diff --git a/main.tf b/main.tf
index c40336a..5e66e3e 100644
--- a/main.tf
+++ b/main.tf
@@ -23,3 +23,7 @@ module "docker" {
   ips                 = "${var.ips}"
   domain              = "bb8.fun"
 }
+
+module "radicale" {
+  source ="radicale"
+}
diff --git a/radicale/config b/radicale/config
new file mode 100644
index 0000000..670f12e
--- /dev/null
+++ b/radicale/config
@@ -0,0 +1,160 @@
+# vim:ft=cfg
+
+# Config file for Radicale - A simple calendar server
+#
+# Place it into /etc/radicale/config (global)
+# or ~/.config/radicale/config (user)
+#
+# The current values are the default ones
+
+
+[server]
+
+# CalDAV server hostnames separated by a comma
+# IPv4 syntax: address:port
+# IPv6 syntax: [address]:port
+# For example: 0.0.0.0:9999, [::]:9999
+#hosts = 127.0.0.1:5232
+hosts = 0.0.0.0:5232
+
+# Daemon flag
+#daemon = False
+
+# File storing the PID in daemon mode
+#pid =
+
+# Max parallel connections
+#max_connections = 20
+
+# Max size of request body (bytes)
+#max_content_length = 10000000
+
+# Socket timeout (seconds)
+#timeout = 10
+
+# SSL flag, enable HTTPS protocol
+ssl = False
+
+# SSL certificate path
+#certificate = /etc/ssl/radicale.cert.pem
+
+# SSL private key
+#key = /etc/ssl/radicale.key.pem
+
+# CA certificate for validating clients. This can be used to secure
+# TCP traffic between Radicale and a reverse proxy
+#certificate_authority =
+
+# SSL Protocol used. See python's ssl module for available values
+#protocol = PROTOCOL_TLSv1_2
+
+# Available ciphers. See python's ssl module for available ciphers
+#ciphers =
+
+# Reverse DNS to resolve client address in logs
+dns_lookup = False
+
+# Message displayed in the client when a password is needed
+#realm = Radicale - Password Required
+
+
+[encoding]
+
+# Encoding for responding requests
+#request = utf-8
+
+# Encoding for storing local collections
+#stock = utf-8
+
+
+[auth]
+
+# Authentication method
+# Value: none | htpasswd | remote_user | http_x_remote_user
+#type = none
+
+# Htpasswd filename
+#htpasswd_filename = /etc/radicale/users
+
+# Htpasswd encryption method
+# Value: plain | sha1 | ssha | crypt | bcrypt | md5
+# Only bcrypt can be considered secure.
+# bcrypt and md5 require the passlib library to be installed.
+#htpasswd_encryption = bcrypt
+
+# Incorrect authentication delay (seconds)
+#delay = 1
+
+
+[rights]
+
+# Rights backend
+# Value: none | authenticated | owner_only | owner_write | from_file
+#type = owner_only
+
+# File for rights management from_file
+#file = /etc/radicale/rights
+
+
+[storage]
+
+# Storage backend
+# Value: multifilesystem
+#type = multifilesystem
+
+# Folder for storing local collections, created if not present
+#filesystem_folder = /var/lib/radicale/collections
+filesystem_folder = /data/collections
+
+# Lock the storage. Never start multiple instances of Radicale or edit the
+# storage externally while Radicale is running if disabled.
+#filesystem_locking = True
+
+# Sync all changes to disk during requests. (This can impair performance.)
+# Disabling it increases the risk of data loss, when the system crashes or
+# power fails!
+#filesystem_fsync = True
+
+# Delete sync token that are older (seconds)
+#max_sync_token_age = 2592000
+
+# Close the lock file when no more clients are waiting.
+# This option is not very useful in general, but on Windows files that are
+# opened cannot be deleted.
+#filesystem_close_lock_file = False
+
+# Command that is run after changes to storage
+# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
+#hook =
+
+
+[web]
+
+# Web interface backend
+# Value: none | internal | radicale_infcloud
+# (See also https://github.com/Unrud/RadicaleInfCloud)
+#type = internal
+
+
+[logging]
+
+# Logging configuration file
+# If no config is given, simple information is printed on the standard output
+# For more information about the syntax of the configuration file, see:
+# http://docs.python.org/library/logging.config.html
+#config =
+
+# Set the default logging level to debug
+#debug = False
+
+# Store all environment variables (including those set in the shell)
+#full_environment = False
+
+# Don't include passwords in logs
+#mask_passwords = True
+
+
+[headers]
+
+# Additional HTTP headers
+#Access-Control-Allow-Origin = *
diff --git a/radicale/main.tf b/radicale/main.tf
new file mode 100644
index 0000000..0b5c59a
--- /dev/null
+++ b/radicale/main.tf
@@ -0,0 +1,49 @@
+data "docker_registry_image" "radicale" {
+  name = "tomsquest/docker-radicale:latest"
+}
+
+resource "docker_image" "radicale" {
+  name          = "${data.docker_registry_image.radicale.name}"
+  pull_triggers = ["${data.docker_registry_image.radicale.sha256_digest}"]
+}
+
+resource docker_container "radicale" {
+  name  = "radicale"
+  image = "${docker_image.radicale.latest}"
+
+  labels {
+    "traefik.port"                                     = 5232
+    "traefik.enable"                                   = "true"
+    "traefik.frontend.headers.SSLTemporaryRedirect"    = "true"
+    "traefik.frontend.headers.STSSeconds"              = "2592000"
+    "traefik.frontend.headers.STSIncludeSubdomains"    = "false"
+    "traefik.frontend.headers.contentTypeNosniff"      = "true"
+    "traefik.frontend.headers.browserXSSFilter"        = "true"
+  }
+
+  volumes {
+    host_path      = "/mnt/xwing/data/radicale"
+    container_path = "/data"
+  }
+
+  volumes {
+    host_path      = "/mnt/xwing/config/radicale"
+    container_path = "/config"
+    read_only      = true
+  }
+
+  upload {
+    content = "${file("${path.module}/config")}"
+    file    = "/config/config"
+  }
+
+  env = [
+    "PGID=1003",
+    "PUID=1000",
+    "TZ=Asia/Kolkata",
+  ]
+
+  restart               = "unless-stopped"
+  destroy_grace_seconds = 10
+  must_run              = true
+}