1 files changed, 73 insertions, 0 deletions
diff --git a/content/post/address-books-hosting.en.blogc b/content/post/address-books-hosting.en.blogc
new file mode 100644
index 0000000..a8aa56c
--- /dev/null
+++ b/content/post/address-books-hosting.en.blogc
@@ -0,0 +1,73 @@
+TITLE: Self-hosting address books
+DATE: 2022-01-19
+TAGS: archlinuxarm archlinux software carddav addressbook freesoftware
+-------------------------
+I wanted to self-host a server to sync my contacts across devices. One that uses
+an open protocol (CardDAV) and easy to self-host.
+[Radicale](https://radicale.org) was very easy to set up on Arch, but
+[davx5](https://www.davx5.com) client (Android) couldn't sync the changes.
+[Xandikos](https://xandikos.org) works flawlessly in combination with nginx. The
+package is in Arch repos but required some assembly:
+
+  # (as root)
+  mkdir /var/lib/xandikos /etc/xandikos
+  chown xandikos:xandikos /var/lib/xandikos
+  useradd -U -s /usr/bin/nologin xandikos
+  htpasswd -c /etc/xandikos/htpasswd usr
+
+`/etc/systemd/system/xandikos.service`, ugly hack here because Xandikos can't
+use an existing socket:
+
+  [Unit]
+  Description=Xandikos CalDAV/CardDAV server
+  After=network.target
+  [Install]
+  WantedBy=multi-user.target
+  [Service]
+  RuntimeDirectory=xandikos
+  RuntimeDirectoryMode=0770
+  User=xandikos
+  Group=http
+  ExecStart=/usr/bin/xandikos \
+    -d /var/lib/xandikos \
+    --current-user-principal=/usr \
+    -l /run/xandikos/socket
+  ExecStartPost=/usr/bin/sh -c 'sleep 2; chmod g+w /run/xandikos/socket'
+  Restart=on-failure
+  KillSignal=SIGQUIT
+  Type=simple
+
+`/etc/nginx/sites-available/xandikos`:
+
+  upstream xandikos {
+      server unix:/run/xandikos/socket; # nginx will need write permissions here
+  }
+  server {
+      server_name home-dav;
+      # Service discovery, see RFC 6764
+      location = /.well-known/caldav {
+          return 307 $scheme://$host/user/calendars;
+      }
+      location = /.well-known/carddav {
+          return 307 $scheme://$host/user/contacts;
+      }
+      location / {
+          proxy_set_header Host $http_host;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_redirect off;
+          proxy_buffering off;
+          proxy_pass http://xandikos;
+          auth_basic "Login required";
+          auth_basic_user_file /etc/xandikos/htpasswd;
+      }
+      listen 192.168.2.1:8099;
+  }
+
+Add this line to [nftables](https://wiki.archlinux.org/title/Nftables) ruleset
+to allow sync on LAN only:
+
+  tcp dport 8099 ip saddr { 192.168.2.0/24 } ip daddr 192.168.2.1 accept comment "Accept connections to xandikos behind nginx"
+
+To sync to local directories I use
+[vdirsyncer](https://vdirsyncer.pimutils.org), on Android - davx5 (in
+[F-Droid](https://f-droid.org) repos).