From c5e33cf8bf610b6c7df16c02a537bc735d037190 Mon Sep 17 00:00:00 2001
From: val <valentin@lambda-online.de>
Date: Thu, 8 Jan 2026 16:10:12 +0100
Subject: [PATCH 1/2] re-added oidc and smtp

---
 .env.sample      |  2 +-
 abra.sh          |  2 +-
 compose.oidc.yml | 31 +++++++++++++++++++++++++++++++
 compose.smtp.yml | 20 ++++++++++++++++++++
 compose.yml      | 11 -----------
 entrypoint.sh    |  4 ++--
 6 files changed, 55 insertions(+), 15 deletions(-)
 create mode 100644 compose.oidc.yml
 create mode 100644 compose.smtp.yml

diff --git a/.env.sample b/.env.sample
index bbe68dc..875e49a 100644
--- a/.env.sample
+++ b/.env.sample
@@ -35,7 +35,7 @@ ADMIN_EMAIL=mail@example.com
 # https://directus.io/docs/configuration/auth-sso#openid-connect
 
 #COMPOSE_FILE="$COMPOSE_FILE:compose.oidc.yml"
-#SECRET_SIGNING_OIDC_VERSION=v1
+#SECRET_OIDC_SECRET_VERSION=v1
 
 #AUTH_DISABLE_DEFAULT="false"
 #AUTH_SSO_LABEL="Single-Sign On"
diff --git a/abra.sh b/abra.sh
index b83c6d6..833df4c 100755
--- a/abra.sh
+++ b/abra.sh
@@ -1,6 +1,6 @@
 # Set any config versions here
 # Docs: https://docs.coopcloud.tech/maintainers/handbook/#manage-configs
-export DIRECTUS_ENTRYPOINT_VERSION=v3
+export DIRECTUS_ENTRYPOINT_VERSION=v4
 export PG_BACKUP_VERSION=v1
 
 # essentially a wrapper for directus-template-cli apply:
diff --git a/compose.oidc.yml b/compose.oidc.yml
new file mode 100644
index 0000000..f7a46ad
--- /dev/null
+++ b/compose.oidc.yml
@@ -0,0 +1,31 @@
+---
+services:
+  app:
+    environment:
+      AUTH_PROVIDERS: "sso"
+      AUTH_DISABLE_DEFAULT: "${AUTH_DISABLE_DEFAULT:-false}"
+      AUTH_SSO_DRIVER: "openid"
+      AUTH_SSO_CLIENT_ID: ${AUTH_SSO_CLIENT_ID}
+      AUTH_SSO_CLIENT_SECRET_FILE: /run/secrets/oidc_secret
+      AUTH_SSO_ISSUER_URL: ${AUTH_SSO_ISSUER_URL}
+      AUTH_SSO_SCOPE: ${AUTH_SSO_SCOPE:-"openid profile email"}
+      AUTH_SSO_IDENTIFIER_KEY: ${AUTH_SSO_IDENTIFIER_KEY}
+      AUTH_SSO_ALLOW_PUBLIC_REGISTRATION: ${AUTH_SSO_ALLOW_PUBLIC_REGISTRATION:-false}
+      AUTH_SSO_REQUIRE_VERIFIED_EMAIL: "${AUTH_SSO_REQUIRE_VERIFIED_EMAIL:-false}"
+      AUTH_SSO_DEFAULT_ROLE_ID: "${AUTH_SSO_DEFAULT_ROLE_ID}"
+      AUTH_SSO_SYNC_USER_INFO: "${AUTH_SSO_SYNC_USER_INFO:-true}"
+      AUTH_SSO_ROLE_MAPPING: "${AUTH_SSO_ROLE_MAPPING:-{}}"
+      AUTH_SSO_GROUP_CLAIM_NAME: "${AUTH_SSO_GROUP_CLAIM_NAME:-groups}"
+      AUTH_SSO_ICON: "${AUTH_SSO_ICON:-account_circle}"
+      AUTH_SSO_LABEL: ${AUTH_SSO_LABEL:-"Single Sign On"}
+      AUTH_SSO_PARAMS: "${AUTH_SSO_PARAMS:-{}}"
+      AUTH_SSO_REDIRECT_ALLOW_LIST: "${AUTH_SSO_REDIRECT_ALLOW_LIST}"
+
+    secrets:
+      - oidc_secret
+      
+secrets:
+  oidc_secret:
+    name: ${STACK_NAME}_oidc_secret_${SECRET_OIDC_SECRET_VERSION}
+    external: true
+
diff --git a/compose.smtp.yml b/compose.smtp.yml
new file mode 100644
index 0000000..f2e5663
--- /dev/null
+++ b/compose.smtp.yml
@@ -0,0 +1,20 @@
+---
+services:
+  app:
+    environment:
+      EMAIL_TRANSPORT: "smtp"
+      EMAIL_FROM: ${EMAIL_FROM}
+      EMAIL_SMTP_USER: ${EMAIL_SMTP_USER}
+      EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
+      EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT:-465}
+      EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE:-true}
+      EMAIL_SMTP_PASSWORD_FILE: /run/secrets/smtp_password
+
+    secrets:
+      - smtp_password
+
+secrets:
+  smtp_password:
+    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
+    external: true
+
diff --git a/compose.yml b/compose.yml
index a43b7d1..27ec50d 100644
--- a/compose.yml
+++ b/compose.yml
@@ -24,13 +24,6 @@ services:
 
