Enables the auth providers and transactional email flows the self-hosted
Supabase was missing compared to the cloud instance:
- GoTrue now accepts Google and Apple OAuth (web flow); Apple client-secret
JWT is signed fresh on every activation from the SOPS-stored .p8 so
there's no 6-month rotation ritual.
- SMTP points at mail.cloonar.com:587 with SASL auth via a new `supabase`
LDAP account; a `noreply@fueltide.io` mailAlias lets that account send
as the fueltide.io address.
- rspamd on mail.cloonar.com gets a per-domain DKIM key for fueltide.io
(selector `default`) so outbound mail is signed.
- MAILER_AUTOCONFIRM is off so signup confirmation + password reset
actually go through email.
- SITE_URL + URI_ALLOW_LIST point at app.fueltide.io / stage so links in
emails and OAuth redirects land in the right app.
FUELTIDE_AUTH_SETUP.md documents the manual steps (LDAP entries, SOPS
additions, DNS records, Google/Apple console setup) that must be completed
before merging.
- Deleted individual alert files for host down, inode usage, and RAM usage.
- Merged service down alerts into a new structure with separate files for each service (Gitea, Postfix, Dovecot, OpenLDAP, WireGuard).
- Introduced a new system alert structure consolidating CPU, disk, host down, inode, and RAM usage alerts.
- Updated alert conditions to use 'D' for thresholds and adjusted expressions accordingly.
- Improved annotations and labels for clarity and consistency across alerts.
