From 06e0ec3d011fbb6be7fde270e2bf73848243bc48 Mon Sep 17 00:00:00 2001
From: poduck <poduck@gmail.com>
Date: Mon, 1 Dec 2025 18:03:40 -0500
Subject: [PATCH] fix: Add SSH client and autoconfig routes for production
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Install openssh-client in production Django container for mail server management
- Copy .ssh keys into container with proper permissions
- Add explicit Traefik routes for autoconfig/autodiscover subdomains

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .../compose/production/django/Dockerfile        |  6 ++++++
 .../compose/production/traefik/traefik.yml      | 17 +++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/smoothschedule/compose/production/django/Dockerfile b/smoothschedule/compose/production/django/Dockerfile
index 21aed18..3d6ae81 100644
--- a/smoothschedule/compose/production/django/Dockerfile
+++ b/smoothschedule/compose/production/django/Dockerfile
@@ -47,6 +47,8 @@ RUN apt-get update && apt-get install --no-install-recommends -y \
   gettext \
   # entrypoint
   wait-for-it \
+  # SSH client for mail server management
+  openssh-client \
   # cleaning up unused files
   && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \
   && rm -rf /var/lib/apt/lists/*
@@ -80,6 +82,10 @@ COPY --from=python-build-stage --chown=django:django ${APP_HOME} ${APP_HOME}
 # make django owner of the WORKDIR directory as well.
 RUN chown django:django ${APP_HOME}
 
+# Copy SSH keys for mail server management and set permissions
+COPY --chown=django:django ./.ssh ${APP_HOME}/.ssh
+RUN chmod 700 ${APP_HOME}/.ssh && chmod 600 ${APP_HOME}/.ssh/id_ed25519 || true
+
 # Place executables in the environment at the front of the path
 ENV PATH="/app/.venv/bin:$PATH"
 
diff --git a/smoothschedule/compose/production/traefik/traefik.yml b/smoothschedule/compose/production/traefik/traefik.yml
index f3616f8..f90bbf8 100644
--- a/smoothschedule/compose/production/traefik/traefik.yml
+++ b/smoothschedule/compose/production/traefik/traefik.yml
@@ -63,6 +63,23 @@ http:
       tls:
         certResolver: letsencrypt
 
+    # Email autoconfiguration subdomains
+    autoconfig-router:
+      rule: 'Host(`autoconfig.smoothschedule.com`)'
+      entryPoints:
+        - web-secure
+      service: django
+      tls:
+        certResolver: letsencrypt
+
+    autodiscover-router:
+      rule: 'Host(`autodiscover.smoothschedule.com`)'
+      entryPoints:
+        - web-secure
+      service: django
+      tls:
+        certResolver: letsencrypt
+
     # Wildcard subdomain router for tenant subdomains
     # Each subdomain gets its own certificate via HTTP challenge
     subdomain-router: