Add Radicale
============

Configuration by @dotlambda

Starting with Radicale 3 (first introduced in NixOS 20.09) the traditional
crypt passwords, as generated by `mkpasswd`, are no longer supported.  Instead
bcrypt passwords have to be used which can be generated using `htpasswd`.

.. code:: nix

   { config, pkgs, lib, ... }:

   with lib;

   let
     mailAccounts = config.mailserver.loginAccounts;
     htpasswd = pkgs.writeText "radicale.users" (concatStrings
       (flip mapAttrsToList mailAccounts (mail: user:
         mail + ":" + user.hashedPassword + "\n"
       ))
     );

   in {
     services.radicale = {
       enable = true;
       config = ''
         [auth]
         type = htpasswd
         htpasswd_filename = ${htpasswd}
         htpasswd_encryption = bcrypt
       '';
     };

     services.nginx = {
       enable = true;
       virtualHosts = {
         "cal.example.com" = {
           forceSSL = true;
           enableACME = true;
           locations."/" = {
             proxyPass = "http://localhost:5232/";
             extraConfig = ''
               proxy_set_header  X-Script-Name /;
               proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
               proxy_pass_header Authorization;
             '';
           };
         };
       };
     };

     networking.firewall.allowedTCPPorts = [ 80 443 ];
   }