How to Enable Radicale On Linux
December 28, 2020
December 27, 2020
This tutorial assumes you're using Debian 10 or LMDE 4, that you're using Cinnamon, have Synaptic installed, and that you are running gnome-terminal as sudo interactively, in which the use of the term "sudo" is not required nor a password prompted. The installation of radicale itself will NOT require elevation. This tutorial also assumes you followed the Wireguard tutorial and that you are sharing this over its network, and not the larger internet.
A significant part of the search results on Radicale tutorials left people with more questions than answers, and I found myself quite upset when I tried to follow through with the instructions. So I decided to try out the test environment. I looked at the config file in the locally stored python folder and realized that I could configure and secure this test setup, making it into a full time setup. I will tell you how.
First, you will need to install python3-pip from Synaptic. Open Synaptic, provide a privileged password if asked, and then click the search button on the top right part of the screen. Enter the query 'python3-pip' and press the "Search" button. You should see two results. Click the white square next to 'python3-pip' and select the option "Mark for Installation". Agree to any dependencies, and click the "Mark" button. On the upper left hand corner, click Apply, and then "Apply".
Once you've done this, you should create a new user account dedicated to Radicale. It will be an interactive account you create through the "users and groups" program on your mint menu. It should be a standard user. You will not need elevation to run the program itself. Once you have, open a terminal on the restricted account. You should be able to type the following into the command line without blowback or errors, one at a time. Specify the user field to ensure it only runs in that user's space:
python3 -m pip install --upgrade radicale
python3 -m radicale --storage-filesystem-folder=home/radicale/.var/lib/radicale/collections
The first line downloads the python3 version of radicale and installs it locally in your home folder under ~/.local/bin/radicale, with the dependencies located at ~/local/lib/python3.7/site-packages/radicale. By default, the config files sought will be in either /etc/radicale/config or ~/.config/radicale/config. You can change the path by editing ~/.local/lib/python3.7/site-packages/radicale/config.py starting at Line 38. As configured, any username or password may work. However, we should probably change that. Here is a sample configuration file that should do the trick. More parameters are possible than are shown.
We will now create a password for the radicale server. Open a terminal, and enter the following:
htpasswd -c -B /home/testuser/.config/radicale/.htpasswd testuser
The -c flag creates an account if it doesn't already exist. It will overwrite one if it has been. The -B flag specifies that bcrypt should be used as the encryption method. The path is where the file will be saved. It MUST match the path specified in ~/.config/radicale/config. Once you've saved the password, you will need to allow the port you specified (in this example, 3937) through the firewall. Type sudo ufw allow 3937/tcp and sudo ufw allow 3937/udp from a privileged command prompt (preferably through SSH on another PC) and press enter after each.
Now log into this new account, and open "Startup Applications" from your mint menu. Add the following custom command to ensure your server starts when your account does:
Now if you want the server to start automatically, you'll need to auto-login 'radicale'. Open LightDM, type the privileged password for the enumerated account, and then go to the "Users" tab and enter the username and delay interval in the two text fields at the bottom. Then restart your PC. When autologin is successful, go to 172.16.79.4:3937 from ANOTHER PC on the same network. You should see the Radicale Login page. Enter the credentials you specified in htpasswd, and you should see the creation window, below right.
You can also log in through DavDroid on your Android device, provided it's a peer on the same network:
And there you have it. A note to users who use Thunderbird - it does work, just be sure to retain the password. Because non-tampered Android devices cannot use an edited hosts file, you will have to type the IP of the server you wish to connect to.
© 2020 Mass Transit Honchkrow, Radicale.org