feat: enhance n8n workflows with dynamic credential management and email configuration

.env

@@ -36,11 +36,21 @@ ENABLE_EMAIL_SIGNUP=true
 ENABLE_EMAIL_AUTOCONFIRM=true
 ENABLE_ANONYMOUS_USERS=false
 
-# ---- SMTP (dummy; real values needed only to send password-reset mail) ----
-SMTP_HOST=localhost
-SMTP_PORT=2500
-SMTP_USER=fake
-SMTP_PASS=fake
+# ---- SMTP / IMAP (MC Cars mailbox) ----
+SMTP_HOST=heracles.mxrouting.net
+SMTP_PORT=587
+SMTP_USER=office@mc-cars.at
+SMTP_PASS=fhXTcjWMRpSLYYzXJsN8
+
+IMAP_HOST=heracles.mxrouting.net
+IMAP_PORT=993
+IMAP_USER=office@mc-cars.at
+IMAP_PASS=fhXTcjWMRpSLYYzXJsN8
+
+POP3_HOST=heracles.mxrouting.net
+POP3_PORT=995
+POP3_USER=office@mc-cars.at
+POP3_PASS=fhXTcjWMRpSLYYzXJsN8
 
 # ---- Admin BOOTSTRAP credentials (seeded on first DB init) ----
 # The user is flagged must_change_password=true. The REAL working password
@@ -56,3 +66,13 @@ FILE_SIZE_LIMIT=52428800
 N8N_ENCRYPTION_KEY=mc-cars-n8n-encryption-key-change-me
 N8N_USER_EMAIL=admin@mccars.local
 N8N_USER_PASSWORD=McCars-N8n-Admin1
+N8N_POSTGRES_CREDENTIAL_ID=AWozEaiOSymMj7JF
+N8N_POSTGRES_CREDENTIAL_NAME=Postgres account
+N8N_SMTP_CREDENTIAL_ID=nRMemi1sz2C0N4Vu
+N8N_SMTP_CREDENTIAL_NAME=SMTP account
+N8N_SMTP_HOST=heracles.mxrouting.net
+N8N_SMTP_USER=office@mc-cars.at
+N8N_SMTP_PASS=fhXTcjWMRpSLYYzXJsN8
+N8N_PAYPAL_KAUTION_LINK=https://www.google.at
+N8N_PAYPAL_MIETE_LINK=https://www.google.at
+N8N_PAYMENT_WORKFLOW_ID=rI1gUpcRXSikxWhh

docker-compose.local.yml

@@ -43,3 +43,5 @@ services:
   n8n:
     volumes:
       - ./data/n8n:/home/node/.n8n
+      - ./n8n/workflows:/opt/mc-cars/workflows:ro
+      - ./n8n/bootstrap:/opt/mc-cars/bootstrap:ro

docker-compose.yml

@@ -389,6 +389,7 @@ services:
       N8N_PROTOCOL: http
       WEBHOOK_URL: http://localhost:55590/
       N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY}
+      N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS: "false"
 
       # Database (n8n stores its own data in the same Postgres)
       DB_TYPE: postgresdb
@@ -409,8 +410,29 @@ services:
 
       # Allow importing workflows from filesystem
       N8N_USER_FOLDER: /home/node/.n8n
+
+      # Workflow/credential bootstrap (re-import on every start)
+      N8N_POSTGRES_CREDENTIAL_ID: ${N8N_POSTGRES_CREDENTIAL_ID}
+      N8N_POSTGRES_CREDENTIAL_NAME: ${N8N_POSTGRES_CREDENTIAL_NAME}
+      N8N_SMTP_CREDENTIAL_ID: ${N8N_SMTP_CREDENTIAL_ID}
+      N8N_SMTP_CREDENTIAL_NAME: ${N8N_SMTP_CREDENTIAL_NAME}
+      N8N_SMTP_HOST: ${N8N_SMTP_HOST}
+      N8N_SMTP_USER: ${N8N_SMTP_USER}
+      N8N_SMTP_PASS: ${N8N_SMTP_PASS}
+      N8N_PAYPAL_KAUTION_LINK: ${N8N_PAYPAL_KAUTION_LINK}
+      N8N_PAYPAL_MIETE_LINK: ${N8N_PAYPAL_MIETE_LINK}
+      N8N_PAYMENT_WORKFLOW_ID: ${N8N_PAYMENT_WORKFLOW_ID}
+      N8N_WORKFLOW_TEMPLATE: /opt/mc-cars/workflows/01-qualification-payment-email.json
     volumes:
       - /mnt/user/appdata/mc-cars/data/n8n:/home/node/.n8n
+      - /mnt/user/appdata/mc-cars/n8n/workflows:/opt/mc-cars/workflows:ro
+      - /mnt/user/appdata/mc-cars/n8n/bootstrap:/opt/mc-cars/bootstrap:ro
+    entrypoint: ["/bin/sh", "-c"]
+    command:
+      - |
+        set -e
+        /bin/sh /opt/mc-cars/bootstrap/bootstrap-n8n.sh
+        exec n8n start
     ports:
       - "55590:5678"
     networks: [mccars]

