A root-run z-push-admin (kubectl exec defaults to root) left a
root-owned 'users' file on the state PVC; Apache runs as www-data, so
every request 500'd with 'Not possible to write to the configured
state directory'. An initContainer now normalizes ownership on every
start (state is disposable, ownership isn't precious), and the docs
say to exec z-push-admin as www-data.
Wraps Stalwart in EAS so iOS/Android native Mail/Calendar 'Exchange'
accounts get two-way mail+calendar+contacts sync (BackendCombined:
IMAP + CalDAV /dav/cal/%l/ + CardDAV, credentials pass through).
- services/zpush: Z-Push 2.6.4 (AGPLv3, see LICENSE-NOTES.md) on
php:8.2-apache-bookworm (trixie dropped libc-client); PHP 8 sysv
sprintf fatal sed-patched; autodiscover dispatcher answers
mobilesync schema, proxies outlook schema to Stalwart unchanged
- prod: zpush Deployment (replicas:1, Recreate — file sync state),
/Microsoft-Server-ActiveSync Ingress on mail.dezky.eu (no redirect,
POST-heavy), autodiscover.dezky.eu repointed to the dispatcher,
selectorless stalwart-imaps/-smtps Services (host-Stalwart is
implicit-TLS only: 993/465, no plain 143/587 — verified on node1)
- CI: build+deploy zpush like the other apps
EAS tops out at 14.1: covers native mobile clients, NOT the Outlook
mobile app (needs 16.1) and not new Outlook for Windows (no EAS).
Ronni Baslund