diff options
| author | Aleksei <email@email.email> | 2022-07-14 17:27:45 +0300 |
|---|---|---|
| committer | Aleksei <email@email.email> | 2022-07-14 17:27:45 +0300 |
| commit | 678b1af0dcb8315ca9d96bf8d24eb8732ace7a26 (patch) | |
| tree | 9ad2f186201fd3584afa02684b0e316f8f099da8 /content/post/address-books-hosting.en.blogc | |
Diffstat (limited to 'content/post/address-books-hosting.en.blogc')
| -rw-r--r-- | content/post/address-books-hosting.en.blogc | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/content/post/address-books-hosting.en.blogc b/content/post/address-books-hosting.en.blogc new file mode 100644 index 0000000..a8aa56c --- /dev/null +++ b/content/post/address-books-hosting.en.blogc @@ -0,0 +1,73 @@ +TITLE: Self-hosting address books +DATE: 2022-01-19 +TAGS: archlinuxarm archlinux software carddav addressbook freesoftware +------------------------- +I wanted to self-host a server to sync my contacts across devices. One that uses +an open protocol (CardDAV) and easy to self-host. +[Radicale](https://radicale.org) was very easy to set up on Arch, but +[davx5](https://www.davx5.com) client (Android) couldn't sync the changes. +[Xandikos](https://xandikos.org) works flawlessly in combination with nginx. The +package is in Arch repos but required some assembly: + + # (as root) + mkdir /var/lib/xandikos /etc/xandikos + chown xandikos:xandikos /var/lib/xandikos + useradd -U -s /usr/bin/nologin xandikos + htpasswd -c /etc/xandikos/htpasswd usr + +`/etc/systemd/system/xandikos.service`, ugly hack here because Xandikos can't +use an existing socket: + + [Unit] + Description=Xandikos CalDAV/CardDAV server + After=network.target + [Install] + WantedBy=multi-user.target + [Service] + RuntimeDirectory=xandikos + RuntimeDirectoryMode=0770 + User=xandikos + Group=http + ExecStart=/usr/bin/xandikos \ + -d /var/lib/xandikos \ + --current-user-principal=/usr \ + -l /run/xandikos/socket + ExecStartPost=/usr/bin/sh -c 'sleep 2; chmod g+w /run/xandikos/socket' + Restart=on-failure + KillSignal=SIGQUIT + Type=simple + +`/etc/nginx/sites-available/xandikos`: + + upstream xandikos { + server unix:/run/xandikos/socket; # nginx will need write permissions here + } + server { + server_name home-dav; + # Service discovery, see RFC 6764 + location = /.well-known/caldav { + return 307 $scheme://$host/user/calendars; + } + location = /.well-known/carddav { + return 307 $scheme://$host/user/contacts; + } + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_redirect off; + proxy_buffering off; + proxy_pass http://xandikos; + auth_basic "Login required"; + auth_basic_user_file /etc/xandikos/htpasswd; + } + listen 192.168.2.1:8099; + } + +Add this line to [nftables](https://wiki.archlinux.org/title/Nftables) ruleset +to allow sync on LAN only: + + tcp dport 8099 ip saddr { 192.168.2.0/24 } ip daddr 192.168.2.1 accept comment "Accept connections to xandikos behind nginx" + +To sync to local directories I use +[vdirsyncer](https://vdirsyncer.pimutils.org), on Android - davx5 (in +[F-Droid](https://f-droid.org) repos). |