CardDAV bridge for Google Contacts.
Setu syncs your Google Contacts and serves them over CardDAV, so any CardDAV-compatible client. I built this for OpenBubbles since I could not get google contacts to work.
- Windows: system tray with MSI installer (auto-start on login)
- Linux: runs as a systemd user service with AppImage distribution
- Syncs incrementally via the Google People API
- Serves contacts as vCard 3.0 over a local CardDAV server
- On-demand phone number search — queries Google in real time for numbers not in the local cache
- All data encrypted at rest with SQLCipher (AES-256)
- Credentials stored in the OS keyring (falls back to file-based vault if no keyring service is available)
Download the latest setu-<version>.msi from Releases and double-click to install. The installer:
- Installs
setu.exeto%LOCALAPPDATA%\Setu\ - Registers auto-start on login (HKCU Run key)
- Launches Setu immediately after install
- On uninstall, cleans up all data and credentials
Download the latest Setu-<version>-x86_64.AppImage from Releases, then:
chmod +x Setu-*-x86_64.AppImage
./Setu-*-x86_64.AppImageThe AppImage bundles all dependencies (GTK, D-Bus, etc.) — no system packages required. On first run the settings window opens for Google Cloud credentials. After setup, Setu automatically installs itself as a systemd user service that runs in the background and auto-starts on login.
# Service management
systemctl --user status setu # check status
systemctl --user restart setu # restart
journalctl --user -u setu -f # view logs
# Manual install/uninstall
./Setu-*-x86_64.AppImage --install
./Setu-*-x86_64.AppImage --uninstallSee Building from source below.
Setu requires a Google Cloud project with the People API enabled and OAuth 2.0 Desktop credentials. This is a one-time setup.
- Open Google Cloud Console — Create Project
- Enter a project name (e.g.
Setu Contacts) - Click Create
- Open Enable People API
- Make sure your project is selected in the top dropdown
- Click Enable
Alternatively, go to API Library, search for "People API", and click Enable.
- Open Google Auth Platform — Branding
- If prompted, click Get Started
- Set App name to
Setu - Select your email under User support email
- Click Next
- Select External (required for personal Gmail accounts)
- Click Next
- Enter your email address
- Click Next
- Check I agree to the Google API Services: User Data Policy
- Click Continue, then Create
- Open Google Auth Platform — Audience
- Under Test users, click Add users
- Enter your Gmail address and click Save
Testing vs Production mode: Your app starts in "Testing" mode. In Testing mode, only users explicitly added as test users can authorize the app, and OAuth tokens expire every 7 days (you'll need to re-login weekly). To avoid token expiry, publish the app to Production mode under Google Auth Platform — Audience. No verification is required. Production mode is recommended.
- Open Google Auth Platform — Clients
- Click Create Client
- Set Application type to Desktop app
- Name it (e.g.
Setu Desktop) - Click Create
A dialog appears with your Client ID and Client Secret. Copy both values — you'll paste them into Setu's settings window.
You can also click the download icon to save a
client_secret_*.jsonfile as a backup. The secret may not be visible again after you close this dialog.
- Launch
setu.exe(or let the MSI installer launch it) - The settings window opens automatically on first run
- Paste your Client ID and Client Secret into the corresponding fields
- Click Save Settings, then Login with Google
- Complete the sign-in flow in your browser
- Close the settings window — Setu starts syncing in the background
Setu appears in the system tray. Right-click the tray icon to:
- Settings — reopen the settings window
- Sync Now — trigger an immediate sync
- Quit Setu — shut down
Setu runs a CardDAV server on localhost (default port 5232). Configure your client with:
| Setting | Value |
|---|---|
| Server URL | http://localhost:5232 (or https:// if TLS is enabled) |
| Username | anything (e.g. setu) |
| Password | shown in the settings window |
To view the password from the command line:
setu.exe --show-carddav-password
- OpenBubbles — CardDAV contact sync (Google Contacts native integration could not be used because the app is blocked by Google)
Note: TLS support is currently untested.
