use docker secret for mail and seperate compose file

.env.sample

@@ -1,28 +1,28 @@
 TYPE=loomio
+COMPOSE_FILE="compose.yml"
 
 DOMAIN=loomio.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.loomio.example.com`'
 LETS_ENCRYPT_ENV=production
 
-# the number of dots in your hostname
+# mail setup
-TLD_LENGTH=3
+COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
-# TODO 3wc: is this needed?
-
 SUPPORT_EMAIL=noreply@example.com
 SMTP_AUTH=plain
 SMTP_DOMAIN=example.com
 SMTP_SERVER=example.com
 SMTP_PORT=587
 SMTP_USERNAME=noreply@example.com
-SMTP_PASSWORD=password
 SMTP_USE_SSL=1
 # to disable SSL comment out line rather than changing to 0
+SECRET_SMTP_PASSWORD_VERSION=v1
 
-# Whyyyy does this need to be set separately
+# From field for notification e-mails
 NOTIFICATIONS_EMAIL_ADDRESS=noreply@example.com
 
-REPLY_HOSTNAME=loomio.example.com
+# reply-to in email notifications
+REPLY_HOSTNAME=$DOMAIN
 
 # helper bot is the account which welcomes people to their groups.
 HELPER_BOT_EMAIL=noreply@loomio.example.com
@@ -43,6 +43,7 @@ USE_RACK_ATTACK=1
 SECRET_DEVISE_SECRET_VERSION=v1 #length=64
 SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64
 SECRET_DB_PASSWORD_VERSION=v1
+SECRET_SMTP_PASSWORD_VERSION=v1
 
 # Send catch up email (missed yesterday) weekly
 # EMAIL_CATCH_UP_WEEKLY=1

README.md

@@ -6,7 +6,7 @@
 * **Category**: Apps
 * **Status**: 0, work-in-progress
 * **Image**: [`loomio/*`](https://hub.docker.com/r/loomio)
-* **Healthcheck**: No
+* **Healthcheck**: Yes
 * **Backups**: No
 * **Email**: Outgoing yes, incoming no
 * **Tests**: No

abra.sh

@@ -1,4 +1,4 @@
-export LOOMIO_ENTRYPOINT_VERSION=v4
+export LOOMIO_ENTRYPOINT_VERSION=v5
 
 function make_last_user_admin()
 {

compose.smtp.yml

@@ -0,0 +1,28 @@
+version: "3.8"
+
+x-mail-env: &mail-env
+    SMTP_AUTH: ${SMTP_AUTH}
+    SMTP_DOMAIN: ${SMTP_DOMAIN}
+    SMTP_SERVER: ${SMTP_SERVER}
+    SMTP_PORT: ${SMTP_PORT}
+    SMTP_USERNAME: ${SMTP_USERNAME}
+    SMTP_PASSWORD:
+    SMTP_PASSWORD_FILE: /run/secrets/smtp_password
+    SMTP_USE_SSL: ${SMTP_USE_SSL}
+
+services:
+  app:
+    secrets:
+      - smtp_password
+    environment:
+      *mail-env
+  worker:
+    secrets:
+      - smtp_password
+    environment:
+      *mail-env
+
+secrets:
+  smtp_password:
+    name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
+    external: true

compose.yml

@@ -14,13 +14,6 @@ x-environment: &default-env
   CHANNELS_URI: wss://channels.${DOMAIN}
   TLD_LENGTH: ${TLD_LENGTH}
   SUPPORT_EMAIL: ${SUPPORT_EMAIL}
-  SMTP_AUTH: ${SMTP_AUTH}
-  SMTP_DOMAIN: ${SMTP_DOMAIN}
-  SMTP_SERVER: ${SMTP_SERVER}
-  SMTP_PORT: ${SMTP_PORT}
-  SMTP_USERNAME: ${SMTP_USERNAME}
-  SMTP_PASSWORD: ${SMTP_PASSWORD}
-  SMTP_USE_SSL: ${SMTP_USE_SSL}
   NOTIFICATIONS_EMAIL_ADDRESS: ${NOTIFICATIONS_EMAIL_ADDRESS}
   REPLY_HOSTNAME: ${REPLY_HOSTNAME}
   HELPER_BOT_EMAIL: ${HELPER_BOT_EMAIL}

entrypoint.sh

@@ -24,6 +24,7 @@ file_env() {
 file_env "DEVISE_SECRET"
 file_env "SECRET_COOKIE_TOKEN"
 file_env "POSTGRES_PASSWORD"
+file_env "SMTP_PASSWORD"
 export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}"
 
 if [ -n "$1" ]; then