diff --git a/files/radicale/client_cert.pem b/files/radicale/client_cert.pem
new file mode 100644
index 0000000..24d3e9a
--- /dev/null
+++ b/files/radicale/client_cert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF9jCCA96gAwIBAgIJANi7NpDcBHxQMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYD
+VQQGEwJOTDEWMBQGA1UECAwNTm9vcmQtSG9sbGFuZDEQMA4GA1UEBwwHQWxrbWFh
+cjEjMCEGA1UECgwaTWlsaXRhaXJlcyBTYW5zIEZyb250aWVyZXMxDDAKBgNVBAsM
+A01TRjEjMCEGCSqGSIb3DQEJARYUc29ubnliYTg3MUBnbWFpbC5jb20wHhcNMTcx
+MjA0MjIwMTMzWhcNNDUwNDIwMjIwMTMzWjCBjzELMAkGA1UEBhMCTkwxFjAUBgNV
+BAgMDU5vb3JkLUhvbGxhbmQxEDAOBgNVBAcMB0Fsa21hYXIxIzAhBgNVBAoMGk1p
+bGl0YWlyZXMgU2FucyBGcm9udGllcmVzMQwwCgYDVQQLDANNU0YxIzAhBgkqhkiG
+9w0BCQEWFHNvbm55YmE4NzFAZ21haWwuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEAx+ZvbDd6uDFho27tm3JbwTijkFmyhQHzjlp1riYMrIBuIuCU
+PpVN0XpeRwB1BhoYphl68xLG3oNnKWdZBNDIJyYhxOOcxq1LwF/KQDUQzvUnU/uM
+70ktAmJK4+9t4RYos8JdYTt0+P3mIhe6VtgTgBuMRPi4ELcDI/1wM1Ugj2ryNGPL
+yn1S7Toj77kjCrKs1ypFMqzgAIUP22EQJwz41aNy6a6v9o8kp6Ew+1yAg6ssGvlK
+OzN68i6tS0bgZI4eti5eSlPmOvblA850XKWhhZXyv6qxTNLYjDQCid/lOZcoFvmC
+SDtvWbHmyCqmogtA9ncrlu3ZCgfkvrSuhw0nd1yBB30iKG2FuJwmJE/DiHQwf4r/
+E1UO1VnAuNc4ZWe23E/Cya9aOshyJLu735/8cSZ/oqb+gkuhZXFPpEWmvegNkHuL
+spznLjZLKarOth/PLpUXUhLb2W5yyQug6WfWy3i+8653PKuRo8LT0UDsqkd2YRJz
+AvzJJouNhjD9iNoNhVXUiRR6z2pWfoJU5t3cczNFtUDjWkX8JInKecp0rg8BQsKp
+k7VBWms/Qv+0GvMWZVChSK2P3yTZGxgGfSVnJ+u124/4J/+BmptY7/7zkBQ10M4V
+1JSx8QtLhYW4LR1QUDJ9hTIHI/iJzGmNZwkIPrTKdWUxnQz2T+vauo2iZc8CAwEA
+AaNTMFEwHQYDVR0OBBYEFJdXJ8tuvh5KA1OpEJgwba70tEt8MB8GA1UdIwQYMBaA
+FJdXJ8tuvh5KA1OpEJgwba70tEt8MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN
+AQELBQADggIBAHb8wz12eisQjHtUAxiVViVFDEAl09CQz9UNx4VmyOAEqKhbHbfC
+R9XijdWFIC+40wPrbl+qc+ypO0RWSnojLdxcwa4Mh2x8ez9yjBVbZxO3ROCPYuNw
+GC6fTM2yfqQoWIM+92ybxMna6scaFDe5xe6XmFSQCIW/e7JtkTiiFMnzlpFjrQ9C
+TDrfghhrTKCY1IJkifuDZf6Z48zbCemJU9hfz/69JUBWeia6DWUf9bYgPk9+3hwu
+S/bkK9nnGNYUmDR9JX6znGZCtxTSVIqsYSfD8iHBFzx59koZrr6GOO5WWEwOumqv
+ckKfgGumIRYD+RQLPcWpxN3oFML+Cx+kBmdM7AqM+CDlxmPUObNcv1Z3nSo0S98s
+doUmALecpY36qxqos/bbu2ax59b7Ny30iA2vdenBZexGAmlSvcKPEv3/8H0Uq+ya
+etVajmIe0Vht1M+HFIQCFp51MdM4J7wu4wkjEUB2F7Wd3k3HX+nvotPzUG9gqRFN
+tS20KQpTkPw+O1uSkaSDdOOKMD5RE8ETj44oqBhj63pJMwX4Ju5qmZy181lQitWa
+l1zGtGVLkIyMsLp/vPwjPhTwwnu+XCD7AT7CSW0d2Wb8k4RYst1f1OjRaQ/B0LvG
+M6IQNHVzD47ksfE2kKp/IucG7c99LUXFwa6mP8RS3aCDhuQI9uwV4yeR
+-----END CERTIFICATE-----
diff --git a/files/radicale/client_key.pem b/files/radicale/client_key.pem
new file mode 100644
index 0000000..93f4a75
--- /dev/null
+++ b/files/radicale/client_key.pem
@@ -0,0 +1,169 @@
+$ANSIBLE_VAULT;1.1;AES256
+31306365353333633335393735653437346132643761346134366134326633623237326137613136
+3739643738663433643161353064343236393630353764350a396433326339656563646666643739
+61303036383733303539613230303333623232313961323265663235616638633536393131323537
+6337656630633030320a343036363363393261323830336132353939323962396333326462303238
+39356136616535376238323830383765373263643138313532623337323064373533313838326336
+37653935643632323932323739633538373037393836616335636431313461336236643536343933
+64346432353262663934623632393039386634613462666638366231386131623963653433373030
+39363863386630393937306235306237643835383830323966626433346264343935366130316364
+63666634303439303435656139336535643465326163663539383937316666643764356331663532
+30623437666461383437393230373336366265346161373939663430356132636630613664396434
+38353437633136383264323564316538376637383836633839653961643962393934666661393735
+35366261353338346336353039333730633635656239393136663135363865383162363437653664
+66376232633635623039336439613632363861616238313763323662386161643635616335653537
+35623737343233323238323832643562653661373864613066636362626636643461643931343931
+61346435646333653339306531396634343931663035636664353036383730313666353038393935
+34313039323539613439643231373431626631333233656331643135303566363164633430383264
+31383937656561313130643835343665636439383566623130373064616130653238333464633532
+39663563633763383331313561363364656165383563633935333330613461633733636335373033
+62633433326130336533326435363038336263356631373564393862393038393863353034643532
+34346339346536353164343439356638316462393433633937383065653235663030613434623066
+35636236376135336330386230313737353531616536313161643265333037613137356366633431
+33663864333631316133363765636164343937663537386564323232336466313135343361633166
+38343261666261373934626535393932353930633635366537303862373966666630323336386330
+63393137663931643163636137333365656334373665373761303930306638363862633837323864
+65353436633731353531373433383536623033623566666633336462643436643531366433623034
+62613933646339336362386362316638326539313162326434326564363033616232656535616132
+35326663333434626365323935663937316232656432653535653333383032316432366136323131
+63653836663461333431306431383431333962346633633265386333633435643361613639663963
+63656363386165613364353738613461343336636631343832613834373865643964633537653062
+61613866646164366561343430396432653232336332663334303765303164663730323133323665
+65393930353663343562343033663930383837643636353139386161306539313364383235343537
+31303063386438363634393438323734623064333365353165653331356130383231623439653561
+65316134303634616566663266363736633930663432623033386466303065666335653237663134
+32393366636333353939393732636364356134313432323935386564333834333935323834343639
+63323232663462343131633531363866386239666636316266313464303730353763663462326133
+38643033636166303165663563383266656536383965316534346335373531616634663430613030
+35393966303664333532313863643364323434303335366532616133323166336166363163613737
+33393138326538653465616431303564343233303362363563656130393865633364613635326438
+33326230646533303464633634616561323164643566626464323334663066383364653731643432
+38316263333438336634623532356165383262383966653632656162323335323533346432653661
+38626261633361633830326331303632623738386335313561646463666661333333323330643436
+35353832623335356466626239386134383135396130333433663932363834376538383532366137
+65306338633564396462613162643833356536623332666162623939623866313734613633353331
+31346438353335633563353863643461656264613234373036626237613134343437356638653436
+36343662656634353733393331623164346137623865316265623633653966653564623837316365
+34636437613135613165383539653365343034363264663563376439333735333465613930326336
+61326331623231316131653365393732663130613662393862383034646363356233663536373138
+34326637353838306433646134306238393539353839363139306530363162653531666236613438
+31343138613130396139393036353464623463366438613161336461633737383537643631333662
+30313563383462393538306536636132656434663634376464346661646332353461643531373634
+61343464326536353334366637613363633731333630313934363638323961653236343761666634
+64303734346134633564323531323938393362633663653864626361393134303335306633643366
+34306264373961323233653631646366663166393235376139303133353830653064373636346130
+65646330383263656539366530396566303665353331376661626433383662356131396462316261
+33363133643136643331373932376262306333646663636166643965323633356261353732613831
+34376261303737663363316338353833373161366331376339353832616631653836366264353434
+63616265666531633866656166646661386462333636396530316565346562316135373637383362
+35633263313437643932666132623335393339663032613663643363396332376662323531333339
+38656661623934383234396562373133656636303861363232666133653166616465383637303464
+65396139653734373234653066666534613838643430336430363236313635386365383135363161
+62613365326666316534373737643638623139303163346535643436383830386637326434376536
+34386532666164326139353036653039333338663633656138653361363163623731373066386538
+31353630623762643363633865643639396434663937643366616631393932663131393330393932
+35363938653433356562353734646635323061653163663666363066643833383633393265386639
+32636130333365656363633838646361323135643635373939636566653034363032316563633132
+63653734616637316438623239623963356533343334643861633564626232636137386639343864
+34383930616239623137376266303837353138386361313232623938643564666364653561656539
+65663663653630363636323638636263663865626434306466333933613662363765353135306362
+66633333646366343534326439363236323537633037363563376638373133346436643431623034
+66653831326164336336616132363830663335626638323532623430316666326362633531306466
+38363030633831613962393963626138616131353865386263323330343431326133653562633266
+61613631396636643165636634386234316562363162336239303831313165383239633064616132
+33643330303533616663663764313264613665656236643331373036396462663261386337366163
+31396630313863386233353130396565666266626563333331626334396433626366636561376638
+37326331353539323539613035636236393637393632326266663935386461613161623063326263
+31306465303832366464653431623438316430356561366236343263306566643761656532383438
+65633236353166643133316436666566613139333565323730306136353638313137396534356264
+61653439343335306330663063373233313066373339333336633762646262613637363064333565
+61643239336431373930643531663364373762303739613665366638336161383931643730303330
+31303333333332623834323530313639666639336464356464336331663862373035323162386364
+61356364613533303031646463333331613664633636373831623239333039663539303733353535
+65633638343562653065326534653935623135393938663535383863626133653731333637353464
+34313661366533336364656336393261656465656364643835663964376566643234613838343336
+31313133326532643737366538613530633838633865353934663537646666623231643738356537
+62326632303231623966653864623637346263633339636235633736656164316562303566313961
+62376466343432383232363639656639616134303032373531316135303334333237633334363435
+62373266636261386465356265383537393463646361393464346232663962333134313161346133
+34623231346261346332613666336531643536386633363731636562316665616263353733343264
+61663736663331346134396364326630313265343335323635316132343235653830393238393036
+63393732633337383763626536393534623664343165666336376232396563303466643130363765
+37623730383836613033643065323263373836393738336439633037663634343139373465363333
+36626336316237663238396536613032383732666563633037313130356530363337353665356339
+33323462353833656164366463363135643634336564333030376263366432353738313063653239
+61636334653562373833303065636564616136313337376532643936366633363032373864313739
+37646662636433316236616637373434303533303031346532646363313039306265646462306331
+31613562343038666563666632306331353665653066313131666633383062333037356337313262
+33653162363738353730303163616462393562623232666634376562363366336364343336313664
+61346634643039353339666231633030316162616435303835663462613662626235643532313339
+61653865373566333532316235653335666366623636323766376234376436313437653762633832
+37313266313362343834653462333933646466343433616336393435656433313732373330663932
+62613439333961333735633638323264376630386331396163653934633663393265656239623461
+62633935376337373064356463303733643237666130393864336665636334333837323530313164
+64653964353461386361356638343533336435633162613966393264353562633961353463336662
+34623939613134353664646561343562333564383266363861323861623031306166643935313765
+39386664343932383736653131653430343136333830643835333630643932346365346230373134
+36336530303733336336663033386466323162323536356331656233383965303233663937623836
+37613434613338626235303132333834333761653835643438666632653161363934313463356461
+33336630373138326635343931393064336138633031366262366233383262323030653438666238
+38663537646135383536623066393464326436656431633065356365663938616261376464363130
+37333163353138633930333935616631633530313139656339643961656262616339396232626632
+34373232343335306262356335643639306466306332663661343663653834623766636665303839
+37646435363965303265333837356132613339633962353036363431656364653437646335346530
+66393165663937373963646233626261663166666634663864633731316635613465383162343537
+37643631383535336333383531313430653533653239306332393662326236303934383966373864
+39653666373932336635393836343566353634393936323930616230646239306538363636393336
+39666632633366303434343636656162313435633539333330316432363635386331383036663566
+38666531613463346262623463623439343236386135633437626562616166646431623036613536