n8n/bootstrap/bootstrap-n8n.sh

@@ -0,0 +1,83 @@
+#!/bin/sh
+set -eu
+
+WORKFLOW_TEMPLATE="${N8N_WORKFLOW_TEMPLATE:-/opt/mc-cars/workflows/01-qualification-payment-email.json}"
+WORKFLOW_RENDERED="/tmp/01-qualification-payment-email.rendered.json"
+CREDENTIALS_FILE="/tmp/mc-cars-credentials.json"
+
+required_var() {
+  var_name="$1"
+  eval "var_value=\${$var_name:-}"
+  if [ -z "$var_value" ]; then
+    echo "[n8n-bootstrap] Missing required env var: $var_name" >&2
+    exit 1
+  fi
+}
+
+escape_sed() {
+  printf '%s' "$1" | sed -e 's/[\/&]/\\&/g'
+}
+
+required_var N8N_POSTGRES_CREDENTIAL_ID
+required_var N8N_POSTGRES_CREDENTIAL_NAME
+required_var N8N_SMTP_CREDENTIAL_ID
+required_var N8N_SMTP_CREDENTIAL_NAME
+required_var N8N_SMTP_HOST
+required_var N8N_SMTP_USER
+required_var N8N_SMTP_PASS
+required_var N8N_PAYPAL_KAUTION_LINK
+required_var N8N_PAYPAL_MIETE_LINK
+required_var DB_POSTGRESDB_PASSWORD
+required_var N8N_PAYMENT_WORKFLOW_ID
+
+cat > "$CREDENTIALS_FILE" <<EOF
+[
+  {
+    "id": "${N8N_POSTGRES_CREDENTIAL_ID}",
+    "name": "${N8N_POSTGRES_CREDENTIAL_NAME}",
+    "type": "postgres",
+    "data": {
+      "host": "db",
+      "password": "${DB_POSTGRESDB_PASSWORD}"
+    }
+  },
+  {
+    "id": "${N8N_SMTP_CREDENTIAL_ID}",
+    "name": "${N8N_SMTP_CREDENTIAL_NAME}",
+    "type": "smtp",
+    "data": {
+      "host": "${N8N_SMTP_HOST}",
+      "user": "${N8N_SMTP_USER}",
+      "password": "${N8N_SMTP_PASS}"
+    }
+  }
+]
+EOF
+
+if [ ! -f "$WORKFLOW_TEMPLATE" ]; then
+  echo "[n8n-bootstrap] Workflow template not found: $WORKFLOW_TEMPLATE" >&2
+  exit 1
+fi
+
+POSTGRES_ID_ESCAPED="$(escape_sed "$N8N_POSTGRES_CREDENTIAL_ID")"
+SMTP_ID_ESCAPED="$(escape_sed "$N8N_SMTP_CREDENTIAL_ID")"
+KAUTION_LINK_ESCAPED="$(escape_sed "$N8N_PAYPAL_KAUTION_LINK")"
+MIETE_LINK_ESCAPED="$(escape_sed "$N8N_PAYPAL_MIETE_LINK")"
+
+sed \
+  -e "s/__POSTGRES_CREDENTIAL_ID__/${POSTGRES_ID_ESCAPED}/g" \
+  -e "s/__SMTP_CREDENTIAL_ID__/${SMTP_ID_ESCAPED}/g" \
+  -e "s|__PAYPAL_KAUTION_LINK__|${KAUTION_LINK_ESCAPED}|g" \
+  -e "s|__PAYPAL_MIETE_LINK__|${MIETE_LINK_ESCAPED}|g" \
+  "$WORKFLOW_TEMPLATE" > "$WORKFLOW_RENDERED"
+
+echo "[n8n-bootstrap] Importing credentials"
+n8n import:credentials --input="$CREDENTIALS_FILE"
+
+echo "[n8n-bootstrap] Importing workflow"
+n8n import:workflow --input="$WORKFLOW_RENDERED"
+
+echo "[n8n-bootstrap] Activating workflow ${N8N_PAYMENT_WORKFLOW_ID}"
+n8n update:workflow --id="${N8N_PAYMENT_WORKFLOW_ID}" --active=true
+
+echo "[n8n-bootstrap] Bootstrap complete"

