Merge branch 'master' of ssh://ssh.nx2.site:50022/nx2/dotfiles

2025-01-19 22:09:08 +01:00
parent 9612646c55 94559de7ae
commit 5e34285db2
12 changed files with 236 additions and 123 deletions
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,4 +1,4 @@
-{ pkgs, inputs, lib, host, ... }:
+{ pkgs, inputs, host, ... }:
 {
  imports = ([
    inputs.sops-nix.nixosModules.sops
@@ -44,6 +44,8 @@
    ./system-modules/postgres.nix
    ./system-modules/nx2site/proxy.nix
    ./system-modules/nx2site/gitea.nix
+    ./system-modules/nx2site/radicale.nix
+    # ./system-modules/nx2site/nextcloud.nix
    ./system-modules/nx2site/vaultwarden.nix
    ./system-modules/nx2site/paperless.nix
  ] else []);
--- a/flake.lock
+++ b/flake.lock
@@ -140,11 +140,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1733312601,
-        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "lastModified": 1735774679,
+        "narHash": "sha256-soePLBazJk0qQdDVhdbM98vYdssfs3WFedcq+raipRI=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "rev": "f2f7418ce0ab4a5309a4596161d154cfc877af66",
        "type": "github"
      },
      "original": {
@@ -279,11 +279,11 @@
        "zig": "zig"
      },
      "locked": {
-        "lastModified": 1735271978,
-        "narHash": "sha256-y6Ony5eq4F4E76Y2ZhALSEzBZ4GbGRVQIEScPieCDGI=",
+        "lastModified": 1735943291,
+        "narHash": "sha256-igXLrO0AtN7+k7VaR5zaHaPhDcS3go5NZr4liVqW9g4=",
        "owner": "ghostty-org",
        "repo": "ghostty",
-        "rev": "a8e5eef11cc67f87f445626f9ca2993373774bf8",
+        "rev": "1baf8928a0bd6ccc2f49e1e9478baab71d49a018",
        "type": "github"
      },
      "original": {
@@ -365,11 +365,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1734366194,
-        "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=",
+        "lastModified": 1735344290,
+        "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f",
+        "rev": "613691f285dad87694c2ba1c9e6298d04736292d",
        "type": "github"
      },
      "original": {
@@ -453,11 +453,11 @@
        "xdph": "xdph"
      },
      "locked": {
-        "lastModified": 1735209119,
-        "narHash": "sha256-4KfccQtaeiu1A4Ck9XFKc+vzLWCs8HneLwE2YQT5ybc=",
+        "lastModified": 1735946701,
+        "narHash": "sha256-MpFsLND0kN2KQTulDXQCYZC1j2h6wWMJdq6SQ5riJ5M=",
        "ref": "refs/heads/main",
-        "rev": "e75e2cdac79417ffdbbbe903f72668953483a4e7",
-        "revCount": 5589,
+        "rev": "60f069d54015fec66e63f1ff7e6ff26ddb349976",
+        "revCount": 5625,
        "submodules": true,
        "type": "git",
        "url": "https://github.com/hyprwm/Hyprland"
@@ -485,11 +485,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1735295819,
-        "narHash": "sha256-iHDDF1kj+wX7fHGTgKaM6rli6+O8mVFNmpypo+SgnNs=",
+        "lastModified": 1735838245,
+        "narHash": "sha256-dA2s+KFo6+TmYtQoXWfxQ8XukN6JQ0I0VoraG9zD7/I=",
        "owner": "hyprwm",
        "repo": "hyprland-plugins",
-        "rev": "a41bcdccac7d3fe220b3a8519633f0a812da3439",
+        "rev": "920af33577a889772e96a067130252df5674ca8a",
        "type": "github"
      },
      "original": {
@@ -510,11 +510,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1728345020,
-        "narHash": "sha256-xGbkc7U/Roe0/Cv3iKlzijIaFBNguasI31ynL2IlEoM=",
+        "lastModified": 1735734474,
+        "narHash": "sha256-9OV4lOqrEJVLdOrpNN/9msNwAhI6FQTu4N7fufilG08=",
        "owner": "hyprwm",
        "repo": "hyprland-protocols",
-        "rev": "a7c183800e74f337753de186522b9017a07a8cee",
+        "rev": "271df559dd30e4bc5ec6af02d017ac0aaabd63a7",
        "type": "github"
      },
      "original": {
@@ -587,11 +587,11 @@
        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
-        "lastModified": 1732716575,
-        "narHash": "sha256-OvFJCj52HuXxRrcCXrieIoiOzbeYFvDXNO8SndFiyAE=",
+        "lastModified": 1735862179,
