Files

Apple 129e4ea1fc feat(platform): add new services, tools, tests and crews modules

New router intelligence modules (26 files): alert_ingest/store, audit_store,
architecture_pressure, backlog_generator/store, cost_analyzer, data_governance,
dependency_scanner, drift_analyzer, incident_* (5 files), llm_enrichment,
platform_priority_digest, provider_budget, release_check_runner, risk_* (6 files),
signature_state_store, sofiia_auto_router, tool_governance

New services:
- sofiia-console: Dockerfile, adapters/, monitor/nodes/ops/voice modules, launchd, react static
- memory-service: integration_endpoints, integrations, voice_endpoints, static UI
- aurora-service: full app suite (analysis, job_store, orchestrator, reporting, schemas, subagents)
- sofiia-supervisor: new supervisor service
- aistalk-bridge-lite: Telegram bridge lite
- calendar-service: CalDAV calendar service with reminders
- mlx-stt-service / mlx-tts-service: Apple Silicon speech services
- binance-bot-monitor: market monitor service
- node-worker: STT/TTS memory providers

New tools (9): agent_email, browser_tool, contract_tool, observability_tool,
oncall_tool, pr_reviewer_tool, repo_tool, safe_code_executor, secure_vault

New crews: agromatrix_crew (10 modules: depth_classifier, doc_facts, doc_focus,
farm_state, light_reply, llm_factory, memory_manager, proactivity, reflection_engine,
session_context, style_adapter, telemetry)

Tests: 85+ test files for all new modules
Made-with: Cursor

2026-03-03 07:14:14 -08:00

5.0 KiB

Raw Blame History

Calendar Sovereignty - Self-Hosted Calendar Infrastructure

Philosophy

DAARION follows the principle of digital sovereignty - owning and controlling our communication infrastructure. Calendar is no exception.

Current Stack

Radicale + Caddy (Self-Hosted)

┌─────────────────────────────────────────────────────────┐
│                    DAARION Network                      │
│                                                         │
│   ┌─────────────┐      ┌─────────────┐                 │
│   │   Caddy     │──────│   Radicale  │                 │
│   │ (TLS/Proxy) │      │   (CalDAV)  │                 │
│   └─────────────┘      └─────────────┘                 │
│        │                     │                         │
│        │               ┌──────┴──────┐                  │
│        │               │             │                  │
│   ┌────▼────┐    ┌────▼────┐  ┌────▼────┐             │
│   │ iOS     │    │ Android │  │  Sofiia │             │
│   │ Calendar│    │ Calendar│  │  Agent  │             │
│   └─────────┘    └─────────┘  └─────────┘             │
│                                                         │
└─────────────────────────────────────────────────────────┘

Why Self-Hosted?

Data Ownership - Your calendar data stays on your servers
No Vendor Lock-in - Not dependent on Google/Apple/Microsoft
Privacy - No third parties reading your schedule
Cost - Free open-source software
Control - Full control over access, backups, retention

Radicale Configuration

Features

CalDAV protocol support (RFC 4791)
CardDAV for contacts (optional)
HTTP Basic Auth
Server-side encryption (optional)
Web interface for users

Endpoints

Base URL: https://caldav.daarion.space
Web Interface: http://localhost:5232 (local only)

User Management

Users are created automatically on first login. No admin panel needed.

# Access Radicale container
docker exec -it daarion-radicale /bin/sh

# View logs
docker logs daarion-radicale

Client Configuration

iOS

Settings → Calendar → Accounts → Add Account
Select "CalDAV"
Server: caldav.daarion.space
Username/Password: Your credentials

Android (DAVDroid)

Install DAVdroid from F-Droid
Add Account → CalDAV
Server URL: https://caldav.daarion.space

macOS

Calendar → Preferences → Accounts
Add Account → CalDAV
Server: https://caldav.daarion.space

Thunderbird

Calendar → New Calendar
On the Network → CalDAV
Location: https://caldav.daarion.space/username/

Security

Network Isolation

Radicale listens only on internal Docker network
Caddy handles all external traffic
TLS 1.3 enforced by Caddy

Authentication

HTTP Basic Auth (username/password)
Each user has isolated calendar space (/username/)
Credentials stored in Radicale config

Firewall Rules

Only allow:

Port 443 (HTTPS) - public
Port 5232 - internal only (localhost)

Backup & Recovery

Backup Script

#!/bin/bash
# backup-calendar.sh
docker cp daarion-radicale:/data /backup/calendar-data
tar -czf calendar-backup-$(date +%Y%m%d).tar.gz /backup/calendar-data

Restore

docker cp /backup/calendar-data/. daarion-radicale:/data/
docker restart daarion-radicale

Monitoring

Health Checks

Radicale: docker inspect --format='{{.State.Health.Status}}' daarion-radicale
Caddy: curl -f http://localhost:8080/health || exit 1

Metrics

Calendar Service: GET /metrics
Account count, pending reminders

Troubleshooting

Common Issues

"Cannot connect to CalDAV server"

Check Caddy is running: docker ps | grep caddy
Check DNS: nslookup caldav.daarion.space
Check TLS: curl -vI https://caldav.daarion.space

"Authentication failed"

Check credentials in Radicale container
Verify user exists: ls /data/
Check Caddy logs: docker logs daarion-caldav-proxy

"Calendar not syncing"

Force refresh on client
Check network connectivity
Verify SSL certificate: openssl s_client -connect caldav.daarion.space:443

Future Enhancements

Radicale Cluster - Multiple Radicale instances with load balancing
Two-Factor Auth - Add TOTP to CalDAV authentication
Encryption at Rest - Encrypt calendar data on disk
Audit Logging - Track all calendar access
Multiple Providers - Add Google Calendar, iCloud as backup

5.0 KiB Raw Blame History