# Infrastructure Setup for PodcastItLater

## Mailgun Setup

Since PodcastItLater requires sending transactional emails (magic links), we use Mailgun.

### 1. Sign up for Mailgun
Sign up at [mailgun.com](https://www.mailgun.com/).

### 2. Add Domain
Add `podcastitlater.com` (or `mg.podcastitlater.com`) to Mailgun.
We recommend using the root domain `podcastitlater.com` if you want emails to come from `@podcastitlater.com`.

### 3. Configure DNS
Mailgun will provide DNS records to verify the domain and authorize email sending. You must add these to your DNS provider (e.g., Cloudflare, Namecheap).

Required records usually include:
- **TXT** (SPF): `v=spf1 include:mailgun.org ~all`
- **TXT** (DKIM): `k=rsa; p=...` (Provided by Mailgun)
- **MX** (if receiving email, optional for just sending): `10 mxa.mailgun.org`, `10 mxb.mailgun.org`
- **CNAME** (for tracking, optional): `email.podcastitlater.com` -> `mailgun.org`

### 4. Verify Domain
Click "Verify DNS Settings" in Mailgun dashboard. This may take up to 24 hours but is usually instant.

### 5. Generate API Key / SMTP Credentials
Go to "Sending" -> "Domain Settings" -> "SMTP Credentials".
Create a new SMTP user (e.g., `postmaster@podcastitlater.com`).
**Save the password immediately.**

### 6. Update Secrets
Update the production secrets file on the server (`/run/podcastitlater/env`):

```bash
SMTP_SERVER=smtp.mailgun.org
SMTP_PASSWORD=your-new-smtp-password
EMAIL_FROM=noreply@podcastitlater.com
```