Use davis for dav

clients/quadraticserver/caldav.nix

@@ -1,13 +0,0 @@
-{config, ...}: {
-  services = {
-    radicale = {
-      enable = true;
-      settings.auth = {
-        type = "htpasswd";
-        htpasswd_filename = config.age.secrets."caldavUsers.age".path;
-        htpasswd_encryption = "htpasswd";
-      };
-    };
-    caddy.virtualHosts."dav.henryhiles.com".extraConfig = "reverse_proxy localhost:5232";
-  };
-}

clients/quadraticserver/dav.nix

@@ -0,0 +1,38 @@
+{config, ...}: {
+  services = let
+    domain = "dav.henryhiles.com";
+  in {
+    davis = {
+      enable = true;
+      hostname = domain;
+      appSecretFile = config.age.secrets."davSecret.age".path;
+      adminPasswordFile = config.age.secrets."davPassword.age".path;
+
+      poolConfig = with config.services.caddy; {
+        "listen.owner" = user;
+        "listen.group" = group;
+      };
+      mail.dsn = "smtp://username:password@example.com:25";
+      nginx = {};
+    };
+    nginx.enable = false; # We use caddy instead
+
+    caddy.virtualHosts."${domain}".extraConfig = ''
+      encode zstd gzip
+      header {
+          -Server
+          -X-Powered-By
+          Strict-Transport-Security max-age=31536000;
+          X-Content-Type-Options nosniff
+          Referrer-Policy no-referrer-when-downgrade
+      }
+
+      root * ${config.services.davis.package}/public
+      php_fastcgi unix/${config.services.phpfpm.pools.davis.socket}
+      file_server
+
+      redir /.well-known/carddav /dav/ 301
+      redir /.well-known/caldav /dav/ 301
+    '';
+  };
+}

clients/quadraticserver/matrix.nix

@@ -1,19 +1,22 @@
-{
+{config, ...}: {
   networking.firewall.allowedTCPPorts = [8448];
 
-  services = {
+  services = let
+    domain = "matrix.henryhiles.com";
+    socket = "/run/conduwuit/socket";
+  in {
     conduwuit = {
       enable = true;
-      group = "caddy";
+      group = config.services.caddy.group;
       settings.global = {
         server_name = "henryhiles.com";
-        unix_socket_path = "/run/conduwuit/socket";
+        unix_socket_path = socket;
       };
     };
 
-    caddy.virtualHosts."matrix.henryhiles.com" = {
-      serverAliases = ["matrix.henryhiles.com:8448"];
-      extraConfig = "reverse_proxy unix//run/conduwuit/socket";
+    caddy.virtualHosts."${domain}" = {
+      serverAliases = ["${domain}:8448"];
+      extraConfig = "reverse_proxy unix/${socket}";
     };
   };
 }

clients/quadraticserver/vaultwarden.nix

@@ -1,15 +1,17 @@
 {
-  services = {
+  services = let
+    domain = "vaultwarden.henryhiles.com";
+  in {
     vaultwarden = {
       enable = true;
       config = {
-        domain = "https://vaultwarden.henryhiles.com";
+        domain = "https://${domain}";
         signupsAllowed = false;
         passwordHintsAllowed = false;
         rocketAddress = "127.0.0.1";
       };
     };
 
-    caddy.virtualHosts."vaultwarden.henryhiles.com".extraConfig = "reverse_proxy localhost:8000";
+    caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy localhost:8000";
   };
 }