From 9f869e372663de5683edc0b474fbee09f4532969 Mon Sep 17 00:00:00 2001
From: Sumanth Chinthagunta <sumanth@chinthagunta.com>
Date: Wed, 19 Jun 2024 22:42:28 -0700
Subject: [PATCH] fix: mailpit

---
 infra/base/mailpit/README.md        | 29 ++++++++++++++++++++++++++++
 infra/base/mailpit/certs/.gitignore |  4 ++++
 infra/base/mailpit/create-certs.sh  | 30 +++++++++++++++++++++++++++++
 3 files changed, 63 insertions(+)
 create mode 100644 infra/base/mailpit/README.md
 create mode 100644 infra/base/mailpit/certs/.gitignore
 create mode 100755 infra/base/mailpit/create-certs.sh

diff --git a/infra/base/mailpit/README.md b/infra/base/mailpit/README.md
new file mode 100644
index 00000000..2d7d2686
--- /dev/null
+++ b/infra/base/mailpit/README.md
@@ -0,0 +1,29 @@
+# mailpit
+
+SMTP Relay for Development time.
+
+## Mailpit TLS Certs
+
+Generate `certs` to enable **TLS** transport for **Mailpit**, so that **hasura-auth** can use it for sending email securely.
+
+> [!NOTE]  
+> we use `mailpit` for local development only. for prod env, we should use any 3rd party managed SMTP relays.
+
+### Prerequisites
+
+- [mkcert](https://github.com/FiloSottile/mkcert)
+
+```shell
+brew install mkcert
+```
+
+### Generate
+
+`./create-certs.sh SAN [SAN...]` can be used for creating certificates.
+
+```shell
+cd infra/base/mailpit
+./create-certs.sh mailpit
+# go back to project root
+cd ../../..
+```
diff --git a/infra/base/mailpit/certs/.gitignore b/infra/base/mailpit/certs/.gitignore
new file mode 100644
index 00000000..86d0cb27
--- /dev/null
+++ b/infra/base/mailpit/certs/.gitignore
@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
\ No newline at end of file
diff --git a/infra/base/mailpit/create-certs.sh b/infra/base/mailpit/create-certs.sh
new file mode 100755
index 00000000..f928b573
--- /dev/null
+++ b/infra/base/mailpit/create-certs.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+set -o errtrace
+
+PRODUCT=mailpit
+if [[ "$#" -lt 1 ]]; then
+	echo "Usage: $0 SAN [SAN...]"
+	echo
+	echo "Example: $0 mailpit"
+	echo
+	echo "The following files will be created under ./certs"
+	echo "- certs/{ca.pem,cert.pem,key.pem}"
+	echo "- SAN"
+	exit 1
+fi
+if ! command -v mkcert >/dev/null; then
+	echo "Missing mkcert (https://github.com/FiloSottile/mkcert)"
+	exit 1
+fi
+SAN=$@
+
+(
+	mkdir -p certs
+	CAROOT=$(pwd) mkcert -cert-file certs/tls.crt -key-file certs/tls.key ${SAN} >/dev/null 2>&1
+	cp -f rootCA.pem certs/ca.pem
+	rm -f rootCA.pem rootCA-key.pem
+)