diff --git a/.env.sample b/.env.sample index 02da021..a29488f 100644 --- a/.env.sample +++ b/.env.sample @@ -28,3 +28,12 @@ COMPOSE_FILE="compose.yml" #TURN_URIS="[\"turns:coturn.foo.zone?transport=udp\", \"turns:coturn.foo.zone?transport=tcp\"]" #TURN_ALLOW_GUESTS=true #SECRET_TURN_SHARED_SECRET_VERSION=v1 + +#COMPOSE_FILE="compose.yml:compose.smtp.yml" +#SMTP_ENABLED=1 +#SMTP_APP_NAME= +#SMTP_FROM= +#SMTP_HOST= +#SMTP_PORT= +#SMTP_USER= +#SECRET_SMTP_PASSWORD_VERSION=v1 diff --git a/compose.smtp.yml b/compose.smtp.yml new file mode 100644 index 0000000..329faef --- /dev/null +++ b/compose.smtp.yml @@ -0,0 +1,23 @@ +--- +version: "3.8" + +services: + app: + secrets: + - db_password + - form_secret + - macaroon_secret_key + - registration_shared_secret + - smtp_password + environment: + - SMTP_APP_NAME + - SMTP_ENABLED + - SMTP_FROM + - SMTP_HOST + - SMTP_PORT + - SMTP_USER + +secrets: + smtp_password: + external: true + name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION} diff --git a/homeserver.yaml.tmpl b/homeserver.yaml.tmpl index 327db65..6e18715 100644 --- a/homeserver.yaml.tmpl +++ b/homeserver.yaml.tmpl @@ -2105,26 +2105,27 @@ ui_auth: # https://matrix-org.github.io/synapse/latest/templates.html for more information. # email: + {{ if eq (env "SMTP_ENABLED") "1" }} # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'. # - #smtp_host: mail.server + smtp_host: {{ env "SMTP_HOST" }} # The port on the mail server for outgoing SMTP. Defaults to 25. # - #smtp_port: 587 + smtp_port: {{ env "SMTP_PORT" }} # Username/password for authentication to the SMTP server. By default, no # authentication is attempted. # - #smtp_user: "exampleusername" - #smtp_pass: "examplepassword" + smtp_user: {{ env "SMTP_USER" }} + smtp_pass: {{ secret "smtp_password" }} # Uncomment the following to require TLS transport security for SMTP. # By default, Synapse will connect over plain text, and will then switch to # TLS via STARTTLS *if the SMTP server supports it*. If this option is set, # Synapse will refuse to connect unless the server supports STARTTLS. # - #require_transport_security: true + require_transport_security: true # Uncomment the following to disable TLS for SMTP. # @@ -2144,17 +2145,17 @@ email: # Note that the placeholder must be written '%(app)s', including the # trailing 's'. # - #notif_from: "Your Friendly %(app)s homeserver " + notif_from: "Your Friendly %(app)s homeserver <{{ env "SMTP_FROM" }}>" # app_name defines the default value for '%(app)s' in notif_from and email # subjects. It defaults to 'Matrix'. # - #app_name: my_branded_matrix_server + app_name: {{ env "SMTP_APP_NAME" }} # Uncomment the following to enable sending emails for messages that the user # has missed. Disabled by default. # - #enable_notifs: true + enable_notifs: true # Uncomment the following to disable automatic subscription to email # notifications for new users. Enabled by default. @@ -2167,7 +2168,7 @@ email: # (This setting used to be called riot_base_url; the old name is still # supported for backwards-compatibility but is now deprecated.) # - #client_base_url: "http://localhost/riot" + client_base_url: "https://{{ env "DOMAIN" }}" # Configure the time that a validation email will expire after sending. # Defaults to 1h. @@ -2336,7 +2337,7 @@ user_directory: # Uncomment to return search results containing all known users, even if that # user does not share a room with the requester. # - #search_all_users: true + search_all_users: true # Defines whether to prefer local users in search query results. # If True, local users are more likely to appear above remote users