mirror of
https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git
synced 2024-12-27 07:26:22 +01:00
7e84fd4c93
This section contains advanced configuration howtos.
54 lines
1.3 KiB
ReStructuredText
54 lines
1.3 KiB
ReStructuredText
Add Radicale
|
|
============
|
|
|
|
Configuration by @dotlambda
|
|
|
|
Starting with Radicale 3 (first introduced in NixOS 20.09) the traditional
|
|
crypt passwords, as generated by `mkpasswd`, are no longer supported. Instead
|
|
bcrypt passwords have to be used which can be generated using `htpasswd`.
|
|
|
|
.. code:: nix
|
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
mailAccounts = config.mailserver.loginAccounts;
|
|
htpasswd = pkgs.writeText "radicale.users" (concatStrings
|
|
(flip mapAttrsToList mailAccounts (mail: user:
|
|
mail + ":" + user.hashedPassword + "\n"
|
|
))
|
|
);
|
|
|
|
in {
|
|
services.radicale = {
|
|
enable = true;
|
|
config = ''
|
|
[auth]
|
|
type = htpasswd
|
|
htpasswd_filename = ${htpasswd}
|
|
htpasswd_encryption = bcrypt
|
|
'';
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts = {
|
|
"cal.example.com" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:5232/";
|
|
extraConfig = ''
|
|
proxy_set_header X-Script-Name /;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_pass_header Authorization;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
}
|