nxcaldav

2026-04-24 19:58:21 +02:00
parent 5cc13c9b9a
commit 9ccabedbb2
12 changed files with 376 additions and 32 deletions
--- a/system-modules/nx2site/proxy.nix
+++ b/system-modules/nx2site/proxy.nix
@@ -1,5 +1,4 @@
-{ pkgs, ...}@all: with all;
-{
+{ pkgs, ...}@all: with all; {
  sops.secrets = {
    "nx2site/sslCertificate.pem" = { owner = config.services.nginx.user; };
    "nx2site/sslCertificateKey.pem" = { owner = config.services.nginx.user; };
@@ -14,19 +13,25 @@
    };
    certs = {
      "${hyper.domain}" = {
-        extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [ "sync" ];
+        extraDomainNames = builtins.map (subd: "${subd}.${hyper.domain}") [
+          "sync"
+          "mail"
+        ];
      };
    };
  };
-  users.users."nginx" = {
-    extraGroups = [ "nginx" "acme" "copyparty" ];
-    useDefaultShell = false;
-    linger = true;
-    home = "/var/nginx/";
-    homeMode = "770";
-    createHome = true;
-    isSystemUser = true;
-    isNormalUser = false;
+  users.users = {
+    "nginx" = {
+      extraGroups = [ "nginx" "acme" "copyparty" ];
+      useDefaultShell = false;
+      linger = true;
+      home = "/var/nginx/";
+      homeMode = "770";
+      createHome = true;
+      isSystemUser = true;
+      isNormalUser = false;
+    };
+    "acme".extraGroups = [ "nginx" "acme" "hugo" ];
  };
  systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
 	services.nginx = let 
@@ -101,8 +106,16 @@
          "~ ^(/gpg)$".return                       = "301 /cards/gpg";
          "~ ^(/contact)$".return                   = "301 /cards/contact";
          "~ ^(/ba)$".return                        = "301 /BA.pdf";
+          "~ ^(/schedule)$".return                  = "301 https://owc.${hyper.domain}/calendar.html?specification_url=https://${hyper.domain}/owc-schedule.json?";
        }; 
      }; 
+      "mail.${hyper.domain}" = {
+        listen = [
+          { addr = "0.0.0.0"; port = 80; }
+          { addr = "[::0]"; port = 80; }
+        ];
+        locations."/.well-known/acme-challenge".root = "/var/lib/acme/acme-challenge";
+      };
      "matrix.${hyper.domain}" = {
        listen = dl;
        locations."~.*".return = "502";
@@ -156,7 +169,7 @@
        listen = dl;
        locations = { "/" = { proxyPass = "http://127.0.0.1:5232"; }; }; 
      });
-      "nxc.${hyper.domain}" = lib.mkIf config.services.radicale.enable (vh // {
+      "nxc.${hyper.domain}" = (vh // {
        listen = dl;
        locations = { "/" = { proxyPass = "http://127.0.0.1:14243"; }; }; 
      });