diff --git a/hosts/bekkalokk/configuration.nix b/hosts/bekkalokk/configuration.nix
index f208a48..42e0aa9 100644
--- a/hosts/bekkalokk/configuration.nix
+++ b/hosts/bekkalokk/configuration.nix
@@ -7,6 +7,7 @@
 
     ./services/alps.nix
     ./services/bluemap.nix
+    ./services/radicle.nix
     ./services/idp-simplesamlphp
     ./services/kerberos.nix
     ./services/mediawiki
diff --git a/hosts/bekkalokk/services/radicle.nix b/hosts/bekkalokk/services/radicle.nix
new file mode 100644
index 0000000..1e0137c
--- /dev/null
+++ b/hosts/bekkalokk/services/radicle.nix
@@ -0,0 +1,43 @@
+{ config, lib, ... }:
+let
+  domain = "dav.pvv.ntnu.no";
+  radicalePort = 5232;
+in {
+  services.radicale = {
+    enable = true;
+
+    settings = {
+      server = {
+        hosts = [ "127.0.0.1:${toString radicalePort}" ];
+      };
+
+      auth = {
+        type = "imap";
+        imap_host = "imap.pvv.ntnu.no";
+        imap_security = "tls";
+      };
+
+      storage = {
+        filesystem_folder = "/var/lib/radicale/collections";
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    kTLS = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:${toString radicalePort}";
+      extraConfig = ''
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $http_host;
+        proxy_pass_header Authorization;
+      '';
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ radicalePort ];
+}