ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
162 Commits 1 Branch 0 Tags
221179c4db1ce3ded63c5c305ecb313492a70b2c
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Ronni Baslund 221179c4db
ci / changes (push) Successful in 3s
Details
ci / tc_booking (push) Has been skipped
Details
ci / tc_operator (push) Has been skipped
Details
ci / tc_website (push) Has been skipped
Details
ci / tc_platform_api (push) Has been skipped
Details
ci / test_platform_api (push) Has been skipped
Details
ci / build_booking (push) Has been skipped
Details
ci / build_operator (push) Has been skipped
Details
ci / build_platform_api (push) Has been skipped
Details
ci / tc_portal (push) Successful in 25s
Details
ci / build_portal (push) Successful in 41s
Details
ci / deploy (push) Successful in 40s
Details
feat(portal): Apple Mail profile download on user rows + drawer 
The .mobileconfig button only lived on the transient credential dialogs
(invite/create/reset results) — nowhere to fetch a profile for an
existing mailbox. Row kebab menu gains 'Download Apple Mail profile'
(mailbox users only) and the user drawer shows the button next to the
mailbox address.
2026-06-11 08:00:15 +02:00
.gitea/workflows
fix(ci): deploy only apps whose build actually succeeded
2026-06-11 07:45:08 +02:00
.github/workflows
feat(operator): production build + k3s deployment
2026-06-10 07:53:55 +02:00
apps
feat(portal): Apple Mail profile download on user rows + drawer
2026-06-11 08:00:15 +02:00
docs
feat(ocis): persistent sessions + flat primary surfaces
2026-06-07 12:34:26 +02:00
infrastructure
feat(infra): real TLS for mail.dezky.eu
2026-06-10 21:58:35 +02:00
packages/ui
chore(portal,operator): upgrade to Nuxt 4
2026-05-30 08:02:43 +02:00
scripts
chore(scripts): configure git remote in bootstrap
2026-06-05 12:18:07 +02:00
services/platform-api
feat(domains): surface autodiscovery SRV records (RFC 6186)
2026-06-10 22:11:34 +02:00
.env.example
feat(platform): real email domains, mailboxes & member lifecycle
2026-06-01 21:19:42 +02:00
.gitignore
feat(infra): k3s foundation — cert-manager, Longhorn config, in-cluster data tier
2026-06-08 18:39:31 +02:00
CLAUDE.md
docs: feature-flag usage guide + cross-links
2026-05-24 19:29:24 +02:00
README.md
chore(services): rename services/provisioning -> services/platform-api
2026-05-24 00:35:01 +02:00

README.md

Dezky

Sovereign workspace platform for European businesses. Mail, files, calendar, video meetings — all EU-hosted, all open source.

Quick start (local development)

# 1. Clone and enter
git clone <repo-url> dezky
cd dezky

# 2. Run bootstrap (handles everything)
./scripts/bootstrap.sh

# 3. Open the portal
open https://app.dezky.local

The bootstrap script:

  • Checks prerequisites (Docker, mkcert, openssl)
  • Generates wildcard TLS certificate via mkcert
  • Adds /etc/hosts entries (with your permission)
  • Generates secure random secrets in .env
  • Pulls Docker images
  • Starts all services in correct order
  • Prints next-step instructions

Service URLs (local development)

Service URL Purpose
Portal https://app.dezky.local Customer-facing landing & launcher
Authentik https://auth.dezky.local Identity provider (OIDC/SAML)
Files (OCIS) https://files.dezky.local File storage & sharing
Mail (Stalwart) https://mail.dezky.local Mail server admin UI
Office https://office.dezky.local Collabora Online editor
Traefik https://traefik.dezky.local Reverse proxy dashboard

What's in this repo

dezky/
├── apps/portal/                Nuxt 3 customer portal
├── services/platform-api/      NestJS service · tenants, partners, users, provisioning orchestration
├── packages/                   Shared TypeScript libraries
├── infrastructure/
│   └── docker-compose/         Local development stack
├── scripts/                    Setup, reset, helpers
└── docs/                       Service references & guides

Prerequisites

  • macOS or Linux (Windows users: use WSL2)
  • Docker Desktop 24+ or OrbStack
  • mkcert (brew install mkcert)
  • pnpm 9+ (brew install pnpm)
  • Node.js 20+
  • 16 GB RAM recommended

Common commands

# Start everything
docker compose -f infrastructure/docker-compose/docker-compose.yml up -d

# View logs
docker compose -f infrastructure/docker-compose/docker-compose.yml logs -f [service]

# Stop everything (keeps data)
docker compose -f infrastructure/docker-compose/docker-compose.yml down

# Nuke and restart (DESTROYS DATA)
./scripts/reset.sh

Architecture

This is a multi-tenant SaaS platform. Each tenant gets:

  • Isolated Authentik OIDC tenant
  • Custom subdomain (e.g. customer-name.dezky.local)
  • Mail domain in Stalwart with auto-generated DKIM
  • Dedicated OCIS space hierarchy
  • Branded launcher in the portal

All components are Apache 2.0 / MIT licensed — no per-seat fees, full whitelabel rights.

Production

The production target is a single Hetzner AX41-NVMe server (€39/mo) with:

  • Stalwart on bare-metal
  • k3s for all other services
  • Hetzner Object Storage (€5/mo) as OCIS S3 backend
  • Storage Box BX11 (€3.20/mo) for Restic backups
  • Storage Box BX11 in Helsinki (€3.20/mo) for DR

See docs/PRODUCTION-DEPLOYMENT.md (TBD) for migration plan.

Stack rationale

These choices are deliberate after extensive license/architecture research. See CLAUDE.md for the full reasoning.

Component License Why this one
Stalwart Mail Apache 2.0 Modern Rust, ActiveSync built-in, JMAP support
OCIS Apache 2.0 Cleaner license than Nextcloud (AGPL+trademark)
Zulip Apache 2.0 Only truly open-core-free chat option
Authentik MIT Better multi-tenancy than Keycloak
Hetzner N/A 100% EU sovereignty — core to business

License

Application code: MIT (own code) Third-party services: see individual service licenses in stack.

Reference in New Issue View Git Blame Copy Permalink
S
Description
No description provided
Readme 3.4 MiB
Languages
Vue 53.5%
TypeScript 42%
Shell 2.4%
CSS 0.5%
PHP 0.5%
Other 1.1%