From be1795571274251a7efac6f0f9a164e6c16c9482 Mon Sep 17 00:00:00 2001
From: Serreau Jovann <jovann@siteconseil.fr>
Date: Fri, 10 Apr 2026 08:38:08 +0200
Subject: [PATCH] Configure SMTP via init container and set public hostname

- Add keycloak-smtp-init service that uses kcadm.sh to apply SES SMTP
  settings to the master realm at startup (idempotent, env-driven).
- Set KC_HOSTNAME to https://auth.e-cosplay.fr and trust X-Forwarded-*
  headers for the upcoming Caddy reverse proxy in front.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 docker-compose.yml | 47 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 46 insertions(+), 1 deletion(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index cf1a548..1ad6ef4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -27,8 +27,9 @@ services:
       KC_DB_URL: jdbc:postgresql://postgres:5432/keycloak
       KC_DB_USERNAME: keycloak
       KC_DB_PASSWORD: keycloak
-      KC_HOSTNAME: localhost
+      KC_HOSTNAME: https://auth.e-cosplay.fr
       KC_HTTP_ENABLED: "true"
+      KC_PROXY_HEADERS: xforwarded
       KC_HEALTH_ENABLED: "true"
       KC_METRICS_ENABLED: "true"
       KEYCLOAK_ADMIN: admin
@@ -41,6 +42,50 @@ services:
     networks:
       - keycloak-net
 
+  keycloak-smtp-init:
+    image: quay.io/keycloak/keycloak:26.0
+    container_name: ecosplay-auth-smtp-init
+    depends_on:
+      keycloak:
+        condition: service_started
+    environment:
+      KC_SERVER: http://keycloak:8080
+      KC_ADMIN: admin
+      KC_ADMIN_PASSWORD: admin
+      SMTP_HOST: email-smtp.eu-west-3.amazonaws.com
+      SMTP_PORT: "587"
+      SMTP_FROM: auth@e-cosplay.fr
+      SMTP_FROM_DISPLAY_NAME: E-Cosplay
+      SMTP_USER: AKIAWTT2T22CWBRBBDYN
+      SMTP_PASSWORD: BBdgb6KxRQ8mNcpWFJsZCJxbSGNdgLhKFiITMErfBlQP
+    entrypoint: ["/bin/bash", "-c"]
+    command:
+      - |
+        set -e
+        until /opt/keycloak/bin/kcadm.sh config credentials \
+            --server "$$KC_SERVER" \
+            --realm master \
+            --user "$$KC_ADMIN" \
+            --password "$$KC_ADMIN_PASSWORD" >/dev/null 2>&1; do
+          echo "Waiting for Keycloak to be ready..."
+          sleep 5
+        done
+        echo "Keycloak ready, configuring SMTP on master realm..."
+        /opt/keycloak/bin/kcadm.sh update realms/master \
+          -s "smtpServer.host=$$SMTP_HOST" \
+          -s "smtpServer.port=$$SMTP_PORT" \
+          -s "smtpServer.from=$$SMTP_FROM" \
+          -s "smtpServer.fromDisplayName=$$SMTP_FROM_DISPLAY_NAME" \
+          -s "smtpServer.auth=true" \
+          -s "smtpServer.starttls=true" \
+          -s "smtpServer.ssl=false" \
+          -s "smtpServer.user=$$SMTP_USER" \
+          -s "smtpServer.password=$$SMTP_PASSWORD"
+        echo "SMTP configuration applied to master realm."
+    networks:
+      - keycloak-net
+    restart: "no"
+
 volumes:
   postgres_data: