moved radicale config to apps

radicale/compose.yaml

@@ -1,5 +1,5 @@
 services:
-  docker-radicale:
+  radicale:
     image: tomsquest/docker-radicale
     container_name: radicale
     restart: always
@@ -10,12 +10,36 @@ services:
       - TAKE_FILE_OWNERSHIP=false
     volumes:
       - /docker/data/radicale/data:/data
-      - /docker/data/radicale/config:/config:ro
+      - ./config:/config:ro
     networks:
       - caddy_default
+      - net
+  ui:
+    image: ghcr.io/nagimov/agendav-docker:latest      
+    container_name: radicale_ui
+    restart: always
+    ports:
+      - 19999:8080
+    user: "root:root"
+    environment:
+      - AGENDAV_SERVER_NAME=127.0.0.1
+      - AGENDAV_TITLE=
+      - AGENDAV_FOOTER=
+      - AGENDAV_CALDAV_SERVER=http://radicale:5232/%u
+      - AGENDAV_CALDAV_PUBLIC_URL=https://c.aggtaa.com
+      - AGENDAV_TIMEZONE=Europe/Moscow
+      - AGENDAV_WEEKSTART=1 # monday
+      - AGENDAV_LANG=en
+      - AGENDAV_LOG_DIR=/tmp/
+      # - AGENDAV_ENVIRONMENT=dev
+    networks:
+      - caddy_default
+      - net
+
 networks:
   caddy_default:
     external: true
-
+  net:
+    internal: true
 
 # also see https://github.com/iBigQ/radicale-birthday-calendar

radicale/config/config

@@ -0,0 +1,163 @@
+# -*- mode: conf -*-
+# vim:ft=cfg
+
+# Config file for Radicale - A simple calendar server
+#
+# Place it into /etc/radicale/config (global)
+# or ~/.config/radicale/config (user)
+#
+# The current values are the default ones
+
+
+[server]
+
+# CalDAV server hostnames separated by a comma
+# IPv4 syntax: address:port
+# IPv6 syntax: [address]:port
+# For example: 0.0.0.0:9999, [::]:9999
+#hosts = 127.0.0.1:5232
+hosts = 0.0.0.0:5232
+
+# Daemon flag
+#daemon = False
+
+# File storing the PID in daemon mode
+#pid =
+
+# Max parallel connections
+#max_connections = 20
+
+# Max size of request body (bytes)
+#max_content_length = 100000000
+
+# Socket timeout (seconds)
+#timeout = 30
+
+# SSL flag, enable HTTPS protocol
+ssl = False
+
+# SSL certificate path
+# certificate = /etc/ssl/certs/ssl-cert-snakeoil.pem
+
+# SSL private key
+# key = /etc/ssl/private/ssl-cert-snakeoil.key
+
+# CA certificate for validating clients. This can be used to secure
+# TCP traffic between Radicale and a reverse proxy
+#certificate_authority =
+
+# SSL Protocol used. See python's ssl module for available values
+#protocol = PROTOCOL_TLSv1_2
+
+# Available ciphers. See python's ssl module for available ciphers
+#ciphers =
+
+# Reverse DNS to resolve client address in logs
+#dns_lookup = True
+
+# Message displayed in the client when a password is needed
+#realm = Radicale - Password Required
+
+
+[encoding]
+
+# Encoding for responding requests
+#request = utf-8
+
+# Encoding for storing local collections
+#stock = utf-8
+
+
+[auth]
+
+# Authentication method
+# Value: none | htpasswd | remote_user | http_x_remote_user
+#type = remote_user
+type = htpasswd
+
+# Htpasswd filename
+htpasswd_filename = /config/users
+
+# Htpasswd encryption method
+# Value: plain | sha1 | ssha | crypt | bcrypt | md5
+# Only bcrypt can be considered secure.
+# bcrypt and md5 require the passlib library to be installed.
+htpasswd_encryption = bcrypt
+
+# Incorrect authentication delay (seconds)
+#delay = 1
+
+
+[rights]
+
+# Rights backend
+# Value: none | authenticated | owner_only | owner_write | from_file
+type = owner_only
+
+# File for rights management from_file
+# file = /config/rights
+
+
+[storage]
+
+# Storage backend
+# Value: multifilesystem
+type = multifilesystem
+
+# Folder for storing local collections, created if not present
+filesystem_folder = /data/collections
+
+# Lock the storage. Never start multiple instances of Radicale or edit the
+# storage externally while Radicale is running if disabled.
+# filesystem_locking = True
+
+# Sync all changes to disk during requests. (This can impair performance.)
+# Disabling it increases the risk of data loss, when the system crashes or
+# power fails!
+# filesystem_fsync = True
+
+# Delete sync token that are older (seconds)
+#max_sync_token_age = 2592000
+
+# Close the lock file when no more clients are waiting.
+# This option is not very useful in general, but on Windows files that are
+# opened cannot be deleted.
+#filesystem_close_lock_file = False
+
+# Command that is run after changes to storage
+# Example: ([ -d .git ] || git init) && ([ -e .gitignore ] || printf '.Radicale.cache\n.Radicale.lock\n.Radicale.tmp-*\n' > .gitignore) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
+# hook = (/bin/sh /webhooks/notify.sh "%(user)s" "%(path)s" "%(request)s" || true)
+
+
+[web]
+
+# Web interface backend
+# Value: none | internal
+#type = internal
+
+
+[logging]
+
+# Logging configuration file
+# If no config is given, simple information is printed on the standard output
+# For more information about the syntax of the configuration file, see:
+# http://docs.python.org/library/logging.config.html
+# config = /config/logging
+
+# Set the default logging level to debug
+#debug = False
+
+# Store all environment variables (including those set in the shell)
+#full_environment = False
+
+# Don't include passwords in logs
+#mask_passwords = True
+
+
+[headers]
+
+# Additional HTTP headers
+Access-Control-Allow-Origin = *
+Access-Control-Allow-Methods: GET, POST, OPTIONS, PROPFIND, PROPPATCH, REPORT, PUT, MOVE, DELETE, LOCK, UNLOCK
+Access-Control-Allow-Headers: User-Agent, Authorization, Content-type, Depth, If-match, If-None-Match, Lock-Token, Timeout, Destination, Overwrite, Prefer, X-client, X-Requested-With
+Access-Control-Expose-Headers: Etag, Preference-Applied

radicale/config/rights

@@ -0,0 +1,11 @@
+# read access to root collection for all users
+[all-read-root-collection]
+user = .+
+collection =
+permission = r
+
+# write access to own files for each user
+[owner-write]
+user: .+
+collection: ^%(login)s(/.+)?$
+permission: rw

radicale/config/users

@@ -0,0 +1,2 @@
+anton:$2y$05$4e0H5UK4Q5p7.FNiY36NTuCYJWXPp4M5HOTLFL/HUP58EaCyNRwGa
+jintara:$2y$05$ZXu4ILSNwUKgRh2vQdoB3elQ52/KA3NznMIEX3q5y1reXszN3PW7m