feat(supabase): add Google/Apple OAuth and fueltide.io-branded email flows
Enables the auth providers and transactional email flows the self-hosted Supabase was missing compared to the cloud instance: - GoTrue now accepts Google and Apple OAuth (web flow); Apple client-secret JWT is signed fresh on every activation from the SOPS-stored .p8 so there's no 6-month rotation ritual. - SMTP points at mail.cloonar.com:587 with SASL auth via a new `supabase` LDAP account; a `noreply@fueltide.io` mailAlias lets that account send as the fueltide.io address. - rspamd on mail.cloonar.com gets a per-domain DKIM key for fueltide.io (selector `default`) so outbound mail is signed. - MAILER_AUTOCONFIRM is off so signup confirmation + password reset actually go through email. - SITE_URL + URI_ALLOW_LIST point at app.fueltide.io / stage so links in emails and OAuth redirects land in the right app. FUELTIDE_AUTH_SETUP.md documents the manual steps (LDAP entries, SOPS additions, DNS records, Google/Apple console setup) that must be completed before merging.
This commit is contained in:
parent
1f5e5b9a37
commit
67e81d39f3
5 changed files with 366 additions and 12 deletions
|
|
@ -10,6 +10,7 @@
|
|||
./modules/openldap.nix
|
||||
./modules/dovecot.nix
|
||||
./modules/postfix.nix
|
||||
./modules/dkim-fueltide.nix
|
||||
|
||||
./utils/modules/borgbackup.nix
|
||||
./utils/modules/promtail
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue