Ilia Denisov
7fb6a63c2b
Keep Mailpit as the backend's SMTP submission point and turn on its relay so OTP/notification mail addressed to the owner reaches a real Gmail inbox, while everything else stays captured-only. - mailpit gains --smtp-relay-config + --smtp-relay-matching (default non-routable, so an unconfigured stack only captures); relay.conf is mounted from a new galaxy-dev-mailpit-config volume - tools/dev-deploy/mailpit/relay.conf.tmpl + a dev-deploy.yaml step that renders it from Gitea secrets (Gmail App Password, never committed) and seeds the volume; the GALAXY_DEV_MAIL_RELAY_MATCH var drives the relay-matching recipient - backend SMTP config unchanged (still -> galaxy-mailpit:1025) - dev-deploy README documents the relay + required secrets/vars Verified locally: compose config valid; the rendered relay.conf is accepted by mailpit v1.21.8 (relay + recipient-matching enabled). Real Gmail delivery is verified at the dev-deploy preview once the owner sets the secrets.
19 lines
780 B
Cheetah
19 lines
780 B
Cheetah
# Mailpit SMTP relay upstream — RENDERED AT DEPLOY TIME by
|
|
# .gitea/workflows/dev-deploy.yaml from Gitea Actions secrets, then
|
|
# seeded into the `galaxy-dev-mailpit-config` volume. The Gmail App
|
|
# Password is a secret and MUST NOT be committed: this template only
|
|
# carries ${PLACEHOLDER}s that the workflow substitutes. See
|
|
# tools/dev-deploy/README.md ("Mail").
|
|
#
|
|
# Mailpit captures every message; the `--smtp-relay-matching` flag (set
|
|
# from GALAXY_DEV_MAIL_RELAY_MATCH in the compose) decides which
|
|
# recipients are actually relayed up to this Gmail account.
|
|
host: smtp.gmail.com
|
|
port: 587
|
|
starttls: true
|
|
allow-insecure: false
|
|
auth: login
|
|
username: ${GALAXY_DEV_MAIL_RELAY_USERNAME}
|
|
password: ${GALAXY_DEV_MAIL_RELAY_PASSWORD}
|
|
return-path: ${GALAXY_DEV_MAIL_RELAY_USERNAME}
|