+        "narHash": "sha256-s0Sr9t2Mu7tV1+nWm/I0BarfAwgMdtSelMXE0UHhfZw=",
        "owner": "h3rmt",
        "repo": "hyprswitch",
-        "rev": "2b77dbcb422123dfce9bb82d698649e9757f35e0",
+        "rev": "0afa2f8e8295952942ae7259c8bc5830befe9dc6",
        "type": "github"
      },
      "original": {
@@ -613,11 +613,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1734796073,
-        "narHash": "sha256-TnuKsa8OHrSJEmHm3TLGOWbPNA1gRjmZLsRzKrCqOsg=",
+        "lastModified": 1735316583,
+        "narHash": "sha256-AiiUwHWHfEdpFzXy7l1x3zInCUa1xcRMrbZ1XRSkzwU=",
        "owner": "hyprwm",
        "repo": "hyprutils",
-        "rev": "c3331116ebd0b71df5ae8c6efe9a7f94148b03bf",
+        "rev": "8f15d45b120b33712f6db477fe5ffb18034d0ea8",
        "type": "github"
      },
      "original": {
@@ -678,11 +678,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1734649271,
-        "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
+        "lastModified": 1735291276,
+        "narHash": "sha256-NYVcA06+blsLG6wpAbSPTCyLvxD/92Hy4vlY9WxFI1M=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507",
+        "rev": "634fd46801442d760e09493a794c4f15db2d0cbb",
        "type": "github"
      },
      "original": {
@@ -694,11 +694,11 @@
    },
    "nixpkgs-latest": {
      "locked": {
-        "lastModified": 1735297674,
-        "narHash": "sha256-yhczVSNtAqhqXt98OEqhMESBUI5nxhXGv5OvEehIuGE=",
+        "lastModified": 1735994357,
+        "narHash": "sha256-I41lP5N2rrROxlJ5hlv8LR8TpcvZ9P7LfzBGNZSKGpc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "8d86075fcb37f3bac822923a5adc63e3f6bdfb70",
+        "rev": "a8f36e39dcd9ac6f76c9ca5a9856401fd322d464",
        "type": "github"
      },
      "original": {
@@ -710,14 +710,14 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1733096140,
-        "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
+        "lastModified": 1735774519,
+        "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
      },
      "original": {
        "type": "tarball",
-        "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
      }
    },
    "nixpkgs-stable": {
@@ -786,11 +786,11 @@
    },
    "nixpkgs-unstable_2": {
      "locked": {
-        "lastModified": 1734649271,
-        "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=",
+        "lastModified": 1735834308,
+        "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507",
+        "rev": "6df24922a1400241dae323af55f30e4318a6ca65",
        "type": "github"
      },
      "original": {
@@ -801,11 +801,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1711588226,
-        "narHash": "sha256-nd7goEu+nH/WZ/uCxvbWzSYqzZZn25kWTeKfANOhCjU=",
+        "lastModified": 1735831304,
+        "narHash": "sha256-92A/Zr8UzZzlFYmkgO3HAgX/Cr53eodgNyvJA+Ibkz0=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "7232f19f7fb710e3554cafaa9d8e93cff8273b59",
+        "rev": "0725951bfc4bbc2efff3a537837ca13159b4aec9",
        "type": "github"
      },
      "original": {
@@ -832,11 +832,11 @@
    },
    "nixpkgs_4": {
      "locked": {
-        "lastModified": 1735141468,
-        "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
+        "lastModified": 1735922141,
+        "narHash": "sha256-vk0xwGZSlvZ/596yxOtsk4gxsIx2VemzdjiU8zhjgWw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
+        "rev": "d29ab98cd4a70a387b8ceea3e930b3340d41ac5a",
        "type": "github"
      },
      "original": {
@@ -1003,11 +1003,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1734546875,
-        "narHash": "sha256-6OvJbqQ6qPpNw3CA+W8Myo5aaLhIJY/nNFDk3zMXLfM=",
+        "lastModified": 1735844895,
+        "narHash": "sha256-CIRlqX9tBK2awJkmVu2cKuap/0QziDXStQZ/u/+e8Z4=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "ed091321f4dd88afc28b5b4456e0a15bd8374b4d",
+        "rev": "24d89184adf76d7ccc99e659dc5f3838efb5ee32",
