diff --git a/system/kernighan/kernighan.nix b/system/kernighan/kernighan.nix
index 69ec90a..eee2fc5 100644
--- a/system/kernighan/kernighan.nix
+++ b/system/kernighan/kernighan.nix
@@ -10,6 +10,7 @@
       ../shared/services/gitweb.nix
       ../shared/services/miniflux.nix
       ../shared/services/nginx.nix
+      ../shared/services/radicale.nix
     ];
 
   networking = {
@@ -27,6 +28,7 @@
   };
 
   environment.systemPackages = with pkgs; [
+    apacheHttpd # Because we need htpasswd for Radicale, annoyingly
     cifs-utils # To mount Storage Box
     git
     git-crypt
diff --git a/system/shared/services/nginx.nix b/system/shared/services/nginx.nix
index 737ae3c..301ecf0 100644
--- a/system/shared/services/nginx.nix
+++ b/system/shared/services/nginx.nix
@@ -34,6 +34,14 @@
         proxyPass = "http://127.0.0.1:8080";
       };
     };
+
+    virtualHosts."cal.tsvallender.co.uk" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:5232";
+      };
+    };
   };
 
   security.acme = {
diff --git a/system/shared/services/radicale.nix b/system/shared/services/radicale.nix
new file mode 100644
index 0000000..631cdf9
--- /dev/null
+++ b/system/shared/services/radicale.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, inputs, ... }:
+
+{
+  services.radicale = {
+    enable = true;
+    settings = {
+      server = {
+        hosts = [ "0.0.0.0:5232" "[::]:5232" ];
+      };
+      auth = {
+        type = "htpasswd";
+        htpasswd_filename = "/var/lib/radicale/users";
+        htpasswd_encryption = "bcrypt";
+      };
+      storage = {
+        filesystem_folder = "/var/lib/radicale/collections";
+      };
+    };
+  };
+}
+