diff --git a/main.tf b/main.tf
index 82bd878..9ad5848 100644
--- a/main.tf
+++ b/main.tf
@@ -25,6 +25,6 @@ module "docker" {
 }
 
 module "radicale" {
-  source ="radicale"
+  source = "radicale"
   domain = "radicale.bb8.fun"
 }
diff --git a/radicale/config b/radicale/config
index a91d071..6e9e73f 100644
--- a/radicale/config
+++ b/radicale/config
@@ -1,160 +1,32 @@
-# vim:ft=cfg
-
-# Config file for Radicale - A simple calendar server
-#
-# Place it into /etc/radicale/config (global)
-# or ~/.config/radicale/config (user)
-#
-# The current values are the default ones
-
-
+# See radicale.org/configuration/
 [server]
-
-# CalDAV server hostnames separated by a comma
-# IPv4 syntax: address:port
-# IPv6 syntax: [address]:port
-# For example: 0.0.0.0:9999, [::]:9999
-#hosts = 127.0.0.1:5232
 hosts = 0.0.0.0:5232
 
-# Daemon flag
-#daemon = False
-
-# File storing the PID in daemon mode
-#pid =
-
 # Max parallel connections
-#max_connections = 20
-
-# Max size of request body (bytes)
-#max_content_length = 10000000
-
-# Socket timeout (seconds)
-#timeout = 10
-
-# SSL flag, enable HTTPS protocol
-ssl = False
-
-# SSL certificate path
-#certificate = /etc/ssl/radicale.cert.pem
-
-# SSL private key
-#key = /etc/ssl/radicale.key.pem
-
-# CA certificate for validating clients. This can be used to secure
-# TCP traffic between Radicale and a reverse proxy
-#certificate_authority =
-
-# SSL Protocol used. See python's ssl module for available values
-#protocol = PROTOCOL_TLSv1_2
-
-# Available ciphers. See python's ssl module for available ciphers
-#ciphers =
-
-# Reverse DNS to resolve client address in logs
-dns_lookup = False
+max_connections = 10
 
 # Message displayed in the client when a password is needed
-#realm = Radicale - Password Required
-
-
-[encoding]
-
-# Encoding for responding requests
-request = utf-8
-
-# Encoding for storing local collections
-stock = utf-8
-
+realm = Authentication required
 
 [auth]
 
 # Authentication method
 # Value: none | htpasswd | remote_user | http_x_remote_user
-#type = none
-
-# Htpasswd filename
-#htpasswd_filename = /etc/radicale/users
-
-# Htpasswd encryption method
-# Value: plain | sha1 | ssha | crypt | bcrypt | md5
-# Only bcrypt can be considered secure.
-# bcrypt and md5 require the passlib library to be installed.
-#htpasswd_encryption = bcrypt
-
-# Incorrect authentication delay (seconds)
-delay = 1
-
-
-[rights]
-
-# Rights backend
-# Value: none | authenticated | owner_only | owner_write | from_file
-#type = owner_only
-
-# File for rights management from_file
-# file = /etc/radicale/rights
-
+type = htpasswd
+htpasswd_filename = /config/users
 
 [storage]
-
-# Storage backend
-# Value: multifilesystem
-#type = multifilesystem
-
-# Folder for storing local collections, created if not present
-#filesystem_folder = /var/lib/radicale/collections
 filesystem_folder = /data/collections
 
-# Lock the storage. Never start multiple instances of Radicale or edit the
-# storage externally while Radicale is running if disabled.
-#filesystem_locking = True
-
-# Sync all changes to disk during requests. (This can impair performance.)
-# Disabling it increases the risk of data loss, when the system crashes or
-# power fails!
-#filesystem_fsync = True
-
-# Delete sync token that are older (seconds)
-#max_sync_token_age = 2592000
-
-# Close the lock file when no more clients are waiting.
-# This option is not very useful in general, but on Windows files that are
-# opened cannot be deleted.
-#filesystem_close_lock_file = False
-
-# Command that is run after changes to storage
-# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
-#hook =
-
-
-[web]
-
-# Web interface backend
-# Value: none | internal | radicale_infcloud
-# (See also https://github.com/Unrud/RadicaleInfCloud)
-#type = internal
-
-
 [logging]
 