        "type": "github"
      },
      "original": {
@@ -1154,11 +1154,11 @@
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
-        "lastModified": 1735141702,
-        "narHash": "sha256-iJ/my2mra0Ze4SegMoD+vJuKv1ikZiKTygA32/Qof9I=",
+        "lastModified": 1735863514,
+        "narHash": "sha256-9aoPsRhJ6Db2khf/wf+AlR+J1dlWLg5sFNMv3k5NPmg=",
        "owner": "sxyazi",
        "repo": "yazi",
-        "rev": "d754ac5dac10e7ad38243552711828ab1e9f25f4",
+        "rev": "7d993c1517cfeffa6938e8056431e235f2dee186",
        "type": "github"
      },
      "original": {
@@ -1178,11 +1178,11 @@
        "systems": "systems_6"
      },
      "locked": {
-        "lastModified": 1734294375,
-        "narHash": "sha256-Q9EyfyeNCVKObybaevMydHzoR3v1gARqVkwFKHKTH84=",
+        "lastModified": 1735511552,
+        "narHash": "sha256-SCa+e+Iw923KmC7UJR/v61GMfTILucgCpjxbsbjGBNg=",
        "owner": "lordkekz",
        "repo": "nix-yazi-plugins",
-        "rev": "5c42e2a33030c29801681102e89c8dc813e810aa",
+        "rev": "505536399cab575b3baa6cfb7bba39edfd38bf5d",
        "type": "github"
      },
      "original": {
--- a/home-modules/calendar.nix
+++ b/home-modules/calendar.nix
@@ -1,81 +1,98 @@
-{ config, lib, user, secrets, domain, ... }: let 
+{ pkgs, lib, user, secrets, domain, ... }: let 
  calendars = [
    {
      name = "Preservation";
      primary = true;
-      url = "https://dav.${domain}/nx2/preservation/";
+      url = "https://dav.${domain}/${user}/preservation/";
      color = "#dddddd";
    }
    {
      name = "Effort";
-      primary = false;
-      url = "https://dav.${domain}/nx2/effort/";
+      url = "https://dav.${domain}/${user}/effort/";
      color = "#dd2222";
    }
    {
      name = "Experience";
-      primary = false;
-      url = "https://dav.${domain}/nx2/experience/";
+      url = "https://dav.${domain}/${user}/experience/";
      color = "#2222dd";
    }
    {
      name = "Exposure";
-      primary = false;
-      url = "https://dav.${domain}/nx2/exposure/";
+      url = "https://dav.${domain}/${user}/exposure/";
      color = "#22aa22";
    }
    {
      name = "Engagement";
-      primary = false;
-      url = "https://dav.${domain}/nx2/engagement/";
+      url = "https://dav.${domain}/${user}/engagement/";
      color = "#8800CC";
    }
+    {
+      name = "Sleep as Android";
+      url = secrets.calendar.sleep-as-android-url;
+      color = "#111111";
+      read-only = true;
+      type = "ics";
+    }
+    {
+      name = "LEC";
+      url = "https://zlypher.github.io/lol-events/cal/league-of-legends-lec.ical";
+      color = "#A87000";
+      read-only = true;
+      type = "ics";
+    }
+    {
+      name = "Handball Männer";
+      url = "http://i.cal.to/ical/108/dhb/handball-nationalmannschaft/c687e97f.bc7c3eb6-11a0e356.ics";
+      color = "#880023";
+      read-only = true;
+      type = "ics";
+    }
  ];
+  default_set = {
+    # name = 
+    # url =
+    color = "#777777";
+    read-only = false;
+    primary = false;
+    type = "caldav";
+  };
 in {
+
+  home.packages = with pkgs; [
+    gnome-calendar
+    thunderbird
+  ];
+
  accounts.calendar.accounts = let
-    makeCalendar = url: primary: color: {
+    transform_caledar_set = calendar_set: with calendar_set; { # transform set for accounts.calendar.accounts endpoint
      inherit primary;
      remote = {
-        type = "caldav";
-        userName = user;
-        inherit url;
+        inherit url name;
+        userName = user; # my globally set username
      };
    };
-    m = cc: lib.attrsets.mergeAttrsList ( map (c: { "${c.name}" = makeCalendar c.url c.primary c.color;}) cc );
-  in m calendars;
-
-
-  # TODO: Replace this once https://github.com/nix-community/home-manager/pull/5484 is merged.
-  # Make sure it works, though, including the order of calendars.
-  programs.thunderbird.settings = let
-
-    makeThunderbirdCalendar = cal: let
-      calendarAccountSafeName = (builtins.replaceStrings ["."] ["-"]) cal.name;
-    in {
-      "calendar.registry.${calendarAccountSafeName}.cache.enabled" = true;
-      "calendar.registry.${calendarAccountSafeName}.calendar-main-default" = cal.primary;
-      "calendar.registry.${calendarAccountSafeName}.calendar-main-in-composite" = true;
-      "calendar.registry.${calendarAccountSafeName}.color" = cal.color;
-      "calendar.registry.${calendarAccountSafeName}.name" = cal.name;
-      "calendar.registry.${calendarAccountSafeName}.type" = "caldav";
-      "calendar.registry.${calendarAccountSafeName}.uri" = config.accounts.calendar.accounts.${cal.name}.remote.url;
-      "calendar.registry.${calendarAccountSafeName}.username" = config.accounts.calendar.accounts.${cal.name}.remote.userName;
-    };
  in lib.attrsets.mergeAttrsList (
-    map (cal: makeThunderbirdCalendar cal) calendars
+    map (calendar: { 
+      "${calendar.name}" = transform_caledar_set ( default_set // calendar );
+    }) calendars
+  );
+
+  programs.thunderbird.settings = let
+    to_safe_name = name: (builtins.replaceStrings ["."] ["-"]) name;
+  in (lib.attrsets.mergeAttrsList (
+    map (calendar: with ( default_set // calendar ); {
+      "calendar.registry.${to_safe_name calendar.name}.cache.enabled" = true;
+      "calendar.registry.${to_safe_name calendar.name}.calendar-main-default" = primary;
+      "calendar.registry.${to_safe_name calendar.name}.calendar-main-in-composite" = true;
+      "calendar.registry.${to_safe_name calendar.name}.color" = color;
+      "calendar.registry.${to_safe_name calendar.name}.name" = name;
+      "calendar.registry.${to_safe_name calendar.name}.type" = type;
+      "calendar.registry.${to_safe_name calendar.name}.uri" = url;
+      "calendar.registry.${to_safe_name calendar.name}.username" = user;
+      "calendar.registry.${to_safe_name calendar.name}.readOnly" = read-only;
+    }) calendars
  ) // {
-
-    "calendar.registry.sleep-as-android.cache.enabled" = true;
-    "calendar.registry.sleep-as-android.calendar-main-in-composite" = true;
-    "calendar.registry.sleep-as-android.color" = "#222233";
-    "calendar.registry.sleep-as-android.name" = "Sleep As Android";
-    "calendar.registry.sleep-as-android.type" = "ics";
-    "calendar.registry.sleep-as-android.readOnly" = true;
-    "calendar.registry.sleep-as-android.uri" = secrets.calendar.sleep-as-android-url;
-  
-    "calendar.list.sortOrder" = lib.fold (cal: acc: cal.name + " " + acc) "" calendars;
-
-    # Keep these after removing the above.
+    "calendar.list.sortOrder" = lib.fold (calendar: acc: calendar.name + " " + acc) "" calendars;
    "calendar.week.start" = 1;
-  };
+  });
 }
--- a/home-modules/email.nix
+++ b/home-modules/email.nix
@@ -5,7 +5,6 @@ lib.mkIf (host != "NxACE")
    thunderbird
  ];

-
  programs.thunderbird = let
    inherit (lib.generators) toJSON;
    extensions = toJSON {} {
@@ -41,14 +40,50 @@ lib.mkIf (host != "NxACE")
          "mailnews.headers.showUserAgent" = true;
          "toolkit.legacyUserProfileCustomizations.stylesheets" = true;         
        };
-        # userChrome = with rice.color; /* css */ ''
-        #   * {
-        #     color: ${foreground} !important;
-        #     background-color: rgba(${rice.lib.hex-to-rgb-comma-string background},${builtins.toString 0.1}) !important;
-        #     border: none !important;
-        #     -moz-appearance: none !important;
-        #   }
-        # '';
+        userChrome = with rice.color; /* css */ ''
+          body,
+          #navigation-toolbox,
+          #calendarContent,
+          #calSidebar,
+          #tabpanelcontainer,
+          #spacesToolbar,
+          #tabs-toolbar,
+          #calMinimonth,
+          #primaryButtonSidePanel *,
+          .minimonth-week,
+          .multiday-header-corner, .day-column-heading, calendar-header-container, calendar-event-column, .multiday-hour-box,
+          #view-box,
+          #tabs-toolbar,
+          #status-bar,
+          .calview-toggle,
+          #calview-toggle-item,
+          #folderPaneHeaderBar,
+          #folderPane,
+          #threadPaneHeaderBar,
+          #threadTree,
+          #tabs-toolbar {