Setu can encrypt localhost traffic using a local Certificate Authority. This protects against localhost traffic sniffing.
- Open Settings and check Enable HTTPS
- Click Save Settings — Setu generates a local CA and server certificate
- Windows shows a one-time security dialog to trust the CA (added to CurrentUser store, no admin needed)
- Restart Setu — the CardDAV server now listens on
https://localhost:5232 - Update your CardDAV client URL from
http://tohttps://
All Windows apps (Outlook, CalDav Synchronizer, browsers) trust the certificate automatically after step 3. The CA and server certificates are stored in %APPDATA%\setu\.
| Flag | Description |
|---|---|
| (none) | Start with system tray (default) |
--settings |
Open the settings GUI and exit |
--headless |
Run without the tray (server + sync only) |
--show-carddav-password |
Print the CardDAV Basic Auth credentials and exit |
--install |
Install systemd user service (Linux only) |
--uninstall |
Remove systemd user service (Linux only) |
Config file: %APPDATA%\setu\config.json
| Key | Default | Description |
|---|---|---|
google_client_id |
(empty) | OAuth Client ID |
sync_interval_secs |
900 |
Sync interval in seconds (15 min) |
server_port |
5232 |
CardDAV server port |
use_tls |
false |
Enable HTTPS for the CardDAV server |
The client secret is stored in the OS keyring, not in the config file.
Windows (%APPDATA%\setu\):
| Path | Description |
|---|---|
config.json |
Configuration |
setu.db |
Encrypted contact database (SQLCipher) |
oauth_token.json |
Cached OAuth token |
setu.log |
Runtime logs |
ca.crt / ca.key |
Local CA (created when HTTPS is enabled) |
server.crt / server.key |
Server certificate signed by local CA |
Linux (~/.local/share/setu/):
| Path | Description |
|---|---|
config.json |
Configuration |
setu.db |
Encrypted contact database (SQLCipher) |
vault.json |
File-based vault (only when OS keyring is unavailable) |
oauth_token.json |
Cached OAuth token |
setu.log |
Runtime logs |
- SQLCipher — AES-256 full-database encryption with
PRAGMA secure_delete = ON - OS Keyring — DB encryption key, OAuth token, CardDAV password, and Google client secret are stored in the OS keyring (Windows Credential Manager or Linux Secret Service)
- File-based vault fallback — if no keyring service is available (e.g. no gnome-keyring), secrets are stored in
~/.local/share/setu/vault.jsonwithchmod 600permissions - CardDAV Basic Auth — password is auto-generated (24 alphanumeric characters) and stored securely
- Local only — the CardDAV server binds to
127.0.0.1, never exposed to the network
Setu cross-compiles from WSL2 (Linux) to Windows. Run the setup script to install toolchains:
./setup_wsl.shThis installs:
gcc-mingw-w64-x86-64and related cross-compilation tools- Rust (via rustup) with the
x86_64-pc-windows-gnutarget msitools(provideswixlfor MSI generation)
# Release binary
cargo build --release --target x86_64-pc-windows-gnu
# MSI installer
./build_local_msi.sh
# MSI with self-signed code signature
./build_local_msi.sh --signThe release binary is at target/x86_64-pc-windows-gnu/release/setu.exe (~8 MB, stripped + LTO).
./build_appimage.shThis builds a native Linux release binary and packages it as Setu-x86_64.AppImage using linuxdeploy with the GTK plugin. All shared library dependencies are bundled automatically. The script downloads linuxdeploy on first run.
Build prerequisites: Rust toolchain, libgtk-3-dev, libdbus-1-dev, libxdo-dev, pkg-config.
cargo test --target x86_64-unknown-linux-gnu --lib44 unit tests across db (15), vcard (14), and server (16).
This project is licensed under the GNU Affero General Public License v3.0.
For commercial licensing (use without AGPL obligations), contact us.