-# Logging configuration file
-# If no config is given, simple information is printed on the standard output
 # For more information about the syntax of the configuration file, see:
 # http://docs.python.org/library/logging.config.html
-#config =
-
-# Set the default logging level to debug
-#debug = False
-
-# Store all environment variables (including those set in the shell)
-#full_environment = False
-
-# Don't include passwords in logs
-#mask_passwords = True
+# config = /config/logging
 
 
 [headers]
 
 # Additional HTTP headers
-#Access-Control-Allow-Origin = *
+X-Powered-By: Allomancy
+Server: Blackbox
diff --git a/radicale/logging.conf b/radicale/logging.conf
new file mode 100644
index 0000000..cd27e76
--- /dev/null
+++ b/radicale/logging.conf
@@ -0,0 +1,22 @@
+[loggers]
+keys = root
+
+[handlers]
+keys = file
+
+[formatters]
+keys = full
+
+[logger_root]
+# Change this to DEBUG or INFO for higher verbosity.
+level = WARNING
+handlers = file
+
+[handler_file]
+class = FileHandler
+# Specify the output file here.
+args = ('/var/log/radicale/log',)
+formatter = full
+
+[formatter_full]
+format = %(asctime)s - [%(thread)x] %(levelname)s: %(message)s
diff --git a/radicale/main.tf b/radicale/main.tf
index 3c49a9d..b21bb1a 100644
--- a/radicale/main.tf
+++ b/radicale/main.tf
@@ -12,15 +12,15 @@ resource docker_container "radicale" {
   image = "${docker_image.radicale.latest}"
 
   labels {
-    "traefik.port"                                     = 5232
-    "traefik.enable"                                   = "true"
-    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
-    "traefik.frontend.headers.STSSeconds"              = "2592000"
-    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
-    "traefik.frontend.headers.contentTypeNosniff"      = "true"
-    "traefik.frontend.headers.browserXSSFilter"        = "true"
-    "traefik.frontend.passHostHeader"                  = "true"
-    "traefik.frontend.rule"                            = "Host:${var.domain}"
+    "traefik.port"                                  = 5232
+    "traefik.enable"                                = "true"
+    "traefik.frontend.headers.SSLTemporaryRedirect" = "true"
+    "traefik.frontend.headers.STSSeconds"           = "2592000"
+    "traefik.frontend.headers.STSIncludeSubdomains" = "false"
+    "traefik.frontend.headers.contentTypeNosniff"   = "true"
+    "traefik.frontend.headers.browserXSSFilter"     = "true"
+    "traefik.frontend.passHostHeader"               = "true"
+    "traefik.frontend.rule"                         = "Host:${var.domain}"
   }
 
   volumes {
@@ -38,11 +38,15 @@ resource docker_container "radicale" {
     file    = "/config/config"
   }
 
-  # env = [
-  #   "PGID=1003",
-  #   "PUID=1000",
-  #   "TZ=Asia/Kolkata",
-  # ]
+  upload {
+    content = "${file("${path.module}/logging.conf")}"
+    file    = "/config/logging"
+  }
+
+  upload {
+    content = "${file("${path.module}/users")}"
+    file    = "/config/users"
+  }
 
   restart               = "unless-stopped"
   destroy_grace_seconds = 10
diff --git a/radicale/users b/radicale/users
new file mode 100644
index 0000000..03a9ae4
--- /dev/null
+++ b/radicale/users
@@ -0,0 +1 @@
+nemo:$2y$05$vC1WTAuKn2xuDYZ6I3ucxuPnCrtZrVKzdDHSYhqCegi97RM/pdzXW