Personal CalDAV Server on a Single-Board Computer
by arduinocelentano in Circuits > Linux
1859 Views, 2 Favorites, 0 Comments
Personal CalDAV Server on a Single-Board Computer
«That's just perfectly normal paranoia. Everyone in the Universe has that.»
Douglas Adams, The Hitchhiker's Guide to the Galaxy
It becomes challenging to take control of your personal data in a big data world. This instructable is for people who want to synchronize automatically their calendars, tasks and contacts between several desktop and mobile devices but do not trust cloud services and their manner of personal data handling. It may either be a requirement of your corporative rules or your personal paranoia. You may have your own reasons to keep your sensitive data safe. Probably you just need a multiplatform opensource time management system with clients for GNU/Linux, FreeBSD, MacOS, MS Windows, Android etc. Fortunately, there exists a common solution. I mean the CalDAV protocol which is an Internet standard, so you may reckon to its long time support. The software is not bulky at all, and if you have an aged spare single-board computer it’s time to breathe new life into it.
Supplies
You’ll need a single-board computer. Virtually any one would work. I used an outdated first version of NanoPi Neo with 256M RAM. I really like its tiny form factor (about 4x4cm), it is relatively energy-efficient, and I consider modern single-board computers somewhat excessive for this task. However, you could grab a modern Raspberry Pi 4 or whatever you like. An old laptop would work as well.
Second, you’ll need a MicroSD card if your computer boots from it. It’s capacity and speed don’t matter. I tested everything with an old 4Gb Class4 card and it worked pretty smoothly.
Installing Armbian
I’m going to use a minimalistic Debian-based Armbian GNU/Linux distribution. You could download it from https://www.armbian.com/. You should choose an image for your single-board computer and burn it to the memory card. It could be done with balenaEtcher tool or whatever you prefer.
Another minimalistic distribution you may like is DietPi.
First Boot
Install your memory card, insert Ethernet cable (if you don’t use WiFi) and power on your board. Default network option for Raspbian is to use DHCP. You should take it into account if your network uses different settings. Now you should check the log of your router to find out the IP address of the Armbian board. Now you should be able to login with SSH. If you use some unix-like system, you probably already have an SSH client. Just type
ssh root@0.0.0.0
in your shell. You should replace 0.0.0.0 with an actual board’s address. If you use MS Windows, you could install some SSH client, for example Putty and establish SSH connection. The default root (i.e. superuser) password at first login is “1234”. You will be asked to replace it with a more secure one. You’ll also be able to add some regular users and configure locale settings, if you like.
Static MAC Address
I’ve noticed that my NanoPi Neo starts with random MAC address by default. If your router is configured to filter MAC addresses, you’ll probably need to disable random MAC feature. You already have vim and nano text editors installed, so just type in SSH Armbian terminal:
nano /etc/network/interfaces
You’ll need to add the following option: “hwaddress ether 00:11:22:33:44:55”. You should replace “00:11:22:33:44:55” with a MAC address you like. So your file will look like this:
source /etc/network/interfaces.d/* # Network is managed by Network manager auto lo iface lo inet loopback allow-hotplug eth0 iface eth0 inet dhcp hwaddress ether 00:11:22:33:44:55
You may reboot and check the MAC address.
Installing Radicale Server
Radicale is a CalDAV server implementation. First, install following packages:
apt install radicale apache2-utils python3-bcrypt python3-passlib
Now create a new htpasswd file:
htpasswd -c -B /etc/radicale/users user
You may replace “user” with username you like. You’ll be asked to type new user’s password. To enable password encryption, edit the following configuration file:
nano /etc/radicale/config
The [auth] section should contain something like this:
[auth] type = htpasswd
htpasswd_filename = /etc/radicale/users
htpasswd_encryption = bcrypt
To make Radicale server available from other devices in your local network, you should also edit the [server] section:
[server] hosts = 0.0.0.0:5232, [::]:5232
The number 5232 is default port number. It could be changed, if you like.
Your data is stored in /var/lib/radicale/collections by default. You may change it in the [storage] section:
[storage]
filesystem_folder = /path/to/storage
(Optionally)
In order to use encrypted connection, you should install ssl-cert package:
apt install ssl-cert
The default /etc/ssl/private/ssl-cert-snakeoil.key will be generated automatically after installation. To give Radicale permission to use it, you should add radicale user to ssl-cert group:
usermod -a -G ssl-cert radicale
Finally, ssl should be enabled in the configuration file:
[server] ssl = True
If you have created some certificates manually, you could enable them in the very same section.
(/Optionally)
Now you should be able to start the server:
service radicale start
or
systemctl start radicale
If everything is ok, the server should be accesible from your browser by the url:
http://0.0.0.0:5232
or, if SSL has been enabled:
https://0.0.0.0:5232
Replace 0.0.0.0 with an actual IP address of your board and specify the correct port if you’ve changed the default value.
If SSL is active, your browser will likely ask if you trust the unknown certificate, so you should accept it. Now you should be able to login with your username and password and create a new calendar. Copy its URL for further clients configuration.
Now it’s time to add Radicale daemon to start-up:
update-rc.d radicale enable
or
systemctl enable radicale
Now reboot and check that your server starts automatically:
reboot
Desktop Client Configuration
I’m going to use Mozilla Thunderbird as a desktop client. It is free, cross-platform and supports everything you need. Add new calendar and paste the URL you’ve copied earlier. Type username and password. If you’ve configured SSL, add the certificate to trusted list. Now you should be able to create tasks and calendar events.
Mobile Client Configuration
If you use Android, there exist several CalDAV solutions. Since we are doing it free and opensource way, DAVx⁵ is the choice. To get rid of Google bloatware, I’m going to use OpenTasks as a tasks app and Simple Calendar as a calendar app. All of them are freely available in the F-Droid repository. There are plenty of free contacts apps with CalDAV support as well. Simple Contacts is one of them. You may opt to using your default apps though. For example, Google Calendar would work with DAVx⁵ too.
Open DAVx⁵ app and type your URL, login and password again. Of course, you should approve your SSL certificate. You could configure automatic synchronization in DAVx⁵ settings. Now you should be able to see the task you’ve just created in Mozilla Thunderbird with OpenTasks app or whatever task management app you installed. You should enable CalDAV in your calendar and contacts apps.
Conclusions
Finally we regained control over our calendars, tasks and contacts and still have them automatically synchronized between several gadgets. In the same way you could create additional accounts for your family. The single-board computer is a low-cost and energy-efficient solution for personal usage. Now it’s available just within local network, but calendars, tasks and contacts are not so volatile to be synced immediately. Alternatively, everything described could be done with a Virtual Private Server (VPS). Your data, your choice.