+38636561663262636330346430313961316330366563386239653738303235636135613634643161
+64363334623632366536646239363330623036333861393863343864356332376565663465366636
+34303264306437316164643862633132323333313138613532616330306439366566336435303138
+62663438616664376565626230623162353432643162306539633662373266643261343963653565
+34353535333435623465376563646461353037336366306238633564316563633634343964616331
+61366665393434643335656461613564616437393336663733633938636133306332376433656438
+36366162303662343331343132363434366530613137326366326462373164353564613235393634
+31316264643538363465613638386237656366326437653863303031656231393738633631616636
+36373538376430613331333135396638356462303235646163666135376263333631633938636538
+36333532636364386164343130323961396663366137366565346536616433623037656264366536
+38363930636232333165616636663834356232636235613962303961356463323237623965303432
+61303834353234306163366330623966303465653238353965653539646432613337373036356536
+30313039386264636165616164363466626536386635306664313233333530383836396139666165
+62323338333336363464323839383234386163313033366231373062323662633836353833366133
+35646636383431666633623033373934623665346562326433316461613231646264653464336432
+31353033653231396362646161376539353639316237363566323963356433656235313063613330
+64303733343038333665333366373961653139373334363261333733393365303665616432626237
+34643665626531366163393162643238656364313633386162643763663736343136616263373234
+61346131633765393031306566616434316433636566393765616534373137383765336133333164
+33636338666636646561643863643838363839656364323862323265663563303535613434363833
+38393930383331396635646333646231663438353130363830643565316137303938336362393363
+64343163306461623735363165613639393066656633336164313330646537353634306431303865
+62616538656539653435393537613065303264323837656537613939303932613764613736343964
+33613132643238353265303266323731623261346665653036333261653839306265303133393739
+65623661623530346465376263623930386131386236306166653933373834623862353463353739
+33373733313666636233343163613061303835636131666239383432353733323537633361643436
+66636461373562626665363064353965316338636136393865396635393032306465396464623962
+63643436353034356432386134343238396537306439623362333332323863646336343434393232
+34346464396366623339646264313033616164346338623062343365306337323063393035306131
+38303435653431383064303464623363636536656266303332313135653137616539316636343664
+34333761636135636264343036366438663733326639643863636563333634653465653566353231
+66386136373065323730333137643730353330393134656338666666373266656265353938666334
+66333730353962383362346130396632323937636638626633666337353439616535373033383461
+31396463366436613831353737353735383336376138653430336534633162613936333238643438
+38623030363033333332376234316465336463653765613633643063363833623135646237333931
+30353335353565646264383334613864643164643231353033376462366638633533383861386161
+31356633383565623566373738383738373737336364353864666265333063306265336366363533
+34623564623363646639633531643861356634646137343132333031336261663565363331656237
+31326231653736313364633337386638363635323539383530343937646461356466613965346561
+33643539376233366266633038323034363433316533396364363433396164383364653464326431
+38613936653238346566666533363035306661386437376531393264306438626161616233363763
+34323230373537383338353464633737646663313335393733643263613166353964613633353563
+64636336613935626437356532363336333364313966643134663063343365633337666337396265
+33643936323830383535613730333863313539656434356537343438343236656233646237313265
+61633462383064623732336162656561353234336565376336613065353764633632333963363063
+64613735633136343666346639643462636336623230646234383466616266306332396232303966
+32396338623466616434663064653138343837376630313530373163313861346539323062663935
+66663039376162643633353362613335383630623537346237326232616239393163346161613231
+33343139326233356662386634393637306334346466326335383866343439653338363432313162
+64333739346266313762383263386565326566333362396331303064623435616237316231656165
+37663435323334653434
diff --git a/files/radicale/radicale_htpasswd b/files/radicale/radicale_htpasswd
new file mode 100644
index 0000000..1f1f389
--- /dev/null
+++ b/files/radicale/radicale_htpasswd
@@ -0,0 +1,7 @@
+$ANSIBLE_VAULT;1.1;AES256
+39333463653766333336373030633535653336383435346539653838363466616637323163353663
+3934363237313063326638636335383936653936303864350a333139306161346638353039353163
+39323935643330323930333039306565653138343832613061373534616361386665383534626464
+3333303431326366360a386330653666393939636630623233626235616532666634383461363137
+31643439336563623965623535643664303232653765383961643332663762336134396331653134
+3736633939323131376561666564333763626532313361626330
diff --git a/files/radicale/radicale_users b/files/radicale/radicale_users
index 4eb0d9d..6fe090a 100644
--- a/files/radicale/radicale_users
+++ b/files/radicale/radicale_users
@@ -1,11 +1,9 @@
 $ANSIBLE_VAULT;1.1;AES256
-37616331363137363334643062646237653866366132356463343538333334653064633561316366
-3633303165353865366364633136656331306635323164350a653134363031663434303130363730
-37316464356630663539366633383035643538343364616530653336393339633932646564663363
-3335383732313562390a626635626538333761663438383031343664316661313331313737636563
-30366336346435626363396165613463333630303337336635326166356135373763326362386330
-33623433393132313438346638343039326262396336663766626635376138643630323336663235
-32353031653961633461336565326539313233643364306165303636656330623738616534386366
-35333963373564316661356165306237666231373832616338386461356138646564666332323865
-33323732346436326366353837323364366666303136643561653363616531656430663264366138
-3762303031373034343936643961663062656162333939316638
+33316361623866386530336263326364616535383436633832623230313064353163653438383235
+3766616334333262333861393362303137393531356666650a353636303961353434656535623064
+34663534363432393734313761323231323436633861616166653734363934326336613966613562
+3662343063623836310a643335616532306162353063643361316431363966636665643233353735
+33343462613835663463356530633135643565326535373738373536313862626336376565623437
+61343132626466346361643833333963376136326263393765363438333161643633343133626139
+34616330386661363866393737353239303066353466306534613836613064333533616438373030
+39303736646330383733
diff --git a/files/radicale/server_cert.pem b/files/radicale/server_cert.pem
new file mode 100644
index 0000000..6d5bab8
--- /dev/null
+++ b/files/radicale/server_cert.pem
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF9DCCA9ygAwIBAgIJAO95xCzQOTQoMA0GCSqGSIb3DQEBCwUAMIGOMQswCQYD
+VQQGEwJOTDEVMBMGA1UECAwMTm9vcmQtSG9sbGFuMRAwDgYDVQQHDAdBbGttYWFy
+MSMwIQYDVQQKDBpNaWxpdGFpcmVzIFNhbnMgRnJvbnRpZXJlczEMMAoGA1UECwwD
+TVNGMSMwIQYJKoZIhvcNAQkBFhRzb25ueWJhODcxQGdtYWlsLmNvbTAeFw0xNzEy
+MDQyMjAwNTNaFw00NTA0MjAyMjAwNTNaMIGOMQswCQYDVQQGEwJOTDEVMBMGA1UE
+CAwMTm9vcmQtSG9sbGFuMRAwDgYDVQQHDAdBbGttYWFyMSMwIQYDVQQKDBpNaWxp
+dGFpcmVzIFNhbnMgRnJvbnRpZXJlczEMMAoGA1UECwwDTVNGMSMwIQYJKoZIhvcN
+AQkBFhRzb25ueWJhODcxQGdtYWlsLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
+ADCCAgoCggIBAK7FjcWcmgrcBSCMv11pWHzxMF307dG10lZ7DTn/jmo4WdWOoSWp
+pTpof3a55YawyH8IuSdSgx9e03924w4J0k3Bj+MO15i6XXTqqZQie5boSE7Ggthp
++z0/t+2//Y3tb4mGEWCTUK8i9gIgn/MOaCOsm8zpv8nd/3nnn/1uTjOvcO9duExO
+CuhESsyQ6vLOUojuryjUhKO/7iiNj3EdsI5l+Nb8xTgo635PcPv/QyH7eaIFW6Vp
+cbbo9Xd0Gtb4K5TdXRfy7bOvFKOw5Y065ellMlUKjszb+t/3taODSaid71NF8l0a
+GCIIoMqONANfju8RhIAxQG+KgGwjOspxZIrXpPMA+0i7bJbWw+6lqjbUILdXZURP
+W+2+aCT4Q1sgspzLUL795lBjLzc9f746j3I5M5EZCrHn5xl2E8qmyutMjK4S/Oj2
+6rzOuF4WxBm2kizgQX22hQ7q2POq3+qKevmbaIC20dolB0Xc4/OvIGaXwFoA+cnw
+G6nCVQn08mZ2UeHbdFGarBKW8PjCGg0WBwMmo6nqkjcoiPssq4wmo5vtTnQSoD5/
+7sLWRxdfWtDN6DdCIMNqqYMmzTymcblYWlaGLEjWabEH4jFJjg/daD/eyN/FLLRj
+J/Fxj778da1kHNtD7MFpz+SQ5Vy2xUO5AyOArf03pfxRL2wjVT2a254VAgMBAAGj
+UzBRMB0GA1UdDgQWBBTnEO5Fa2DMHOPFOKKlj/ifo4jPSDAfBgNVHSMEGDAWgBTn
+EO5Fa2DMHOPFOKKlj/ifo4jPSDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4ICAQAAzLOjtglGQkn1KifDmTf3Gi6Gj0CfPXFI3Lef91YxhR0uqVcyR/kD
+oA9xV1pMPX1sSobfK3+X2W9bBX5LPMUQ+dCeTUDgtPjMEo1/78z1vbE1woZuO7Vw
+P0z61YLuPtehM/363+erFg0Lbm67VGT6SELjraKbhR5DZYh6GngIoPRqDhkWMp7s
+BkJkDfB54nmLAdkyTk9jnZ6mmkpg8SZ59PJdZRxss7U+mVovhq3RdSG98PHBN6uH
+QoFyRpKsJ11sieHx5xbzKWMHjeWIRIJHfi6m9wKh91q6seykeqAW38yLDU1LoY8b
+YJ/wxkvowLO6s9emtbjiVN7qFPmph5c5iS0wvv503YkAadg7ideVs9Km4k7FLLRt
+GJcal7QTUqmo12d23dItoTQv6S3RFgog29EUVcOgBydEbcMkZ8N0560QI/sQCZBE
+LHEGdZBxHduXJhPjA0y4y0+rA3KLIMRqj5EZMcKoH0c8sbm23kHKow4Hv6oIM4Vg
+vxYwhBoL4MqU+zzj1FSUJNsNdyv9a51DCS+012/oTrPTzlCVksnaCuQlO52RA+6P
+7AGZWkxfjUKnL3UcTkKGV1lofd0n4PQCBqrfgCXQpnmLfJjaEFD6LBKcBJx83CCZ
+Xh/sFaom6uxMEYv02WFQrKZ3pOuAVn7GYs9ufcfKSpoyeu1h7rdLkA==
+-----END CERTIFICATE-----
diff --git a/files/radicale/server_key.pem b/files/radicale/server_key.pem
new file mode 100644
index 0000000..3dbf9ed
--- /dev/null
+++ b/files/radicale/server_key.pem
@@ -0,0 +1,169 @@
+$ANSIBLE_VAULT;1.1;AES256
+64383435303264326430633564383435386235396664313137613063353137663532666230643938
+3633306463353763666137633835653566393930343630350a643363393132336564393439346139
+62626233323733366434626338646335353462663161313662613337326664363234613834663034
+3361306666666664630a626136636135383534663838333737653361323737346538333964663237
+31383864303332353136396235613037653636613137343835656539653534653130626564353130
+64343636653032346361383065386532623937373032303439626264636138366139643432653530
+34303537313531306164356531363362373862643966353130383332373464303230326435313166
+65363633323336653865303866383066663738376539376439613339373735376263303037383965
+34356132653038326134316663616238656262616632613530396533636136633835356663613966
+35663732373062333762313934383264313130643233663830346632653130613837626365363866
+38633064346564633330643165376365353238663530386639306535313262633931363161306135
+31616561303861646632653731316666623031353364306263613037616566333566663339343738
+37326566303636333838636362666537316131633932383933623533353934396133393238323361
+31346539303462303135383033383332313561356631616237346532373533303137303666373664
+36376161303932363431633432633136316439333635303032663730363939396136616136623865
+39613833396364303231663536663131303865343637663538343833323566326233313031653738
+31333964313038393239383732393261383636623730643261666435336463333534303565653964
+30636434623865336136393936393037643731346566636463366435656139396438393363376138
+61323965353835373930353138633737353465356432356535373162613231333335366230306334
+62303535303163626634383430613436333065633839393464636132333963623064643638326162
+38356636333537633936653164343636633065373038336338636561666163353132646366326631
+36663439346561396539336531316363623064386335346162333238613932383063396531623737
+30343630373837643934333330376432646431323734313163353235323335656234383630396536
+38326365326263363738376633323935373835656630633739373961376165363364303531306332
+61376637626661343264353933363737663633613164623232353566636535623932346261336333
+65353836356364393438396330373461343233313363643237653336393032356661663231393563
+31313163623862383563373961396666613164313131383833633435366337363834656232306634
+34356538323963303863323634346238346430646464306336653363653930303863343335366361
+34326462626633393633633661356332363638396439616237653933633961616531373032303338
+35613630373434346430623931373462363333646661313139653735316234343834623131646565
+34383761323266336131373162363664373130383464646435623339396330636165373666313432
+64383434663430633338303031663463636661376237333030393137333732316330316131326238
+31643034363830323031643538323537366232393034386438633131613834613930336263376534
+30646239383333643266303665623531383739656639663430313864666330353535306337303062
+36383962323236383538633936386462613730363137376562386431643663396639386563376133
+66363936343834613265636432356534313938303635633439653039626137353534623232616663
+62373361323161626134643931633236653631616465386163383363653535653539393037356138
+39356262636561386465653139376665306366643137333539373862316364656664333431633864
+34376636363938353731666362363362323961366532343035383830623861653465393938303331
+33643962386436303665343662666531316266653131396337326161306439626661383438623938
