diff --git a/luci/modules/radicale/rad_pass b/luci/modules/radicale/rad_pass
new file mode 100644
index 0000000..7e1ff88
--- /dev/null
+++ b/luci/modules/radicale/rad_pass
@@ -0,0 +1 @@
+n8r:$apr1$HpSAv/EE$pCDM0qP2JJIY0B5aUXjS30
diff --git a/nate/modules/home-manager/home.nix b/nate/modules/home-manager/home.nix
index a7e9b43..41b84df 100644
--- a/nate/modules/home-manager/home.nix
+++ b/nate/modules/home-manager/home.nix
@@ -116,6 +116,7 @@
     keepassxc
     obs-studio
     betaflight-configurator
+    yubioath-flutter
 
     #
     # Style
diff --git a/nate/modules/sway/sway_conf.nix b/nate/modules/sway/sway_conf.nix
index 32787ce..695fb36 100644
--- a/nate/modules/sway/sway_conf.nix
+++ b/nate/modules/sway/sway_conf.nix
@@ -73,6 +73,7 @@
                 swaylock
                 swayidle
                 swww
+                tailscale-systray
                 wl-clipboard
                 waybar
                 wdisplays
@@ -117,17 +118,24 @@
         ###
         ##  Services
         ###
+        virtualisation.docker.enable = true;
         services.gvfs.enable = true;  # thunar mount, trash, etc
         services.tumbler.enable = true; # thunar thumbnails
         services.openssh.enable = true;
         services.dbus.enable = true;
         services.syncthing.enable = true;
+        services.tailscale = {
+            enable = true;
+            openFirewall = true;
+        };
         # For betaflight configurator
         services.udev.extraRules = ''
             # DFU (Internal bootloader for STM32 and AT32 MCUs)
             SUBSYSTEM=="usb", ATTRS{idVendor}=="2e3c", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
             SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE="0664", GROUP="dialout"
         '';
+        # For yubioath desktop
+        services.pcscd.enable = true;
         # Audio
         security.rtkit.enable = true;
         services.pipewire = {
diff --git a/nate/modules/user/main_user.nix b/nate/modules/user/main_user.nix
index 7765e09..be730ac 100644
--- a/nate/modules/user/main_user.nix
+++ b/nate/modules/user/main_user.nix
@@ -48,6 +48,8 @@ in
                     "adbusers"
                     # For serial interfaces
                     "dialout"
+                    # For docker
+                    "docker"
                 ];
             })
         ];
diff --git a/shared/server-configuration.nix b/shared/server-configuration.nix
index 89ab078..41f710c 100644
--- a/shared/server-configuration.nix
+++ b/shared/server-configuration.nix
@@ -43,6 +43,10 @@ in
       default = false;
       description = "Whether to enable syncThing host on this machine";
     };
+    caldavEnable = lib.mkOption {
+      default = false;
+      description = "Enable the caldav server service (radicale)";
+    };
   };
 
   imports = [
@@ -147,6 +151,24 @@ in
       # };
     };
 
+    services.radicale = lib.mkIf srvConfig.caldavEnable {
+      enable = true;
+      # Run server port 5232
+      server = {
+        hosts = [ "0.0.0.0:5232" "[::]:5232" ];
+      };
+      auth = {
+        type = "htpasswd";
+        htpasswd_filename = "${config.xdg.configHome}/radicale/rad_pass";
+        htpasswd_encryption = "bcrypt";
+      };
+    };
+
+    # Copy radicale pass file
+    home.file."${config.xdg.configHome}/radicale" = lib.mkIf srvConfig.caldavEnable {
+      source = ../luci/modules/radicale/rad_pass;
+    };
+
     systemd.timers."pixel-backups" = {
       wantedBy = [ "timers.target" ];
         timerConfig = {