diff --git a/configuration.nix b/configuration.nix
index a2aab43..eacb613 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,4 +1,4 @@
-{ pkgs, inputs, lib, host, ... }:
+{ pkgs, inputs, host, ... }:
 {
   imports = ([
     inputs.sops-nix.nixosModules.sops
@@ -43,6 +43,7 @@
     ./system-modules/postgres.nix
     ./system-modules/nx2site/proxy.nix
     ./system-modules/nx2site/gitea.nix
+    ./system-modules/nx2site/radicale.nix
     # ./system-modules/nx2site/nextcloud.nix
     ./system-modules/nx2site/vaultwarden.nix
     ./system-modules/nx2site/paperless.nix
diff --git a/system-modules/nx2site/proxy.nix b/system-modules/nx2site/proxy.nix
index 4294dac..d961d1e 100644
--- a/system-modules/nx2site/proxy.nix
+++ b/system-modules/nx2site/proxy.nix
@@ -136,6 +136,10 @@
         listen = dl;
         locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; }; 
       };
+      "dav.${domain}" = lib.mkIf config.services.radicale.enable (vh // {
+        listen = dl;
+        locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; }; 
+      });
       "nc.${domain}" = vh // {
         # directly to nc 
       };
diff --git a/system-modules/nx2site/radicale.nix b/system-modules/nx2site/radicale.nix
index 811708d..65619f5 100644
--- a/system-modules/nx2site/radicale.nix
+++ b/system-modules/nx2site/radicale.nix
@@ -1,18 +1,28 @@
 { config, domain, ... }:
 {
   sops.secrets = { 
-    "nx2site/radicale-htpasswd" = {};
+    "nx2site/radicale-htpasswd" = {
+      owner = "radicale";
+    };
   };
 
   services = {
     radicale = {
-      server.hosts = let 
-        port = builtins.toString 5232;
-      in [ "192.168.178.32:${port}" ];
-      auth = {
-        type = "htpasswd";
-        htpasswd_filename = config.sops.secrets."nx2site/radicale-htpasswd".path;
-        htpasswd_encryption = "bcrypt";
+      # is run by user radicale
+      enable = true;
+      settings = {
+        server.hosts = let 
+          port = builtins.toString 5232;
+        in [ 
+          "0.0.0.0:${port}"
+          "${domain}:${port}"
+          # "192.168.178.32:${port}"
+        ];
+        auth = {
+          type = "htpasswd";
+          htpasswd_filename = config.sops.secrets."nx2site/radicale-htpasswd".path;
+          htpasswd_encryption = "bcrypt";
+        };
       };
     };
   };
diff --git a/system-modules/users.nix b/system-modules/users.nix
index aae4f8a..608c20d 100755
--- a/system-modules/users.nix
+++ b/system-modules/users.nix
@@ -20,6 +20,7 @@
       "nginx" 
       "adbusers" 
       "postgres"
+      "radicale"
       "nextcloud"
     ];
     useDefaultShell = true;