From da39891d71ee211711279a317c5473d075ffad6e Mon Sep 17 00:00:00 2001
From: Cassowary <cassowary@aldercone.studio>
Date: Fri, 22 Mar 2024 16:55:14 -0700
Subject: [PATCH] Add secrets and email support

---
 .env.sample       | 14 ++++++++++++++
 compose.email.yml | 21 +++++++++++++++++++++
 compose.yml       | 13 +++++++++++++
 3 files changed, 48 insertions(+)
 create mode 100644 compose.email.yml

diff --git a/.env.sample b/.env.sample
index 3f0e2bf..167a42d 100644
--- a/.env.sample
+++ b/.env.sample
@@ -6,3 +6,17 @@ DOMAIN=baserow.example.com
 #EXTRA_DOMAINS=', `www.baserow.example.com`'
 
 LETS_ENCRYPT_ENV=production
+
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.email.yml"
+# FROM_EMAIL="No Reply <noreply@example.com>"
+# EMAIL_SMTP_USE_TLS=true
+# EMAIL_SMTP_HOST=mail.exampl.com
+# EMAIL_SMTP_PORT=497
+# EMAIL_SMTP_USER=noreply@example.com
+# SECRET_EMAIL_SMTP_PASSWORD_VERSION=v1
+#
+
+SECRET_SECRET_KEY_VERSION=v1
+SECRET_BASEROW_JWT_SIGNING_KEY_VERSION=v1
+
diff --git a/compose.email.yml b/compose.email.yml
new file mode 100644
index 0000000..a0fb5ed
--- /dev/null
+++ b/compose.email.yml
@@ -0,0 +1,21 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment:
+      - EMAIL_SMTP=true
+      - EMAIL_SMTP_PASSWORD_FILE=/run/secrets/email_smtp_password
+      - FROM_EMAIL
+      - EMAIL_SMTP_USE_TLS
+      - EMAIL_SMTP_HOST
+      - EMAIL_SMTP_PORT
+      - EMAIL_SMTP_USER
+    secrets:
+      - email_smtp_password
+
+secrets:
+  email_smtp_password:
+    external: true
+    name: ${STACK_NAME}_email_smtp_password_${SECRET_EMAIL_SMTP_PASSWORD_VERSION}
+      
diff --git a/compose.yml b/compose.yml
index 6ba3e65..9c705bf 100644
--- a/compose.yml
+++ b/compose.yml
@@ -8,6 +8,11 @@ services:
       - proxy
     environment:
       - BASEROW_PUBLIC_URL=https://${DOMAIN}
+      - SECRET_KEY_FILE=/run/secrets/secret_key
+      - BASEROW_JWT_SIGNING_KEY_FILE=/run/secrets/baserow_jwt_signing_key
+    secrets:
+      - secret_key
+      - baserow_jwt_signing_key
     deploy:
       restart_policy:
         condition: on-failure
@@ -38,3 +43,11 @@ volumes:
 networks:
   proxy:
     external: true
+
+secrets:
+  secret_key:
+    external: true
+    name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
+  baserow_jwt_signing_key:
+    external: true
+    name: ${STACK_NAME}_baserow_jwt_signing_key_${SECRET_BASEROW_JWT_SIGNING_KEY_VERSION}