ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

feat(mail): CalDAV/CardDAV exposed + in the Apple profile
ci / changes (push) Successful in 4s
Details
ci / tc_booking (push) Has been skipped
Details
ci / tc_operator (push) Has been skipped
Details
ci / tc_website (push) Has been skipped
Details
ci / tc_platform_api (push) Successful in 23s
Details
ci / tc_portal (push) Successful in 26s
Details
ci / build_booking (push) Has been skipped
Details
ci / build_operator (push) Has been skipped
Details
ci / test_platform_api (push) Successful in 33s
Details
ci / build_portal (push) Successful in 43s
Details
ci / build_platform_api (push) Successful in 16s
Details
ci / deploy (push) Successful in 43s
Details

Browse Source 
DAV was internal-only (the node's :443 is Traefik's). New mail-dav
Ingress routes /.well-known/caldav, /.well-known/carddav and /dav on
mail.dezky.eu through to Stalwart — with the HTTPS-redirect middleware
(safe for DAV's GET/PROPFIND; kept OFF the autodiscover Ingress whose
POSTs don't survive redirects). The _caldavs/_carddavs SRV records are
now legitimate, so the Domains page surfaces them, and the Apple
.mobileconfig gains CalDAV + CardDAV payloads: one install sets up Mail,
Calendar and Contacts on Mac/iPhone. Stalwart's STALWART_PUBLIC_URL is
set to https://mail.dezky.eu on the host (discovery documents).
This commit is contained in:
Ronni Baslund
2026-06-11 08:23:15 +02:00
parent 716d854b3d
commit 77898c5027
3 changed files with 72 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/platform-api/src/domains/domains.service.ts
+7 -6
View File
@@ -433,12 +433,13 @@ function classify(z: StalwartZoneRecord, domain: string): RecordKind | null {
if (z.type === 'TXT' && z.fqdn === domain && /^v=spf1\b/i.test(z.value)) return 'spf'
if (z.type === 'TXT' && z.fqdn.endsWith(`._domainkey.${domain}`)) return 'dkim'
if (z.type === 'TXT' && z.fqdn === `_dmarc.${domain}` && /^v=DMARC1\b/i.test(z.value)) return 'dmarc'
// RFC 6186 client autodiscovery. Only the services that are actually
// reachable in production: IMAPS 993, SMTP submission 465, POP3S 995.
// The zone also offers _jmap/_caldavs/_carddavs SRVs targeting :443 —
// that port belongs to Traefik on the node, not Stalwart, so publishing
// them would advertise endpoints that 404. Revisit with the webmail story.
if (z.type === 'SRV' && /^_(imaps|submissions|pop3s)\._tcp\./.test(z.fqdn)) return 'autodiscovery'
// RFC 6186/6764 client autodiscovery. Only services actually reachable in
// production: IMAPS 993, submission 465, POP3S 995 (Stalwart direct), and
// CalDAV/CardDAV on 443 (Traefik routes /dav + the well-knowns through to
// Stalwart). _jmap stays unpublished until the webmail/JMAP story.
if (z.type === 'SRV' && /^_(imaps|submissions|pop3s|caldavs|carddavs)\._tcp\./.test(z.fqdn)) {
return 'autodiscovery'
}
// HTTP autodiscovery hosts (Outlook's autodiscover, Thunderbird's
// autoconfig) — routed through Traefik to Stalwart's discovery endpoints.
if (z.type === 'CNAME' && (z.fqdn === `autoconfig.${domain}` || z.fqdn === `autodiscover.${domain}`)) {