diff --git a/flake.nix b/flake.nix
index 13e15f5..186fd93 100644
--- a/flake.nix
+++ b/flake.nix
@@ -140,6 +140,7 @@
         uptime-kuma = ./modules/uptime-kuma.nix;
         restic-server = ./modules/restic-server;
         nextcloud = ./modules/nextcloud.nix;
+        radicale = ./modules/radicale.nix;
       };
 
       dns = (nixos-dns.utils.generate nixpkgs.legacyPackages.x86_64-linux).octodnsConfig {
diff --git a/modules/radicale/.htpasswd b/modules/radicale/.htpasswd
new file mode 100644
index 0000000..9222df2
--- /dev/null
+++ b/modules/radicale/.htpasswd
@@ -0,0 +1 @@
+peter:$2y$05$VTYDhx/eNscApKaHCAEuG.AiFb2/K77Lpwwe7szdDYcnd5d9SyXPe
diff --git a/modules/radicale/default.nix b/modules/radicale/default.nix
new file mode 100644
index 0000000..ba1cd9d
--- /dev/null
+++ b/modules/radicale/default.nix
@@ -0,0 +1,48 @@
+{ config
+, ...
+}:
+let
+  domain = "radicale.xnee.net";
+  tls-dir = config.security.acme.certs.${domain}.directory;
+in
+{
+  networking.domains.subDomains.${domain} = { };
+  security.acme.certs.${domain} = { };
+  services.nginx.virtualHosts."${domain}" = {
+    useACMEHost = domain;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "https://${builtins.elemAt config.services.radicale.settings.server.hosts 0}";
+    };
+  };
+
+  systemd.services.radicale = {
+    serviceConfig = {
+      SupplementaryGroups = [ config.security.acme.certs.${domain}.group ];
+      BindReadOnlyPaths = [ tls-dir ];
+    };
+  };
+
+  services.radicale = {
+    enable = true;
+    settings = {
+      server = {
+        hosts = [ "[::1]:5232" ];
+        ssl = true;
+        certificate = "${tls-dir}/fullchain.pem";
+        key = "${tls-dir}/key.pem";
+      };
+      auth = {
+        type = "htpasswd";
+        htpasswd_filename = "${./.htpasswd}";
+        htpasswd_encryption = "bcrypt";
+      };
+      rights.type = "owner_only";
+      storage = {
+        type = "multifilesystem";
+        filesystem_folder = "/var/lib/radicale/collections";
+      };
+    };
+  };
+  backup.paths = [ config.services.radicale.settings.storage.filesystem_folder ];
+}
diff --git a/nodes/ymir/default.nix b/nodes/ymir/default.nix
index ef2f6c6..7b81675 100644
--- a/nodes/ymir/default.nix
+++ b/nodes/ymir/default.nix
@@ -10,5 +10,6 @@
     inputs.self.nixosModules.kanidm
     inputs.self.nixosModules.keycloak
     inputs.self.nixosModules.paperless
+    inputs.self.nixosModules.radicale
   ];
 }