{ config, pkgs, ... }:
let
  radicalePort = 8002;
in
{
  services.radicale = {
    enable = true;
    package = pkgs.radicale2;
    config = ''
      [server]
      hosts = 127.0.0.1:${toString radicalePort}
      ssl = false
      dns_lookup = false

      [storage]
      filesystem_folder = /var/lib/radicale/collections

      [auth]
      type = htpasswd
      htpasswd_filename = /var/lib/radicale/htpasswd

      [rights]
      type = owner_only
    '';
  };

  security.acme.certs."gebner.org".extraDomains."radicale.gebner.org" = null;

  services.nginx = {
    recommendedProxySettings = true;
    virtualHosts."radicale.gebner.org" = {
      forceSSL = true;
      useACMEHost = "gebner.org";
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString radicalePort}";
      };
    };
  };

  environment.systemPackages = with pkgs; [ apacheHttpd ];

}