Add proper email notifications

compose.yaml

@@ -1,20 +1,39 @@
-# Podman / Docker Compose stack for local hamprint development.
+# Production compose stack for hamprint.
 #
-# Bring it up:   podman-compose up -d   (or: docker compose up -d)
-# Logs:          podman-compose logs -f web
-# Tear down:     podman-compose down            (keeps the pgdata volume)
-#                podman-compose down -v         (drops the pgdata volume too)
+# What changed from the previous bind-mount / pip-at-runtime version:
+#   - `web` is now BUILT from the Containerfile in this repo. Everything
+#     (Python deps, the Tailwind CLI binary, the built CSS, collectstatic
+#     output) bakes into the image; nothing is installed at container start.
+#   - No host source bind-mount: the container ships its own /app. Code
+#     changes require a `podman-compose up -d --build web`.
+#   - `DJANGO_SETTINGS_MODULE=hamprint.settings.prod` (DEBUG off, secure
+#     cookies, HSTS). DEBUG=True traffic should run from the host venv,
+#     not from this stack.
+#   - Uploaded STLs persist in a named `media` volume so they survive
+#     `podman-compose down` / image rebuilds. Drop with `down -v`.
 #
-# The `web` service uses a stock python:3.14-slim image and bind-mounts this
-# repo at /app. On every start it installs from requirements.txt plus
-# psycopg[binary] (the pip-cache volume makes subsequent starts fast) and
-# runs Django's dev server. There is intentionally no Containerfile yet --
-# swap `image:` for `build: .` once Section 10's image lands.
+# Bring it up:        podman-compose up -d --build
+# Rebuild only web:   podman-compose up -d --build web
+# Logs:               podman-compose logs -f web
+# Tear down:          podman-compose down       # keeps pgdata + media
+#                     podman-compose down -v    # nukes both volumes too
+#
+# `.env` keys you'll want set (see `.env.example` for the full list):
+#   SECRET_KEY            - long random string
+#   ALLOWED_HOSTS         - e.g. "print.hamlab.lt,localhost"
+#   SITE_URL              - e.g. "https://print.hamlab.lt"   (for emails)
+#   POSTGRES_DB / _USER / _PASSWORD
+#   MAILTRAP_API_TOKEN          (+ MAILTRAP_TEST_INBOX_ID for sandbox)
+#   GOOGLE_CLIENT_ID / _SECRET (optional; only if Google sign-in is wanted)
+#
+# TLS termination is the upstream proxy's job -- the `web` container speaks
+# plain HTTP on its mapped host port (default 8000).
 
 services:
   db:
     image: docker.io/library/postgres:16
     restart: unless-stopped
+    env_file: .env
     environment:
       POSTGRES_DB: ${POSTGRES_DB}
       POSTGRES_USER: ${POSTGRES_USER}
@@ -26,30 +45,24 @@ services:
       interval: 5s
       timeout: 3s
       retries: 10
-    env_file: .env
 
   web:
-    image: docker.io/library/python:3.14-slim
-    working_dir: /app
-    command: >
-      bash -c "
-        pip install --quiet --no-input -r requirements.txt 'psycopg[binary]' &&
-        python manage.py migrate --noinput &&
-        python manage.py runserver 0.0.0.0:8000
-      "
+    build:
+      context: .
+      dockerfile: Containerfile
+    restart: unless-stopped
     env_file: .env
     environment:
-      DJANGO_SETTINGS_MODULE: hamprint.settings.dev
+      DJANGO_SETTINGS_MODULE: hamprint.settings.prod
       DATABASE_URL: postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db:5432/${POSTGRES_DB}
     ports:
       - "8000:8000"
     volumes:
-      - .:/app:Z
-      - pipcache:/root/.cache/pip
+      - media:/app/media
     depends_on:
       db:
         condition: service_healthy
 
 volumes:
   pgdata:
-  pipcache:
+  media: