Personal CalDAV Server on a Single-Board Computer

by arduinocelentano in Circuits > Linux

2031 Views, 2 Favorites, 0 Comments

Personal CalDAV Server on a Single-Board Computer

000_nanopi_intro.jpg

«That's just perfectly normal paranoia. Everyone in the Universe has that.»
Douglas Adams, The Hitchhiker's Guide to the Galaxy

It becomes challenging to take control of your personal data in a big data world. This instructable is for people who want to synchronize automatically their calendars, tasks and contacts between several desktop and mobile devices but do not trust cloud services and their manner of personal data handling. It may either be a requirement of your corporative rules or your personal paranoia. You may have your own reasons to keep your sensitive data safe. Probably you just need a multiplatform opensource time management system with clients for GNU/Linux, FreeBSD, MacOS, MS Windows, Android etc. Fortunately, there exists a common solution. I mean the CalDAV protocol which is an Internet standard, so you may reckon to its long time support. The software is not bulky at all, and if you have an aged spare single-board computer it’s time to breathe new life into it.

Supplies

You’ll need a single-board computer. Virtually any one would work. I used an outdated first version of NanoPi Neo with 256M RAM. I really like its tiny form factor (about 4x4cm), it is relatively energy-efficient, and I consider modern single-board computers somewhat excessive for this task. However, you could grab a modern Raspberry Pi 4 or whatever you like. An old laptop would work as well.
Second, you’ll need a MicroSD card if your computer boots from it. It’s capacity and speed don’t matter. I tested everything with an old 4Gb Class4 card and it worked pretty smoothly.

Installing Armbian

010_armbian_download.png
010_dietpi_download.png
020_dietpi_flashing.png

I’m going to use a minimalistic Debian-based Armbian GNU/Linux distribution. You could download it from https://www.armbian.com/. You should choose an image for your single-board computer and burn it to the memory card. It could be done with balenaEtcher tool or whatever you prefer.
Another minimalistic distribution you may like is DietPi.

First Boot

030_armbian_startup.png

Install your memory card, insert Ethernet cable (if you don’t use WiFi) and power on your board. Default network option for Raspbian is to use DHCP. You should take it into account if your network uses different settings. Now you should check the log of your router to find out the IP address of the Armbian board. Now you should be able to login with SSH. If you use some unix-like system, you probably already have an SSH client. Just type

ssh root@0.0.0.0

in your shell. You should replace 0.0.0.0 with an actual board’s address. If you use MS Windows, you could install some SSH client, for example Putty and establish SSH connection. The default root (i.e. superuser) password at first login is “1234”. You will be asked to replace it with a more secure one. You’ll also be able to add some regular users and configure locale settings, if you like.

Static MAC Address

I’ve noticed that my NanoPi Neo starts with random MAC address by default. If your router is configured to filter MAC addresses, you’ll probably need to disable random MAC feature. You already have vim and nano text editors installed, so just type in SSH Armbian terminal:

nano /etc/network/interfaces 

You’ll need to add the following option: “hwaddress ether 00:11:22:33:44:55”. You should replace “00:11:22:33:44:55” with a MAC address you like. So your file will look like this:

source /etc/network/interfaces.d/*
# Network is managed by Network manager
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet dhcp
hwaddress ether 00:11:22:33:44:55

You may reboot and check the MAC address.

Installing Radicale Server

035_certificate.png
040_radicale_web_login.png
050_create_calendar.png
060_calendar.png

Radicale is a CalDAV server implementation. First, install following packages:

apt install radicale apache2-utils python3-bcrypt python3-passlib

Now create a new htpasswd file:

htpasswd -c -B /etc/radicale/users user

You may replace “user” with username you like. You’ll be asked to type new user’s password. To enable password encryption, edit the following configuration file:

nano /etc/radicale/config

The [auth] section should contain something like this:

[auth]
type = htpasswd
htpasswd_filename = /etc/radicale/users
htpasswd_encryption = bcrypt

To make Radicale server available from other devices in your local network, you should also edit the [server] section:

[server]
hosts = 0.0.0.0:5232, [::]:5232

The number 5232 is default port number. It could be changed, if you like.

Your data is stored in /var/lib/radicale/collections by default. You may change it in the [storage] section:

[storage]
filesystem_folder = /path/to/storage

(Optionally)

In order to use encrypted connection, you should install ssl-cert package:

apt install ssl-cert

The default /etc/ssl/private/ssl-cert-snakeoil.key will be generated automatically after installation. To give Radicale permission to use it, you should add radicale user to ssl-cert group:

usermod -a -G ssl-cert radicale

Finally, ssl should be enabled in the configuration file:

[server]
ssl = True

If you have created some certificates manually, you could enable them in the very same section.

(/Optionally)

Now you should be able to start the server:

service radicale start

or

systemctl start radicale

If everything is ok, the server should be accesible from your browser by the url:

http://0.0.0.0:5232

or, if SSL has been enabled:

https://0.0.0.0:5232

Replace 0.0.0.0 with an actual IP address of your board and specify the correct port if you’ve changed the default value.

If SSL is active, your browser will likely ask if you trust the unknown certificate, so you should accept it. Now you should be able to login with your username and password and create a new calendar. Copy its URL for further clients configuration.

Now it’s time to add Radicale daemon to start-up:

update-rc.d radicale enable

or

systemctl enable radicale

Now reboot and check that your server starts automatically:

reboot

Desktop Client Configuration

070_thunderbird_add_calendar.png
080_thunderbird_add_calendar2.png
080_thunderbird_add_calendar3.png
090_thunderbird_password.png
100_thunderbird_certificate.png
110_thunderbird_task.png

I’m going to use Mozilla Thunderbird as a desktop client. It is free, cross-platform and supports everything you need. Add new calendar and paste the URL you’ve copied earlier. Type username and password. If you’ve configured SSL, add the certificate to trusted list. Now you should be able to create tasks and calendar events.

Mobile Client Configuration

130_caldav_add.png
140_caldav_account.png
150_caldav_cal.png

If you use Android, there exist several CalDAV solutions. Since we are doing it free and opensource way, DAVx⁵ is the choice. To get rid of Google bloatware, I’m going to use OpenTasks as a tasks app and Simple Calendar as a calendar app. All of them are freely available in the F-Droid repository. There are plenty of free contacts apps with CalDAV support as well. Simple Contacts is one of them. You may opt to using your default apps though. For example, Google Calendar would work with DAVx⁵ too.
Open DAVx⁵ app and type your URL, login and password again. Of course, you should approve your SSL certificate. You could configure automatic synchronization in DAVx⁵ settings. Now you should be able to see the task you’ve just created in Mozilla Thunderbird with OpenTasks app or whatever task management app you installed. You should enable CalDAV in your calendar and contacts apps.

Conclusions

Finally we regained control over our calendars, tasks and contacts and still have them automatically synchronized between several gadgets. In the same way you could create additional accounts for your family. The single-board computer is a low-cost and energy-efficient solution for personal usage. Now it’s available just within local network, but calendars, tasks and contacts are not so volatile to be synced immediately. Alternatively, everything described could be done with a Virtual Private Server (VPS). Your data, your choice.

References