{ config, pkgs, ... }:
let
  radicalePort = 8002;
in
{
  services.radicale = {
    enable = true;
    package = pkgs.radicale3.overrideDerivation (_: {
      #patches = [ ./radicale1249.patch ];
      doCheck = false;
      pytestCheckPhase = "true";
    });
    settings = {
      server = {
        hosts = "127.0.0.1:${toString radicalePort}";
        ssl = false;
      };

      storage = {
        filesystem_folder = "/var/lib/radicale/collections";
      };

      auth = {
        type = "htpasswd";
        htpasswd_filename = "/var/lib/radicale/htpasswd";
        htpasswd_encryption = "bcrypt";
      };

      rights = {
        type = "owner_only";
      };
    };
  };

  security.acme.certs."gebner.org".extraDomainNames = [ "radicale.gebner.org" ];

  services.nginx = {
    recommendedProxySettings = true;
    virtualHosts."radicale.gebner.org" = {
      forceSSL = true;
      useACMEHost = "gebner.org";
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString radicalePort}";
      };
      # Fake nextcloud api:
      # https://gitlab.gnome.org/GNOME/gnome-online-accounts/-/issues/1#note_857357
      extraConfig = ''
        rewrite ^/remote.php/carddav / redirect;
        rewrite ^/remote.php/caldav / redirect;

        location /remote.php/webdav {
                return 200;
        }
      '';
    };
  };

  environment.systemPackages = with pkgs; [ apacheHttpd ];

}