       PUBLIC_URL: https://${DOMAIN}
 
-      EMAIL_TRANSPORT: ${EMAIL_TRANSPORT}
-      EMAIL_FROM: ${EMAIL_FROM}
-      EMAIL_SMTP_USER: ${EMAIL_SMTP_USER}
-      EMAIL_SMTP_HOST: ${EMAIL_SMTP_HOST}
-      EMAIL_SMTP_PORT: ${EMAIL_SMTP_PORT}
-      EMAIL_SMTP_SECURE: ${EMAIL_SMTP_SECURE}
-
     networks:
       - proxy
       - internal
@@ -54,7 +47,6 @@ services:
       - db_password
       - admin_password
       - signing_secret
-      - smtp_password
       
     deploy:
       restart_policy:
@@ -143,9 +135,6 @@ secrets:
   signing_secret:
     name: ${STACK_NAME}_signing_secret_${SECRET_SIGNING_SECRET_VERSION}
     external: true
-  smtp_password:
-    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
-    external: true
 
 configs:
   directus_entrypoint:
diff --git a/entrypoint.sh b/entrypoint.sh
index 0fbd7bf..ce4b7ff 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -14,8 +14,7 @@ load_secret() {
         fi
         export "$env_var"="$value"
     else
-        echo >&2 "error: $secret_file does not exist"
-        exit 1
+        echo >&2 "info: $secret_file does not exist, if you don't use the secret it shouldn't be a problem"
     fi
 }
 
@@ -23,6 +22,7 @@ load_secret "DB_PASSWORD" "/run/secrets/db_password"
 load_secret "ADMIN_PASSWORD" "/run/secrets/admin_password"
 load_secret "SIGNING_SECRET" "/run/secrets/signing_secret"
 load_secret "EMAIL_SMTP_PASSWORD" "/run/secrets/smtp_password"
+load_secret "OIDC_SECRET" "/run/secrets/oidc_secret"
 
 # upstream has no entrypoint https://github.com/directus/directus/blob/main/Dockerfile
 node cli.js bootstrap && pm2-runtime start ecosystem.config.cjs
\ No newline at end of file

From 0d7f132f229955198c4e6105740faf445017959a Mon Sep 17 00:00:00 2001
From: contraintuitiv <mail@contraintuitiv.de>
Date: Thu, 8 Jan 2026 16:31:49 +0100
Subject: [PATCH 2/2] removed "

---
 compose.oidc.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/compose.oidc.yml b/compose.oidc.yml
index f7a46ad..71a8284 100644
--- a/compose.oidc.yml
+++ b/compose.oidc.yml
@@ -11,15 +11,15 @@ services:
       AUTH_SSO_SCOPE: ${AUTH_SSO_SCOPE:-"openid profile email"}
       AUTH_SSO_IDENTIFIER_KEY: ${AUTH_SSO_IDENTIFIER_KEY}
       AUTH_SSO_ALLOW_PUBLIC_REGISTRATION: ${AUTH_SSO_ALLOW_PUBLIC_REGISTRATION:-false}
-      AUTH_SSO_REQUIRE_VERIFIED_EMAIL: "${AUTH_SSO_REQUIRE_VERIFIED_EMAIL:-false}"
-      AUTH_SSO_DEFAULT_ROLE_ID: "${AUTH_SSO_DEFAULT_ROLE_ID}"
-      AUTH_SSO_SYNC_USER_INFO: "${AUTH_SSO_SYNC_USER_INFO:-true}"
-      AUTH_SSO_ROLE_MAPPING: "${AUTH_SSO_ROLE_MAPPING:-{}}"
-      AUTH_SSO_GROUP_CLAIM_NAME: "${AUTH_SSO_GROUP_CLAIM_NAME:-groups}"
-      AUTH_SSO_ICON: "${AUTH_SSO_ICON:-account_circle}"
+      AUTH_SSO_REQUIRE_VERIFIED_EMAIL: ${AUTH_SSO_REQUIRE_VERIFIED_EMAIL:-false}
+      AUTH_SSO_DEFAULT_ROLE_ID: ${AUTH_SSO_DEFAULT_ROLE_ID}
+      AUTH_SSO_SYNC_USER_INFO: ${AUTH_SSO_SYNC_USER_INFO:-true}
+      AUTH_SSO_ROLE_MAPPING: ${AUTH_SSO_ROLE_MAPPING:-{}}"
+      AUTH_SSO_GROUP_CLAIM_NAME: ${AUTH_SSO_GROUP_CLAIM_NAME:-groups}
+      AUTH_SSO_ICON: ${AUTH_SSO_ICON:-account_circle}
       AUTH_SSO_LABEL: ${AUTH_SSO_LABEL:-"Single Sign On"}
-      AUTH_SSO_PARAMS: "${AUTH_SSO_PARAMS:-{}}"
-      AUTH_SSO_REDIRECT_ALLOW_LIST: "${AUTH_SSO_REDIRECT_ALLOW_LIST}"
+      AUTH_SSO_PARAMS: ${AUTH_SSO_PARAMS:-{}}
+      AUTH_SSO_REDIRECT_ALLOW_LIST: ${AUTH_SSO_REDIRECT_ALLOW_LIST}
 
     secrets:
       - oidc_secret