From a95231a35106193a68d29a48e5dc23999232af9f Mon Sep 17 00:00:00 2001
From: Ben Sima <ben@bsima.me>
Date: Fri, 21 Mar 2025 23:34:31 -0400
Subject: Factor out radicale and fix shared calendar

Having this in its own file makes it easier to work on. Then I was able to
figure out (with lots of debugging and trial+error with Claude) the actual
permissions settings that result in a shared calendar. It's very fiddly because
it is matching on usernames and directories using regex, and I think it's
order-dependent as well.
---
 Omni/Cloud/Web.nix | 56 ------------------------------------------------------
 1 file changed, 56 deletions(-)

(limited to 'Omni/Cloud/Web.nix')

diff --git a/Omni/Cloud/Web.nix b/Omni/Cloud/Web.nix
index b87da38..d11fc80 100644
--- a/Omni/Cloud/Web.nix
+++ b/Omni/Cloud/Web.nix
@@ -36,50 +36,6 @@ in {
       port = ports.invidious;
     };
 
-    radicale = {
-      enable = true;
-      rights = {
-        # Allow reading root collection for authenticated users
-        root = {
-          user = ".+";
-          collection = "";
-          permissions = "R";
-        };
-        # Allow reading and writing principal collection (same as username)
-        principal = {
-          user = ".+";
-          collection = "{user}";
-          permissions = "RW";
-        };
-        # Allow reading and writing calendars and address books that are direct
-        # children of the principal collection
-        calendars = {
-          user = ".+";
-          collection = "{user}/[^/]+";
-          permissions = "rw";
-        };
-        # Allow any authenticated user to modify the public collection
-        public = {
-          user = ".*";
-          collection = "public/.*";
-          permissions = "rw";
-        };
-      };
-      settings = {
-        server = {
-          hosts = [
-            "0.0.0.0:${toString ports.radicale}"
-            "[::]:${toString ports.radicale}"
-          ];
-        };
-        auth = {
-          type = "htpasswd";
-          htpasswd_filename = "/etc/radicale/users";
-          htpasswd_encryption = "plain";
-        };
-      };
-    };
-
     gmnisrv = {
       enable = false;
       listen = "0.0.0.0:${toString ports.gemini} [::]:${toString ports.gemini}";
@@ -162,18 +118,6 @@ in {
           useACMEHost = rootDomain;
         };
 
-        "cal.${rootDomain}" = {
-          locations."/".proxyPass = "http://localhost:${toString ports.radicale}";
-          forceSSL = true;
-          useACMEHost = rootDomain;
-          extraConfig = ''
-            proxy_set_header  X-Script-Name /radicale;
-            proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header  Host $host;
-            proxy_pass_header Authorization;
-          '';
-        };
-
         "youtube.${rootDomain}" = {
           locations."/".proxyPass = "http://localhost:${toString ports.invidious}";
           forceSSL = true;
-- 
cgit v1.2.3