fix: add SMTP relay on main server for Outline email auth

tools-server (85.193.83.9) has outbound SMTP ports 465/587 blocked by VPS provider. Added tecnativa/postfix-relay container on main server that relays to smtp.resend.com:587. Outline now uses ip_main:1025 as SMTP host. - UFW rule: allow port 1025 from ip_tools only - Remove stale authelia_image from docker pull list Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-26 23:35:30 +07:00 · 2026-03-26 23:35:30 +07:00 · fba7eb68ea
commit fba7eb68ea
parent e754d54e81
3 changed files with 38 additions and 7 deletions
--- a/roles/services/tasks/main.yml
+++ b/roles/services/tasks/main.yml
@ -24,14 +24,22 @@
    - "{{ loki_image }}"
    - "{{ promtail_image }}"
    - "{{ crowdsec_image }}"
-    - "{{ authelia_image }}"
    - "{{ uptime_kuma_image }}"
+    - "tecnativa/postfix-relay"
  register: pull_result
  changed_when: "'Status: Downloaded newer image' in pull_result.stdout"
  retries: 5
  delay: 30
  until: pull_result.rc == 0

+- name: Allow SMTP relay port from tools server
+  community.general.ufw:
+    rule: allow
+    port: "1025"
+    proto: tcp
+    src: "{{ ip_tools }}"
+    comment: "SMTP relay for tools-server Outline"
+
 - name: Deploy Docker Compose stack
  community.docker.docker_compose_v2:
    project_src: "{{ services_root }}"
--- a/roles/services/templates/docker-compose.yml.j2
+++ b/roles/services/templates/docker-compose.yml.j2
@ -570,3 +570,28 @@ services:
      interval: 30s
      timeout: 5s
      retries: 3
+
+  # ── SMTP Relay ─────────────────────────────────────────────────────────────
+  # Forwards mail from tools-server (85.193.83.9) to Resend SMTP.
+  # tools-server has outbound SMTP blocked by the VPS provider.
+  # Listens on 85.193.83.9:1025 (UFW allows only from ip_tools).
+  smtp-relay:
+    image: tecnativa/postfix-relay
+    container_name: smtp-relay
+    restart: unless-stopped
+    ports:
+      - "{{ ip_tools }}:1025:25"
+    networks:
+      - proxy
+    environment:
+      - MAILNAME={{ domain_base }}
+      - MAIL_RELAY_HOST=smtp.resend.com
+      - MAIL_RELAY_PORT=587
+      - MAIL_RELAY_USER=resend
+      - MAIL_RELAY_PASS={{ resend_api_key }}
+      - MAIL_RELAY_MYHOSTNAME=mail.{{ domain_base }}
+    logging:
+      driver: json-file
+      options:
+        max-size: "5m"
+        max-file: "2"
--- a/roles/tools/templates/env.j2
+++ b/roles/tools/templates/env.j2
@ -27,14 +27,12 @@ FILE_STORAGE=s3
 # Auth
 AUTH_PROVIDERS=email

-# SMTP via Resend
-SMTP_HOST=smtp.resend.com
-SMTP_PORT=465
-SMTP_USERNAME=resend
-SMTP_PASSWORD={{ resend_api_key }}
+# SMTP via relay on main server (tools-server has outbound SMTP blocked)
+SMTP_HOST={{ ip_main }}
+SMTP_PORT=1025
 SMTP_FROM_EMAIL=noreply@{{ domain_base }}
 SMTP_FROM_NAME=Visual Wiki
-SMTP_SECURE=true
+SMTP_SECURE=false

 # Outline DB password (used in docker-compose)
 OUTLINE_DB_PASSWORD={{ outline_db_password }}