+            color: ${foreground} !important;
+            font-family: ${rice.font.base.name} !important;
+            background-color: transparent !important;
+            background-image: none !important;
+            border: none !important;
+            -moz-appearance: none !important;
+          }
+          .minimonth-nav-section {
+            background-color: rgba(${rice.lib.hex-to-rgb-comma-string background},${builtins.toString rice.transparency}) !important;
+            border: ${builtins.toString rice.border-width}px solid ${border};
+          }
+          .button,
+          .button-primary,
+          .tab-content[selected] {
+            background-color: ${accent.base}; 
+            color: ${background};
+            background-image: none; 
+          }
+          html {
+            background-color: rgba(${rice.lib.hex-to-rgb-comma-string background},${builtins.toString rice.transparency}) !important;
+          }
+        '';
      }; 
    }; 
  };
--- a/sops-secrets.yaml
+++ b/sops-secrets.yaml
--- a/system-modules/boot.nix
+++ b/system-modules/boot.nix
@@ -118,6 +118,7 @@ in
          efiSupport = true;
        };
      };
+      kernelPackages = pkgs-unstable.linuxPackages_6_11;
    };
  };
 }
--- a/system-modules/calendar.nix
+++ b/system-modules/calendar.nix
@@ -0,0 +1,5 @@
+{ ... }:
+{
+  programs.dconf.enable = true;
+  services.gnome.evolution-data-server.enable = true;
+}
--- a/system-modules/nx2site/nextcloud.nix
+++ b/system-modules/nx2site/nextcloud.nix
@@ -0,0 +1,26 @@
+{ config, domain, ... }:
+{
+  sops.secrets = { 
+    "nx2site/nextcloud/admin-pass" = { owner = "nextcloud"; };
+    "nx2site/nextcloud/db-pass" = { owner = "nextcloud"; };
+    # "nx2site/nextcloud/users-pass/nx2" = { owner = "nextcloud"; };
+  };
+
+  services = {
+    nextcloud = {
+      enable = true;
+      hostName = "nc.${domain}";
+      https = true;
+      configureRedis = true;
+      config = {
+        adminpassFile = config.sops.secrets."nx2site/nextcloud/admin-pass".path;
+        adminuser = "nx2";
+
+        dbtype = "pgsql";
+        # dbhost = config.services.postgresql.settings.port; # using usix socket
+        dbname = "nextcloud";
+        dbpassFile = config.sops.secrets."nx2site/nextcloud/db-pass".path;
+      };
+    };
+  };
+}
--- a/system-modules/nx2site/proxy.nix
+++ b/system-modules/nx2site/proxy.nix
@@ -136,6 +136,13 @@
        listen = dl;
        locations = { "/" = { proxyPass = "http://127.0.0.1:8441"; }; }; 
      };
+      "dav.${domain}" = lib.mkIf config.services.radicale.enable (vh // {
+        listen = dl;
+        locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; }; 
+      });
+      "nc.${domain}" = vh // {
+        # directly to nc 
+      };
      "~^(.*).${domain}$" = {
        listen = dl;
        root = "/var/nginx/webroot";
--- a/system-modules/nx2site/radicale.nix
+++ b/system-modules/nx2site/radicale.nix
@@ -1,14 +1,23 @@
 { config, domain, ... }:
 {
  sops.secrets = { 
-    "nx2site/radicale-htpasswd" = {};
+    "nx2site/radicale-htpasswd" = {
+      owner = "radicale";
+    };
  };

  services = {
    radicale = {
+      # is run by user radicale
+      enable = true;
+      settings = {
        server.hosts = let 
          port = builtins.toString 5232;
-      in [ "192.168.178.32:${port}" ];
+        in [ 
+          "0.0.0.0:${port}"
+          "${domain}:${port}"
+          # "192.168.178.32:${port}"
+        ];
        auth = {
          type = "htpasswd";
          htpasswd_filename = config.sops.secrets."nx2site/radicale-htpasswd".path;
@@ -16,4 +25,5 @@
        };
      };
    };
+  };
 }
--- a/system-modules/postgres.nix
+++ b/system-modules/postgres.nix
@@ -26,6 +26,7 @@
 			ensureDatabases = [
 				"gitea"
 				"vaultwarden"
+				"nextcloud"
 			];
 			settings = {
 				port = 5432; # default
@@ -44,6 +45,10 @@
 					name = "vaultwarden";
 					ensureDBOwnership = true;
 				}
+				{
+					name = "nextcloud";
+					ensureDBOwnership = true;
+				}
 			];
 		};
 		postgresqlBackup = {
--- a/system-modules/users.nix
+++ b/system-modules/users.nix
@@ -22,6 +22,8 @@
      "nginx" 
      "adbusers" 
      "postgres"
+      "radicale"
+      "nextcloud"
    ];
    useDefaultShell = true;
    openssh.authorizedKeys.keys = [