = { recommendedProxySettings = true; virtualHosts."radicale.gebner.org" = { forceSSL = true; useACMEHost = "gebner.org"; locations."/" = { proxyPass = "http://127.0.0.1:${toString radicalePort}"; }; }; }; environment.systemPackages = with pkgs; [ apacheHttpd ]; }