Add SMTP configuration and environment support

README.md

@@ -346,6 +346,42 @@ Warning: using user "cluster" credentials from the environment
   "http2https": true
 }
 ```
+## Smarthost setting discovery
+
+Some configuration settings, like the smarthost setup, are not part of the
+`configure-module` action input: they are discovered by looking at some
+Redis keys.  To ensure the module is always up-to-date with the
+centralized [smarthost
+setup](https://nethserver.github.io/ns8-core/core/smarthost/) every time
+`phpfpm@.service` starts, the command `bin/discover-smarthost` runs and refreshes
+the `state/smarthost.env` file with fresh values from Redis.
+
+Furthermore if smarthost setup is changed when webserver is already
+running, the event handler `events/smarthost-changed/10reload_services`
+restarts `phpfpm@.service`.
+
+See also the `systemd/user/phpfpm@.service` file.
+
+### Environment files for PHP versions
+
+The systemd service is templated using `phpfpm@.service` to support multiple PHP versions.
+Environment files are present and loaded inside the container for each PHP version instance.
+For example, when the systemd service `phpfpm@8.5.service` runs, it loads the following environment files:
+
+- `state/smarthost.env` - SMTP and smarthost configuration (optional, prefixed with `SMTP_`)
+
+These environment variables are automatically passed to the corresponding PHP-FPM container instance, allowing configuration to be centrally managed through environment files that apply to all PHP versions (8.5, 8.4, 8.3, etc.).
+This setting discovery is just an example to understand how the module is expected to work:
+```
+cat smarthost.env 
+SMTP_ENABLED=1
+SMTP_HOST=10.5.4.1
+SMTP_PORT=25
+SMTP_USERNAME=
+SMTP_PASSWORD=
+SMTP_ENCRYPTION=none
+SMTP_TLSVERIFY=
+```
 
 ## Uninstall
 

build-images.sh

@@ -10,68 +10,29 @@ repobase="${REPOBASE:-ghcr.io/nethserver}"
 # Configure the image name
 reponame="webserver"
 
-podman build \
-    --force-rm \
-    --layers \
-    --tag "${repobase}/php8.5-fpm" \
-    --build-arg "PHP_VERSION_IMAGE=docker.io/library/php:8.5.1-fpm-bookworm" \
-    container
-
-images+=("${repobase}/php8.5-fpm")
-
-podman build \
-    --force-rm \
-    --layers \
-    --tag "${repobase}/php8.4-fpm" \
-    --build-arg "PHP_VERSION_IMAGE=docker.io/library/php:8.4.15-fpm-bookworm" \
-    container
-
-images+=("${repobase}/php8.4-fpm")
-
-podman build \
-    --force-rm \
-    --layers \
-    --tag "${repobase}/php8.3-fpm" \
-    --build-arg "PHP_VERSION_IMAGE=docker.io/library/php:8.3.28-fpm-bookworm" \
-    container
-
-images+=("${repobase}/php8.3-fpm")
-
-podman build \
-    --force-rm \
-    --layers \
-    --tag "${repobase}/php8.2-fpm" \
-    --build-arg "PHP_VERSION_IMAGE=docker.io/library/php:8.2.29-fpm-bookworm" \
-    container
-
-images+=("${repobase}/php8.2-fpm")
-
-podman build \
-    --force-rm \
-    --layers \
-    --tag "${repobase}/php8.1-fpm" \
-    --build-arg "PHP_VERSION_IMAGE=docker.io/library/php:8.1.33-fpm-bookworm" \
-    container
-
-images+=("${repobase}/php8.1-fpm")
-
-podman build \
-    --force-rm \
-    --layers \
-    --tag "${repobase}/php8.0-fpm" \
-    --build-arg "PHP_VERSION_IMAGE=docker.io/library/php:8.0.30-fpm-bullseye" \
-    container
-
-images+=("${repobase}/php8.0-fpm")
-
-podman build \
-    --force-rm \
-    --layers \
-    --tag "${repobase}/php7.4-fpm" \
-    --build-arg "PHP_VERSION_IMAGE=docker.io/library/php:7.4.33-fpm-bullseye" \
-    container
-
-images+=("${repobase}/php7.4-fpm")
+# Function to build PHP FPM images
+build_php_image() {
+    local version=$1
+    local php_image=$2
+
+    podman build \
+        --force-rm \
+        --layers \
+        --tag "${repobase}/php${version}-fpm" \
+        --build-arg "PHP_VERSION_IMAGE=${php_image}" \
+        container
+
+    images+=("${repobase}/php${version}-fpm")
+}
+
+# Build all PHP FPM images
+build_php_image "8.5" "docker.io/library/php:8.5.1-fpm-bookworm"
+build_php_image "8.4" "docker.io/library/php:8.4.15-fpm-bookworm"
+build_php_image "8.3" "docker.io/library/php:8.3.28-fpm-bookworm"
+build_php_image "8.2" "docker.io/library/php:8.2.29-fpm-bookworm"
+build_php_image "8.1" "docker.io/library/php:8.1.33-fpm-bookworm"
+build_php_image "8.0" "docker.io/library/php:8.0.30-fpm-bullseye"
+build_php_image "7.4" "docker.io/library/php:7.4.33-fpm-bullseye"
 
 # Create a new empty container image
 container=$(buildah from scratch)

container/Containerfile

@@ -67,7 +67,7 @@ RUN set -eux \
     # --- Install runtime libraries depending on Debian codename ---
     && apt update \
     && apt upgrade -y \
-    && apt install -y ca-certificates \
+    && apt install -y ca-certificates openssl\
     &&  if echo "$PHP_VERSION_IMAGE" | grep -q "bullseye$"; then \
             apt install -y --no-install-recommends \
                 libc-client2007e \

imageroot/bin/discover-smarthost

@@ -0,0 +1,36 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2026 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import agent
+import os
+
+# Connect the local Redis replica. This is necessary to consistently start
+# the service if the leader node is not reachable:
+rdb = agent.redis_connect(use_replica=True)
+smtp_settings = agent.get_smarthost_settings(rdb)
+
+# create the smarthost folder
+envfile = 'smarthosts/smarthost.env'
+
+# Ensure the target directory exists:
+os.makedirs(os.path.dirname(envfile), exist_ok=True)
+
+# Create a unique temporary file using process PID to avoid concurrent writes:
+tmp_path = f"{envfile}.tmp.{os.getpid()}"
+
+with open(tmp_path, "w") as efp:
+    # HINT for lamp: adjust variable names as needed
+    print(f"SMTP_ENABLED={'1' if smtp_settings['enabled'] else ''}", file=efp)
+    print(f"SMTP_HOST={smtp_settings['host']}", file=efp)
+    print(f"SMTP_PORT={smtp_settings['port']}", file=efp)
+    print(f"SMTP_USERNAME={smtp_settings['username']}", file=efp)
+    print(f"SMTP_PASSWORD={smtp_settings['password']}", file=efp)
+    print(f"SMTP_ENCRYPTION={smtp_settings['encrypt_smtp']}", file=efp)
+    print(f"SMTP_TLSVERIFY={'1' if smtp_settings['tls_verify'] else ''}", file=efp)
+
+# Commit changes by atomically replacing the existing envfile:
+os.replace(tmp_path, envfile)

imageroot/events/smarthost-changed/10restart_phpfpm

@@ -0,0 +1,19 @@
+#!/usr/bin/env python3
+
+#
+# Copyright (C) 2026 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+
+import subprocess
+import glob
+import re
+
+# detect if a service has configurations and restart it
+PhpServiceArray = glob.glob('php*-fpm-custom.d')
+for folder in PhpServiceArray:
+    ConfiguredServices = re.findall('php[0-9\.]+', folder)
+    ListConfigurations = glob.glob(folder+'/dyn-*.conf')
+    if ListConfigurations :
+        subprocess.run(["download-php-fpm",ConfiguredServices[0].replace('php','')])
+        subprocess.run(["systemctl", "--user", "restart", "phpfpm@"+ConfiguredServices[0].replace('php','')+".service"])

imageroot/systemd/user/phpfpm@.service

@@ -9,15 +9,18 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
 EnvironmentFile=%S/state/environment
 EnvironmentFile=%S/state/image_url_tag.env
 WorkingDirectory=%S/state
+EnvironmentFile=-%S/state/smarthosts/smarthost.env
 Restart=always
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/php%i-fpm.pid %t/php%i-fpm.ctr-id
 ExecStartPre=/usr/bin/mkdir -p %S/state/php%i-fpm-custom.d
+ExecStartPre=-runagent discover-smarthost
 ExecStart=/usr/bin/podman run --conmon-pidfile %t/php%i-fpm.pid \
     --cidfile %t/php%i-fpm.ctr-id --cgroups=no-conmon \
     --pod-id-file %t/webserver.pod-id --replace -d --name  php%i-fpm \
     --volume websites:/var/www/html:z \
     --volume %S/state/php%i-fpm-custom.d:/usr/local/etc/php-fpm.d:z \
+    --env SMTP_* \
     ghcr.io/nethserver/php%i-fpm:${IMAGE_URL_TAG}
 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/php%i-fpm.ctr-id -t 10
 ExecReload=/usr/bin/mkdir -p %S/state/php%i-fpm-custom.d