+36653835333061656539666534636433313333613130313633363234393139333130336564383631
+37646439643637323735376565366235633536666139316462343831636163653964316338346566
+63636532633266366362336438643338353366333631393465393666656234623261353361333663
+64613966343062313335353437326233316635356334623232613731323264356134616665303962
+31323164303262333261333235393130646662326239313264366238613564353262616664376462
+31356366393364316331633461643964303637643834353465626266363362393564333865303563
+39613237353534303461666465386335356335373262666137356366393436323930386263313362
+30336231663930613766613832326565623361646166363136353264643830313330356665343166
+62613131633431303431656163636563316135323965353030643539383435316663316235323661
+31653463336138643564356565303930366661626335666663393036363361663436313365633163
+66363865626539646665313864613233303939393132653332663239663332313837313830346264
+39643232666637363666323061643231336563396136326264346538653637653431356164323465
+31373038366538336532633034386130663762323830633234656265663234646230656439393536
+64386435623935393663643838363766616536616361373263653735326236386632386161383864
+32663862653338383463346435373366643664383662666661366330613031353266613962303630
+62393366343538316533333737303963346361303161653562373836613634316433346365353065
+30313631353738323531646435623463303264346235663266313937643065366562366164326133
+32613839363035333932366362376433623063323137383664383566633762386538343030393666
+32633235653966633564646462366665313733313137333832396232346561303564616665653231
+61616462346339333830633763336237346163346165363538633539613061666361383164323731
+61366538626665666263656138653233666466306139613234613630656635633736666463316564
+37613439646664623530666430626439643238366436383838313865333763343966656238363163
+37386466363036373865323339313934336430323938653533353231663863336164356365333834
+34363265633230626136386663323437353239633963336465356135376539386630366366363862
+63383234396639343561663036353833666632366263333131303032333434663064336530393939
+33636436393139313538353936326435663930353565393566393932313665336131366136373237
+66366261333731313037613665666666376230623138303031636132306535303032386162363630
+66633632653762323139376634633836313166326130643163373966663930613335383437316431
+64353163313834353463313030643238626138323931376439306562353539666362643266616665
+34356234363634393934313063306264393439396338313166623462626666623233626538353465
+34383834626339303137326532653861323165633862306464373063343438393038656661343136
+33373665373932326635643962336438316161626631373736656561626636663233613539333764
+32656334313832316232666661356535663866383338346164343538653539323135373063383535
+38323831306632306162663433303137666239306366376663343036326134313732313262653937
+65626336333030306465333332346366393830313739646138326333663131326561353634393135
+32343631616437316465616661663363633062633238363830343231646361323665633938356562
+62333966343938393738343961626236303232373037393663333363646266393435656239316364
+37643834613034373838323434373030313466393538653966613238373561323936653633666662
+38613862346139626434623838663036353539393132646139636261336235396563333233386530
+32336539363764653631386363363133643364626236323336353736366264636666663039346363
+32313966623565396632643538353035643434613532313338393338346233353864636438623837
+33383733376363303962373230653061366534383335383965386366303533643461623335363061
+66316334353162353630623533366135373464666162623962386338373331396464343437356464
+62376337326263646435646131323330623138353066643161663239653136623236623930653330
+36663733386463666663303037313434323535626631623634316230653439646263356335333636
+61393062613537393538326634316636303364663833376264393037373635656162383338363238
+63646666393339353638353261386462626236376236326130336462376232616562376466633736
+37623661616165363963303131613638393064633135636162633064636666616430653264333865
+39326265396164306463636164613065336433303431363062393564336161373239373737393861
+63633164353337626566323263333464636265643765336663373837313532333863326238383333
+39373264613935386235613536633434653134326163386464643265326464656238393766303263
+37326164663838363233396361363738313631336263393466653765333937333939633639353463
+62323430633361323461643535303539363830343361363766383364376366393132323361633763
+62343531316165663361663134373165356365666362366239326332383565313939386161633631
+31303637613637666562346364663234623836363433313331343339316661643435323334346335
+38643335373730343435343035343939316166373235333933313961643730346562343534343365
+36383666393764366335326138373631383961636638333063393965373735383665396236306137
+31363237646433646464363364616236653737336331353638356165386639353733613962333664
+35333838663566616434313136306361663336633937323132646337616236326263613133653764
+62356635313438613462636439363131363661653030333065396231663337393537623233313963
+37306635663465363235623566626363643235616466623537336262303731323239613536643361
+36393532386339656639666565633733313031363538626462323162656261333364333730383037
+64373963396435663134613139316437663564333263623063326461326134613433656137373335
+62303534356565616364656634333737386434363165323932643533623336363334646565383765
+64613463633034653334666531633838616263626531373530346133646164303639653263316164
+32306436396164343038366463383862643037626631326333393739316461333563333264393862
+66346364366431306564306161336236383138613938366336323937363966383837363637623130
+64346333326634336534363932656265366230396631643234336165366162303232393830383262
+64626266666635653161653137393930323930306363306636326437643564666264326363336231
+63666563663035313737383536303639623961333438346634656633303239616262306538396236
+65323730346661343037393132376462353830663562323163373063613332663730356136396434
+38343934393335663464306330356263643036616432313032613131633262636131333636343163
+62326230643131303461653237346633656436336138623338663037613939656339343731633430
+38356132306533633735393162353933343934636630653164646162323161343436306235653430
+32623533393766396431353766643462663264666562663465623632383532643539316465663335
+38313334393264666534643265343234663337656135393131613434643065336332373032386434
+36633232633537333737623365363933366236613833643030626361323065623734646538343231
+39313838376336313762643962386137333862386439633838346233643061383536303062323331
+36316363663839303331346162343866663037383332363738643131306561653561326236323666
+34636162356666313033623335323236383663326436613465343737653430326239336665646537
+30363637666234363639376338653366393535393032633836313362363833656164353863343633
+38356561636530356333633061353037343966336135323966376437343132306465623561653763
+66306135653737313634356339663164356165633831363866356136373332396266626337616639
+32363932666137343231346566393832306565306537623235653235363635633136646331383235
+65666638653964623133383762386132376634306132356564643139363264336132353765333661
+38626262633837313432333761393363356465623930653966623533323737653035643233643962
+34376139373761373465653837633537663334383234656661656236323534393862616466326262
+62663563326237343138313466633163363763303035656530303965356564336437633337303632
+64643561333739343031376134326563663338646361363264346537306362653734356661353731
+63613461646166653262363365346538313463393064633665336335633361626637353633353737
+39346639383439306437333638386539333238633563613064373332313331396539656639666139
+30366534373638633332626639643966636361333131383135343965356663343463613761393339
+32326664343061383939353463323764356662386266623363366563323139306663643335623761
+30353238633935373530313132356338386331366638356164666136313035303236393763663231
+34643138633066316638383131643439396231646335636335386364643936613238613666346461
+34386232313933303033343561663934346264633339633266393033316132383465363561643730
+32306563346137313832326330326237396161626236333433616231393461333230343336653031
+37363335633934353038376139626436313232306335656632316664393738626439643233343734
+38356461643331646362336130643531633763643066323939323766633661636230643461653639
+61333666306162323864626139336433653662386165653534346235663366656137653336306238
+36366661643338336638656162346463303362346235343036333136663434623363356162383036
+61366135623537306130313432643163323730386131636638323061373838626531616433353632
+66373633386634643635646465343236366163383634326331666537373633363432363365616137
+65383762303964643835363263356434303166656332643965373565303862633735303565376331
+37303366613564333365656532353565366230363361313863343031326562333730613432323166
+38616366616562373434333133346331336337353865646463626438636363343233376334643565
+39623962326439386562643235393832663663373336613433333631353264613364323462376265
+39366364336537626636376535363363303762383030366138633861376132623566376134376138
+65633665623636323237386631343539646433646136643830306133366331636139343836653434
+61346334303939303735313833616263383762313736356432343264626265333336626136393664
+33353566323030666531316535343264633734336333643239653237363865376530353933326632
+30323138666531303536616361376565643065306365306134636433633333656134333765626637
+61646130643832373835316363646666666334633363646536323031313736626134363266666162
+35356164303839383635633432353664663733316164646438663633333361643461393434633365
+35633937336539346636353061303766333862336130363634386231393261326530313432633032
+61343236353631336362383364643439303766343035333239366335663263633135386535313261
+30623666303838613665333630643933643131313435616439373535303265623164333430356664
+34353064633332336562356330666263633934666135316664343739663364663661303064303234
+36303463653566653935383462363730613265376262336265393261336337333062313438353232
+62613932643762333466303937316266336133633730633735303363646166363430616663663537
+62393364383533626362323033333439643266376134393238313863336635666331303939663038
+32643431383264353034613638343331343936363835626536636132653739656463373965663364
+61326461323263626531323261396434313261396330653466376432656564363561383134306264
+65383934396239343666363634623338333562613839613164623865303437313937303534396439
+35393832386264303238346638366234623239353334353464393330356265626265613531366537
+66666161323733343437393934346434333466663937623466346365336639613463376261646366
+35343834613238636537316334383535373366343030623762653763313766333932323030383165
+33613264633266326137
diff --git a/tasks/network.yml b/tasks/network.yml
index b61f9c8..a12e47a 100644
--- a/tasks/network.yml
+++ b/tasks/network.yml
@@ -47,6 +47,4 @@
     owner: root
     group: root
     mode: '0644'
-  notify: 
-    - restart nftables
-    - restart docker service
+  notify: restart nftables
diff --git a/tasks/nginx.yml b/tasks/nginx.yml
index ec78900..f62cc77 100644
--- a/tasks/nginx.yml
+++ b/tasks/nginx.yml
@@ -1,41 +1,51 @@
-- name: Copy nginx configuration files
+- name: copy nginx configuration files
   become: true
-  ansible.builtin.template:
+  template:
     src: '{{ item.src }}'
     dest: '{{ item.dest }}'
     owner: root
     group: root
     mode: '0644'
   loop:
-    - src: 'templates/nginx/default.j2'
-      dest: '/etc/nginx/sites-available/default'
-    - src: 'templates/nginx/forgejo.j2'
-      dest: '/etc/nginx/sites-available/forgejo'
-    - src: 'templates/nginx/woodpecker.j2'
-      dest: '/etc/nginx/sites-available/woodpecker'
-    - src: 'templates/nginx/glitchtip.j2'
-      dest: '/etc/nginx/sites-available/glitchtip'
-    - src: 'templates/nginx/newsreader.j2'
-      dest: '/etc/nginx/sites-available/newsreader'
+    - { src: 'templates/nginx/default.j2', dest: '/etc/nginx/sites-available/default' }
+    - { src: 'templates/nginx/forgejo.j2', dest: '/etc/nginx/sites-available/forgejo' }
+    - { src: 'templates/nginx/woodpecker.j2', dest: '/etc/nginx/sites-available/woodpecker' }
+    - { src: 'templates/nginx/glitchtip.j2', dest: '/etc/nginx/sites-available/glitchtip' }
+    - { src: 'templates/nginx/vpn.j2', dest: '/etc/nginx/sites-available/vpn' }
+    - {
+        src: 'templates/nginx/newsreader.j2',
+        dest: '/etc/nginx/sites-available/newsreader',
+      }
   notify: restart nginx
 
-- name: Create configuration links
+- name: create configuration links
   become: true
-  ansible.builtin.file:
+  file:
     src: '{{ item.src }}'
     dest: '{{ item.dest }}'
     state: link
   loop:
-    - src: '/etc/nginx/sites-available/default'
-      dest: '/etc/nginx/sites-enabled/default'
-    - src: '/etc/nginx/sites-available/forgejo'
-      dest: '/etc/nginx/sites-enabled/forgejo'
-    - src: '/etc/nginx/sites-available/woodpecker'
-      dest: '/etc/nginx/sites-enabled/woodpecker'
-    - src: '/etc/nginx/sites-available/glitchtip'
-      dest: '/etc/nginx/sites-enabled/glitchtip'
-    - src: '/etc/nginx/sites-available/newsreader'
-      dest: '/etc/nginx/sites-enabled/newsreader'
+    - {
+        src: '/etc/nginx/sites-available/default',
+        dest: '/etc/nginx/sites-enabled/default',
+      }
+    - {
+        src: '/etc/nginx/sites-available/forgejo',
+        dest: '/etc/nginx/sites-enabled/forgejo',
+      }
+    - {
+        src: '/etc/nginx/sites-available/woodpecker',
+        dest: '/etc/nginx/sites-enabled/woodpecker',
+      }
+    - {
+        src: '/etc/nginx/sites-available/glitchtip',
+        dest: '/etc/nginx/sites-enabled/glitchtip',
+      }
+    - { src: '/etc/nginx/sites-available/vpn', dest: '/etc/nginx/sites-enabled/vpn' }
+    - {
+        src: '/etc/nginx/sites-available/newsreader',
+        dest: '/etc/nginx/sites-enabled/newsreader',
+      }
   notify: restart nginx
 
 
@@ -52,9 +62,9 @@
 #
 # This will also save its configuration.
 #
-- name: Copy letsencrypt configuration
+- name: copy letsencrypt configuration
   become: true
-  ansible.builtin.template:
+  template:
     src: 'templates/letsencrypt/cli.j2'
     dest: '/etc/letsencrypt/cli.ini'
     owner: root
@@ -62,9 +72,9 @@
     mode: '0644'
   notify: restart certbot
 
-- name: Enable certbot periodic certificate renewal
+- name: enable certbot periodic certificate renewal
   become: true
-  ansible.builtin.systemd:
+  systemd:
     name: certbot.timer
     state: started
     enabled: true
diff --git a/tasks/radicale.yml b/tasks/radicale.yml
index 238d55a..dd28f6c 100644
--- a/tasks/radicale.yml
+++ b/tasks/radicale.yml
@@ -1,110 +1,118 @@
-- name: Stop previous radicale service
+# TODO: use docker setup
+# TODO: update collection path, see https://radicale.org/3.0.html#tutorials/running-as-a-service
+
+- name: add radicale user
   become: true
-  ansible.builtin.systemd:
+  user:
     name: radicale
-    state: stopped
-    enabled: false
-  register: radicale_disable
-  failed_when: >
-    radicale_disable.stderr is defined and
-    "'Unit radicale.service not loaded' not in radicale_disable.stderr"
+    system: true
+    create_home: false
+    shell: '/sbin/nologin'
+    home: '/'
+    append: true
 
-- name: Remove previous radicale user
-  become: true
-  ansible.builtin.user:
-    name: radicale
-    state: absent
-
-- name: Remove radicale sudo entry
-  become: true
-  ansible.builtin.file:
-    path: /etc/sudoers.d/10-radicale
-    state: absent
-
-- name: Remove radicale virtualenv directory
-  become: true
-  ansible.builtin.file:
-    path: '/usr/local/lib/radicale'
-    state: absent
-
-- name: Remove Radicale files
-  become: true
-  ansible.builtin.file:
-    path: '{{ item }}'
-    state: absent
+- name: add radicale sudo entry
+  include_role:
+    name: common
+    tasks_from: 'sudoers.yml'
   loop:
-    - /etc/nginx/radicale
-    - /etc/ssl/localcerts/radicale
-    - /etc/radicale/
-    - /etc/systemd/system/radicale.service
+    - { src: 'templates/radicale/sudoers.j2', dest: '/etc/sudoers.d/10-radicale' }
 
-- name: Create Radicale directories
+- name: create radicale virtualenv directory
   become: true
-  ansible.builtin.file:
+  file:
+    path: '/usr/local/lib/radicale'
+    state: directory
+    owner: 'radicale'
+    group: 'radicale'
+
+- name: install radicale
+  become: true
+  become_user: 'radicale'
+  pip:
+    name: radicale
+    state: present
+    version: '{{ radicale_version }}'
+    virtualenv: '/usr/local/lib/radicale/env'
+  notify: restart radicale service
+
+- name: create radicale directories
+  become: true
+  file:
     path: '{{ item.path }}'
+    state: directory
     owner: '{{ item.owner }}'
     group: '{{ item.group }}'
-    mode: '0755'
-    state: directory
   loop:
-    - path: '{{ radicale_app_dir }}'
-      owner: root
-      group: root
-    - path: '{{ radicale_collection_dir }}'
-      owner: sonny
-      group: sonny
-    - path: '{{ radicale_app_dir }}/nginx.conf.d'
-      owner: sonny
-      group: sonny
+    - { path: '/etc/nginx/radicale', owner: 'root', group: 'root' }
+    - { path: '/etc/ssl/localcerts/radicale', owner: 'radicale', group: 'radicale' }
 
-- name: Copy Radicale docker file
+- name: copy radicale credentials
   become: true
-  ansible.builtin.template:
-    src: 'templates/radicale/dockerfile.j2'
-    dest: '{{ radicale_app_dir }}/Dockerfile'
-    owner: sonny
-    group: sonny
-    mode: '0755'
+  copy:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: '{{ item.owner }}'
+    group: '{{ item.group }}'
+    mode: '{{ item.mode }}'
+  loop:
+    - {
+        src: 'files/radicale/radicale_htpasswd',
+        dest: '/etc/nginx/radicale/htpasswd',
+        owner: 'root',
+        group: 'root',
+        mode: '0644',
+      }
+    - {
+        src: 'files/radicale/radicale_users',
+        dest: '/etc/radicale/users',
+        owner: 'radicale',
+        group: 'radicale',
+        mode: '0640',
+      }
+    - {
+        src: 'files/radicale/server_cert.pem',
+        dest: '{{ radicale_certificate_path }}',
+        owner: 'radicale',
+        group: 'radicale',
+        mode: '0644',
+      }
+    - {
+        src: 'files/radicale/server_key.pem',
+        dest: '{{ radicale_key_path }}',
+        owner: 'radicale',
+        group: 'radicale',
+        mode: '0600',
+      }
+    - {
+        src: 'files/radicale/client_cert.pem',
+        dest: '{{ radicale_certificate_authority_path }}',
+        owner: 'radicale',
+        group: 'radicale',
+        mode: '0644',
+      }
 
-- name: Copy docker compose
+- name: copy radicale configuration files
   become: true
-  ansible.builtin.template:
-    src: 'templates/radicale/docker-compose.j2'
-    dest: '{{ radicale_app_dir }}/docker-compose.yml'
-    owner: sonny
-    group: sonny
-    mode: '0755'
-
-- name: Copy Radicale configuration
-  become: true
-  ansible.builtin.template:
-    src: 'templates/radicale/conf.j2'
-    dest: '{{ radicale_app_dir }}/config'
-    owner: sonny
-    group: sonny
-    mode: '0755'
-
-- name: Copy Radicale user file
-  become: true
-  ansible.builtin.copy:
-    src: 'files/radicale/radicale_users'
-    dest: '{{ radicale_app_dir }}/radicale_users'
-    owner: sonny
-    group: sonny
-    mode: '0750'
-
-- name: Copy NGINX configuration
-  become: true
-  ansible.builtin.template:
-    src: 'templates/radicale/nginx.j2'
-    dest: '{{ radicale_app_dir }}/nginx.conf.d/default.conf'
-    owner: sonny
-    group: sonny
-    mode: '0755'
-
-- name: Start container
-  community.docker.docker_compose_v2:
-    project_src: '{{ radicale_app_dir }}'
-    remove_orphans: true
-    state: present
-    build: always
+  template:
+    src: '{{ item.src }}'
+    dest: '{{ item.dest }}'
+    owner: radicale
+    group: radicale
+    mode: '{{ item.mode }}'
+  loop:
+    - {
+        src: 'templates/radicale/conf.j2',
+        dest: '/etc/radicale/config',
+        mode: '0600',
+        owner: 'radicale',
+        group: 'radicale',
+      }
+    - {
+        src: 'templates/radicale/service.j2',
+        dest: '/etc/systemd/system/radicale.service',
+        mode: '0644',
+        owner: 'root',
+        group: 'root',
+      }
+  notify: restart radicale service
diff --git a/templates/network/hosts.j2 b/templates/network/hosts.j2
index 13dca81..85e64c0 100644
--- a/templates/network/hosts.j2
+++ b/templates/network/hosts.j2
@@ -7,4 +7,3 @@
 {{ vpn_media_listen_address }}    {{ vpn_media_domain }}
 {{ transmission_nginx_ip }}       {{ transmission_domain }}
 {{ syncthing_nginx_ip }}          {{ syncthing_domain }}
-{{ radicale_nginx_ip }}           {{ radicale_domain }}
diff --git a/templates/nftables.j2 b/templates/nftables.j2
index 2e214ca..0fb824d 100644
--- a/templates/nftables.j2
+++ b/templates/nftables.j2
@@ -54,13 +54,11 @@ table ip filter {
 
     tcp dport { {{ http_port }}, {{ https_port }} } ip saddr . ip daddr @vpn_set accept comment "HTTP/HTTPS"
 
-    tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission Web"
+    tcp dport { 80, 443 } ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission Web"
 
     tcp dport { 80, 443 } ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing Web"
     tcp dport {{ syncthing_protocol_port }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_app_ip }} accept comment "Syncthing protocol"
 
-    tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept comment "Radicale"
-
     tcp dport {{ mpd_port }} ip saddr . ip daddr @vpn_set accept comment "MPD"
     tcp dport {{ mpd_http_stream_port }} ip saddr . ip daddr @vpn_set accept comment "MPD HTTP stream"
     tcp dport {{ mpd_http_mobile_stream_port }} ip saddr . ip daddr @vpn_set accept comment "MPD HTTP mobile stream"
@@ -82,6 +80,5 @@ table ip filter {
   chain DOCKER-USER {
     iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept
     iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept
-    iifname {{ vpn_interface }} ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept
   }
 }
diff --git a/templates/nginx/vpn.j2 b/templates/nginx/vpn.j2
index fbfab68..6817908 100644
--- a/templates/nginx/vpn.j2
+++ b/templates/nginx/vpn.j2
@@ -11,7 +11,7 @@ server {
 	error_log /var/log/nginx/vpn_error.log;
 
 	location /radicale/ {
-		proxy_pass https://127.0.0.1:{{ radicale_app_port }}/;
+		proxy_pass https://127.0.0.1:{{ radicale_port }}/;
 
 		proxy_set_header     X-Script-Name /radicale;
 		proxy_set_header     X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -25,4 +25,8 @@ server {
 		proxy_ssl_certificate_key /etc/ssl/localcerts/radicale/client_key.pem;
 		proxy_ssl_trusted_certificate /etc/ssl/localcerts/radicale/server_cert.pem;
 	}
+
+	location /transmission/ {
+		proxy_pass http://127.0.0.1:{{ transmission_web_port }}/transmission/;
+	}
 }
diff --git a/templates/radicale/conf.j2 b/templates/radicale/conf.j2
index 92a55e5..578ae9d 100644
--- a/templates/radicale/conf.j2
+++ b/templates/radicale/conf.j2
@@ -1,14 +1,14 @@
 # {{ ansible_managed }}
 
 [server]
-ssl = False
-hosts = 0.0.0.0:{{ radicale_app_port }}
+ssl = True
+certificate = {{ radicale_certificate_path }}
+key = {{ radicale_key_path }}
+certificate_authority = {{ radicale_certificate_authority_path }}
+hosts = {{ radicale_listen_addres }}:{{ radicale_port }}
 
 [storage]
-filesystem_folder = /app/collections
+filesystem_folder = {{ radicale_storage_path }}
 
 [auth]
-type = htpasswd
-htpasswd_filename = /app/radicale_users
-htpasswd_encryption = sha512
-cache_logins = True
+type = http_x_remote_user
diff --git a/templates/radicale/docker-compose.j2 b/templates/radicale/docker-compose.j2
deleted file mode 100644
index 8ab33e4..0000000
--- a/templates/radicale/docker-compose.j2
+++ /dev/null
@@ -1,43 +0,0 @@
-# {{ ansible_managed }}
-
-networks:
-  radicale-net:
-    ipam:
-      config:
-        - subnet: '{{ radicale_subnet }}'
-
-services:
-  radicale:
-    build:
-      context: .
-      dockerfile: Dockerfile
-      args:
-        RADICALE_VERSION: {{ radicale_version }}
-        PYTHON_VERSION: {{ radicale_python_version }}
-    restart: always
-    networks:
-      radicale-net:
-        ipv4_address: {{ radicale_app_ip }}
-    healthcheck:
-      test: curl \
-        --fail \
-        --insecure \
-        --max-time 2 \
-        http://radicale:{{ radicale_app_port }}
-      start_period: 10s
-      interval: 1m
-      timeout: 10s
-      retries: 3
-    volumes:
-      - '{{ radicale_collection_dir }}:/app/collections'
-
-  nginx:
-    image: nginx:mainline-alpine
-    depends_on:
-      - radicale
-    restart: always
-    networks:
-      radicale-net:
-        ipv4_address: {{ radicale_nginx_ip }}
-    volumes:
-      - '{{ radicale_app_dir }}/nginx.conf.d:/etc/nginx/conf.d'
diff --git a/templates/radicale/dockerfile.j2 b/templates/radicale/dockerfile.j2
deleted file mode 100644
index 15ea293..0000000
--- a/templates/radicale/dockerfile.j2
+++ /dev/null
@@ -1,20 +0,0 @@
-# {{ ansible_managed }}
-
-ARG PYTHON_VERSION=3.13
-
-FROM python:$PYTHON_VERSION
-
-ARG RADICALE_VERSION
-
-RUN apt update && apt install apache2-utils
-RUN pip install Radicale==$RADICALE_VERSION
-
-WORKDIR /app
-
-COPY ./config ./radicale_users /app/
-
-VOLUME ["/root/.cache/pip", "/var/cache/apt/archives"]
-
-EXPOSE {{ radicale_app_port }}
-
-CMD ["/usr/local/bin/radicale", "--config=/app/config"]
diff --git a/templates/radicale/nginx.j2 b/templates/radicale/nginx.j2
deleted file mode 100644
index 78eda68..0000000
--- a/templates/radicale/nginx.j2
+++ /dev/null
@@ -1,21 +0,0 @@
-# {{ ansible_managed }}
-
-upstream radicale-upstream {
-    server radicale:{{ radicale_app_port }};
-}
-
-server {
-  listen 80;
-  server_name {{ radicale_domain }};
-
-  location / {
-    proxy_pass        http://radicale-upstream;
-    proxy_set_header  X-Script-Name /radicale;
-    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header  X-Forwarded-Host $host;
-    proxy_set_header  X-Forwarded-Port $server_port;
-    proxy_set_header  X-Forwarded-Proto $scheme;
-    proxy_set_header  Host $http_host;
-    proxy_pass_header Authorization;
-  }
-}
diff --git a/templates/radicale/service.j2 b/templates/radicale/service.j2
new file mode 100644
index 0000000..e3811f5
--- /dev/null
+++ b/templates/radicale/service.j2
@@ -0,0 +1,24 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=A simple CalDAV (calendar) and CardDAV (contact) server
+After=network.target
+Requires=network.target
+
+[Service]
+ExecStart=/usr/local/lib/radicale/env/bin/radicale
+User=radicale
+Restart=on-failure
+UMask=0027
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+NoNewPrivileges=true
+ReadWritePaths=/etc/radicale/collections
+
+[Install]
+WantedBy=multi-user.target
diff --git a/templates/radicale/sudoers.j2 b/templates/radicale/sudoers.j2
new file mode 100644
index 0000000..33a995c
--- /dev/null
+++ b/templates/radicale/sudoers.j2
@@ -0,0 +1 @@
+sonny    ALL=(radicale) NOPASSWD: ALL
diff --git a/templates/systemd/transmission.j2 b/templates/systemd/transmission.j2
new file mode 100644
index 0000000..bc3a5ce
--- /dev/null
+++ b/templates/systemd/transmission.j2
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+[Service]
+User=sonny
diff --git a/vars/network.yml b/vars/network.yml
index 83e09bf..8d3eb1f 100644
--- a/vars/network.yml
+++ b/vars/network.yml
@@ -55,12 +55,8 @@ syncthing_protocol_port: 22000
 syncthing_nginx_ip: '172.32.238.10'
 syncthing_app_ip: '172.32.238.11'
 
-radicale_domain: 'radicale.{{ domain_name }}'
-radicale_prefix: 24
-radicale_subnet: '172.64.238.0/{{ radicale_prefix }}'
-radicale_nginx_ip: '172.64.238.10'
-radicale_app_port: 5232
-radicale_app_ip: '172.64.238.11'
+radicale_listen_addres: '127.0.0.1'
+radicale_port: 5232
 
 transmission_domain: 'transmission.{{ domain_name }}'
 transmission_prefix: 24
diff --git a/vars/radicale.yml b/vars/radicale.yml
index ae0b24d..d488dd6 100644
--- a/vars/radicale.yml
+++ b/vars/radicale.yml
@@ -1,5 +1,5 @@
-radicale_app_dir: '/srv/docker/radicale'
-radicale_collection_dir: '{{ radicale_app_dir }}/collections'
-
-radicale_version: 3.5.1
-radicale_python_version: 3.13
+radicale_certificate_path: '/etc/ssl/localcerts/radicale/server_cert.pem'
+radicale_key_path: '/etc/ssl/localcerts/radicale/server_key.pem'
+radicale_certificate_authority_path: '/etc/ssl/localcerts/radicale/client_cert.pem'
+radicale_storage_path: '/etc/radicale/collections'
+radicale_version: 3.3.1
diff --git a/vars/vpn.yml b/vars/vpn.yml
index 78ab740..e6c3f08 100644
--- a/vars/vpn.yml
+++ b/vars/vpn.yml
@@ -23,8 +23,6 @@ vpn_peers:
     allowed_ips:
       - '{{ vpn_subnet }}'
       - '{{ transmission_subnet }}'
-      - '{{ syncthing_subnet }}'
-      - '{{ radicale_subnet }}'
     public_key: '4aBHRiglCOE7qEDLqeFgQ5PMMsKczpPoL4bx4jyAEDY='
     preshared_key_path: '{{ vpn_config_dir }}/keys/private/preshared-mobile.psk'
     preshared_key_source_path: 'files/wireguard/default/preshared-mobile.psk'