n8n/workflows/README.md

@@ -30,36 +30,36 @@ This folder contains exportable n8n workflow definitions for the MC Cars qualifi
 
 ## Setup Instructions
 
-### 1. Create Postgres credential in n8n
-- **Name:** `MC Cars Postgres`
-- **Host:** `db`
-- **Port:** `5432`
-- **Database:** `postgres`
-- **User:** `postgres`
-- **Password:** (value of `POSTGRES_PASSWORD` from `.env`)
+### 1. Configure `.env`
+The stack now bootstraps n8n credentials/workflow automatically on every `docker compose up`.
 
-### 2. Create SMTP credential in n8n
-- **Name:** `MC Cars SMTP`
-- **Host:** `heracles.mxrouting.net`
-- **Port:** `587` (STARTTLS) or `465` (SSL/TLS)
-- **User:** `office@mc-cars.at`
-- **Password:** use the mailbox password provided out-of-band (do not commit secrets to git)
-- **From:** `office@mc-cars.at`
+Required env variables:
+- `POSTGRES_PASSWORD`
+- `N8N_POSTGRES_CREDENTIAL_ID`
+- `N8N_POSTGRES_CREDENTIAL_NAME`
+- `N8N_SMTP_CREDENTIAL_ID`
+- `N8N_SMTP_CREDENTIAL_NAME`
+- `N8N_SMTP_HOST`
+- `N8N_SMTP_USER`
+- `N8N_SMTP_PASS`
+- `N8N_PAYPAL_KAUTION_LINK`
+- `N8N_PAYPAL_MIETE_LINK`
+- `N8N_PAYMENT_WORKFLOW_ID`
 
-### 3. Mailbox reference (for future incoming-email workflows)
+### 2. Mailbox reference (for future incoming-email workflows)
 - **IMAP host:** `heracles.mxrouting.net` (port `993`, SSL/TLS)
 - **POP3 host:** `heracles.mxrouting.net` (port `995`, SSL/TLS)
 - **Username:** `office@mc-cars.at`
 - **Password:** same mailbox password as SMTP
 
-### 4. Import workflows
-1. Open n8n at http://localhost:55590
-2. Go to **Workflows** → **Import from file**
-3. Import `01-qualification-payment-email.json`
-4. Import `02-mietvertrag-pdf-email.json`
-5. Open each workflow → assign the credentials created above → **Activate**
+### 3. Import behavior
+On startup, n8n runs `/opt/mc-cars/bootstrap/bootstrap-n8n.sh` which:
+1. Creates/updates Postgres and SMTP credentials from `.env`
+2. Renders `01-qualification-payment-email.json` placeholders
+3. Imports the workflow so nodes are always linked to the expected credential IDs
+4. Activates the payment workflow automatically (`n8n update:workflow --active=true`)
 
-### 5. Upload Mietvertrag template (optional)
+### 4. Upload Mietvertrag template (optional)
 1. Open Admin panel → **Einstellungen** tab
 2. Upload a DOCX file in the "Mietvertrag-Vorlage" section
 3. The template should contain these placeholders: