Skip to content

lennart-k/rustical

Repository files navigation

RustiCal

a CalDAV/CardDAV server

Caution

RustiCal is not production-ready! There can be changes to the database without migrations and there's no guarantee that all endpoints are secured yet. If you still want to play around with it in its current state, absolutely feel free to do so but know that not even I use it productively yet.

Features

  • easy to backup, everything saved in one SQLite database
  • WebDAV Push support, so near-instant synchronisation to DAVx5
  • lightweight (the container image contains only one binary)
  • adequately fast
  • deleted calendars are recoverable

Installation

Manual

cargo install --locked --git https://github.com/lennart-k/rustical

Docker

docker run \
  -p 4000:4000 \
  -v YOUR_DATA_DIR:/var/lib/rustical/ \
  -v YOUR_CONFIG_TOML:/etc/rustical/config.toml \
  ghcr.io/lennart-k/rustical

Configuration

You can generate a default config.toml with

rustical gen-config

[!WARNING] > rustical gen-config generates a random frontend.secret_key. This secret is used to generate session cookies so if it is leaked an attacker could use it to authenticate to against any endpoint (also when the frontend is disabled).

You'll have to set your database path to something like /var/lib/rustical/db.sqlite3. There you also set your username, password, and app tokens. Password hashes can be generated with

rustical pwhash

Docker

You can also run the upper commands in Docker with

docker run --rm ghcr.io/lennart-k/rustical rustical gen-config
docker run -it --rm ghcr.io/lennart-k/rustical rustical pwhash

Password vs app tokens

The password is meant as a password you use to log in to the frontend. Since it's sensitive information, the secure but slow hash algorithm argon2 is chosen.

I recommend to generate random app tokens for each CalDAV/CardDAV client. These can use the faster pbkdf2 algorithm.

WebDAV Push

RustiCal supports WebDAV Push which can notify compatible clients like DAVx5 about changed calendar/addressbook objects. Since push messages are currently not encrypted you might potentially want to ensure that users only subscribe through your push server (e.g. ntfy.sh), you can configure it the following:

[dav_push]
# Must strictly be the URL origin (so no trailing slashes)
allowed_push_servers = ["https://your-instance-ntfy.sh"]

Debugging

RustiCal supports exporting opentelemetry traces to inspect with tools like Jaeger. To enable you need to compile with the opentelemtry (or debug) feature and enable opentelemetry in the config with

[tracing]
opentelemetry = true

Relevant RFCs

  • Versioning Extensions to WebDAV: RFC 3253
    • provides the REPORT method
  • Calendaring Extensions to WebDAV (CalDAV): RFC 4791
  • Scheduling Extensions to CalDAV: RFC 6638
    • not sure yet whether to implement this
  • Collection Synchronization WebDAV RFC 6578
    • We need to implement sync-token, etc.
    • This is important for more efficient synchronisation
  • iCalendar RFC 2445