dbe7f7b
dbe7f7b095caa2449258768559c84be841441538f27fcda
4f25518| Status | File | + | - |
|---|---|---|---|
| M |
deploy/ansible/inventory/production.example
|
6 | 2 |
| M |
deploy/ansible/roles/shithubd/templates/web.env.j2
|
4 | 1 |
| M |
deploy/ansible/roles/shithubd/templates/worker.env.j2
|
2 | 0 |
deploy/ansible/inventory/production.examplemodified@@ -18,9 +18,13 @@ shithub_group=shithub | |||
| 18 | shithub_data_root=/data | 18 | shithub_data_root=/data |
| 19 | # pgx pool size; matches the worker pool too. | 19 | # pgx pool size; matches the worker pool too. |
| 20 | shithub_db_pool_max=20 | 20 | shithub_db_pool_max=20 |
| 21 | -# Postmark sender + DKIM are configured before the deploy. | 21 | +# Transactional sender + DKIM/SPF are configured before the deploy. |
| 22 | +# Backend is `postmark` or `resend`; set the matching secret below | ||
| 23 | +# (vault both — they are not safe to commit). | ||
| 22 | shithub_email_from="shithub <noreply@shithub.example>" | 24 | shithub_email_from="shithub <noreply@shithub.example>" |
| 23 | -shithub_email_backend=postmark | 25 | +shithub_email_backend=resend |
| 26 | +# shithub_postmark_token=... # when backend=postmark | ||
| 27 | +shithub_resend_api_key=re_REPLACE_ME # when backend=resend | ||
| 24 | # Runtime object storage. DigitalOcean Spaces uses virtual-hosted style | 28 | # Runtime object storage. DigitalOcean Spaces uses virtual-hosted style |
| 25 | # addressing and TLS; region remains us-east-1 for SigV4 signing. | 29 | # addressing and TLS; region remains us-east-1 for SigV4 signing. |
| 26 | s3_endpoint=nyc3.digitaloceanspaces.com | 30 | s3_endpoint=nyc3.digitaloceanspaces.com |
deploy/ansible/roles/shithubd/templates/web.env.j2modified@@ -44,7 +44,10 @@ SHITHUB_STORAGE__S3__FORCE_PATH_STYLE={{ (s3_force_path_style | default(false)) | |||
| 44 | SHITHUB_SESSION_KEY={{ shithub_session_key_b64 }} | 44 | SHITHUB_SESSION_KEY={{ shithub_session_key_b64 }} |
| 45 | SHITHUB_TOTP_KEY={{ shithub_totp_key_b64 }} | 45 | SHITHUB_TOTP_KEY={{ shithub_totp_key_b64 }} |
| 46 | 46 | ||
| 47 | -# Postmark transactional sender; DKIM/SPF configured before deploy. | 47 | +# Transactional email credentials. DKIM/SPF for the chosen provider |
| 48 | +# must be configured at the DNS layer before deploy. | ||
| 48 | {% if shithub_email_backend == "postmark" %} | 49 | {% if shithub_email_backend == "postmark" %} |
| 49 | SHITHUB_AUTH__POSTMARK__SERVER_TOKEN={{ shithub_postmark_token }} | 50 | SHITHUB_AUTH__POSTMARK__SERVER_TOKEN={{ shithub_postmark_token }} |
| 51 | +{% elif shithub_email_backend == "resend" %} | ||
| 52 | +SHITHUB_AUTH__RESEND__API_KEY={{ shithub_resend_api_key }} | ||
| 50 | {% endif %} | 53 | {% endif %} |
deploy/ansible/roles/shithubd/templates/worker.env.j2modified@@ -27,4 +27,6 @@ SHITHUB_TOTP_KEY={{ shithub_totp_key_b64 }} | |||
| 27 | 27 | ||
| 28 | {% if shithub_email_backend == "postmark" %} | 28 | {% if shithub_email_backend == "postmark" %} |
| 29 | SHITHUB_AUTH__POSTMARK__SERVER_TOKEN={{ shithub_postmark_token }} | 29 | SHITHUB_AUTH__POSTMARK__SERVER_TOKEN={{ shithub_postmark_token }} |
| 30 | +{% elif shithub_email_backend == "resend" %} | ||
| 31 | +SHITHUB_AUTH__RESEND__API_KEY={{ shithub_resend_api_key }} | ||
| 30 | {% endif %} | 32 | {% endif %} |