daarion-admin/microdao-daarion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
465669fc1dfd4fdfd954ab910dca65ca46058dd6
microdao-daarion/services/calendar-service/docs/calendar-sovereign.md
Apple 129e4ea1fc feat(platform): add new services, tools, tests and crews modules 
New router intelligence modules (26 files): alert_ingest/store, audit_store,
architecture_pressure, backlog_generator/store, cost_analyzer, data_governance,
dependency_scanner, drift_analyzer, incident_* (5 files), llm_enrichment,
platform_priority_digest, provider_budget, release_check_runner, risk_* (6 files),
signature_state_store, sofiia_auto_router, tool_governance

New services:
- sofiia-console: Dockerfile, adapters/, monitor/nodes/ops/voice modules, launchd, react static
- memory-service: integration_endpoints, integrations, voice_endpoints, static UI
- aurora-service: full app suite (analysis, job_store, orchestrator, reporting, schemas, subagents)
- sofiia-supervisor: new supervisor service
- aistalk-bridge-lite: Telegram bridge lite
- calendar-service: CalDAV calendar service with reminders
- mlx-stt-service / mlx-tts-service: Apple Silicon speech services
- binance-bot-monitor: market monitor service
- node-worker: STT/TTS memory providers

New tools (9): agent_email, browser_tool, contract_tool, observability_tool,
oncall_tool, pr_reviewer_tool, repo_tool, safe_code_executor, secure_vault

New crews: agromatrix_crew (10 modules: depth_classifier, doc_facts, doc_focus,
farm_state, light_reply, llm_factory, memory_manager, proactivity, reflection_engine,
session_context, style_adapter, telemetry)

Tests: 85+ test files for all new modules
Made-with: Cursor
2026-03-03 07:14:14 -08:00

155 lines
5.0 KiB
Markdown
Raw Blame History

# Calendar Sovereignty - Self-Hosted Calendar Infrastructure
## Philosophy
DAARION follows the principle of **digital sovereignty** - owning and controlling our communication infrastructure. Calendar is no exception.
## Current Stack
### Radicale + Caddy (Self-Hosted)
```
┌─────────────────────────────────────────────────────────┐
│ DAARION Network │
│ │
│ ┌─────────────┐ ┌─────────────┐ │
│ │ Caddy │──────│ Radicale │ │
│ │ (TLS/Proxy) │ │ (CalDAV) │ │
│ └─────────────┘ └─────────────┘ │
│ │ │ │
│ │ ┌──────┴──────┐ │
│ │ │ │ │
│ ┌────▼────┐ ┌────▼────┐ ┌────▼────┐ │
│ │ iOS │ │ Android │ │ Sofiia │ │
│ │ Calendar│ │ Calendar│ │ Agent │ │
│ └─────────┘ └─────────┘ └─────────┘ │
│ │
└─────────────────────────────────────────────────────────┘
```
### Why Self-Hosted?
1. **Data Ownership** - Your calendar data stays on your servers
2. **No Vendor Lock-in** - Not dependent on Google/Apple/Microsoft
3. **Privacy** - No third parties reading your schedule
4. **Cost** - Free open-source software
5. **Control** - Full control over access, backups, retention
## Radicale Configuration
### Features
- CalDAV protocol support (RFC 4791)
- CardDAV for contacts (optional)
- HTTP Basic Auth
- Server-side encryption (optional)
- Web interface for users
### Endpoints
- Base URL: `https://caldav.daarion.space`
- Web Interface: `http://localhost:5232` (local only)
### User Management
Users are created automatically on first login. No admin panel needed.
```bash
# Access Radicale container
docker exec -it daarion-radicale /bin/sh
# View logs
docker logs daarion-radicale
```
## Client Configuration
### iOS
1. Settings → Calendar → Accounts → Add Account
2. Select "CalDAV"
3. Server: `caldav.daarion.space`
4. Username/Password: Your credentials
### Android (DAVDroid)
1. Install DAVdroid from F-Droid
2. Add Account → CalDAV
3. Server URL: `https://caldav.daarion.space`
### macOS
1. Calendar → Preferences → Accounts
2. Add Account → CalDAV
3. Server: `https://caldav.daarion.space`
### Thunderbird
1. Calendar → New Calendar
2. On the Network → CalDAV
3. Location: `https://caldav.daarion.space/username/`
## Security
### Network Isolation
- Radicale listens only on internal Docker network
- Caddy handles all external traffic
- TLS 1.3 enforced by Caddy
### Authentication
- HTTP Basic Auth (username/password)
- Each user has isolated calendar space (`/username/`)
- Credentials stored in Radicale config
### Firewall Rules
Only allow:
- Port 443 (HTTPS) - public
- Port 5232 - internal only (localhost)
## Backup & Recovery
### Backup Script
```bash
#!/bin/bash
# backup-calendar.sh
docker cp daarion-radicale:/data /backup/calendar-data
tar -czf calendar-backup-$(date +%Y%m%d).tar.gz /backup/calendar-data
```
### Restore
```bash
docker cp /backup/calendar-data/. daarion-radicale:/data/
docker restart daarion-radicale
```
## Monitoring
### Health Checks
- Radicale: `docker inspect --format='{{.State.Health.Status}}' daarion-radicale`
- Caddy: `curl -f http://localhost:8080/health || exit 1`
### Metrics
- Calendar Service: `GET /metrics`
- Account count, pending reminders
## Troubleshooting
### Common Issues
#### "Cannot connect to CalDAV server"
1. Check Caddy is running: `docker ps | grep caddy`
2. Check DNS: `nslookup caldav.daarion.space`
3. Check TLS: `curl -vI https://caldav.daarion.space`
#### "Authentication failed"
1. Check credentials in Radicale container
2. Verify user exists: `ls /data/`
3. Check Caddy logs: `docker logs daarion-caldav-proxy`
#### "Calendar not syncing"
1. Force refresh on client
2. Check network connectivity
3. Verify SSL certificate: `openssl s_client -connect caldav.daarion.space:443`
## Future Enhancements
1. **Radicale Cluster** - Multiple Radicale instances with load balancing
2. **Two-Factor Auth** - Add TOTP to CalDAV authentication
3. **Encryption at Rest** - Encrypt calendar data on disk
4. **Audit Logging** - Track all calendar access
5. **Multiple Providers** - Add Google Calendar, iCloud as backup
Reference in New Issue View Git Blame Copy Permalink