v4.1 - Admin/onboarding

DEPLOYMENT.md

@@ -1,5 +1,45 @@
 # Deployment
 
+## Hosts served by this stack
+
+The Goodwalk Svelte stack serves three subdomains from the same SvelteKit app
+container, routed by Host header at nginx:
+
+| Hostname                    | Purpose                                    |
+|-----------------------------|--------------------------------------------|
+| `goodwalk.co.nz` / `www.…`  | Public marketing site                      |
+| `onboarding.goodwalk.co.nz` | New-client onboarding flow                 |
+| `admin.goodwalk.co.nz`      | Owner admin dashboard (Aless only)         |
+
+The admin host needs its own TLS certificate at
+`/etc/letsencrypt/live/admin.goodwalk.co.nz/`. Issue it once before the first
+nginx reload, e.g.:
+
+```bash
+docker compose -p nginx -f /docker/nginx/docker-compose.yml exec nginx \
+  certbot certonly --webroot -w /var/www/certbot -d admin.goodwalk.co.nz
+```
+
+The dashboard's data (`client_profiles`, `allowed_emails`, `drafts`) lives in
+the shared postgres database alongside the marketing site content, in a single
+`admin_kv` table created by `docker/postgres/init/002-admin-kv.sql`. The
+mail-api connects with the same `DATABASE_URL` the SvelteKit app uses.
+
+### Seeding admin_kv from the old JSON files
+
+Existing installs have admin data in `client_profiles.json`,
+`allowed_emails.json`, and `drafts.json` on the mail-api Docker volume. To copy
+that data into postgres on the next deploy, run:
+
+```powershell
+./deploy.ps1 -SeedAdminData
+```
+
+That sets `ADMIN_DATA_SEED_FROM_JSON=force` for the mail-api container, which
+overwrites `admin_kv` from the JSON files on the next boot. Subsequent deploys
+default back to `auto` (seed only when `admin_kv` is empty), so they are no-ops
+for the seed. Use `-SeedAdminData` again if you ever need to force a re-seed.
+
 ## Server layout confirmed
 
 The production server currently runs multiple separate Docker Compose projects:
@@ -73,9 +113,10 @@ mkdir -p /docker/goodwalk-svelte
 It is created from [deploy.env.template](deploy.env.template). Current template contents:
 
 ```env
-APP_VERSION=4.2.3
+APP_VERSION=4.0.0
 ENABLE_GENERAL_ENQUIRIES=false
 PUBLIC_ENABLE_MOBILE_CTA_BUTTON=false
+PUBLIC_ENABLE_ENHANCED_CONTENT_IMAGES=false
 TZ=Pacific/Auckland
 
 POSTGRES_DB=goodwalk
@@ -87,6 +128,7 @@ RESEND_API_KEY=replace-me
 OWNER_EMAIL=replace-me
 FROM_EMAIL=GoodWalk <bookings@goodwalk.co.nz>
 REPLY_TO=aless@goodwalk.co.nz
+MAIL_API_DATA_DIR=/app/data
 
 FORM_MIN_SECONDS=4
 FORM_MAX_SECONDS=7200
@@ -105,6 +147,7 @@ Frontend flags:
 
 - `PUBLIC_ENABLE_MOBILE_CTA_BUTTON=false` keeps the sticky mobile booking CTA hidden.
 - Set `PUBLIC_ENABLE_MOBILE_CTA_BUTTON=true` to show it again.
+- `PUBLIC_ENABLE_ENHANCED_CONTENT_IMAGES=false` skips eager `@sveltejs/enhanced-img` processing for content images during production builds. Turn it on only if you intentionally want non-WebP images from `src/lib/images` to go through the imagetools pipeline.
 
 4. Confirm the shared Docker network already exists:
 
@@ -218,6 +261,18 @@ The deployment flow now handles that automatically:
 This means future deploys will carry your latest file-based homepage/navigation/
 shared content changes into production PostgreSQL automatically.
 
+## Mail auth persistence
+
+The mail API stores auth state in `DATA_DIR`, including:
+
+- `allowed_emails.json`
+- `client_profiles.json`
+- `drafts.json`
+
+Both compose files now mount a named Docker volume at `MAIL_API_DATA_DIR`
+(default `/app/data`) so previously registered client emails and saved drafts
+survive container rebuilds and redeploys.
+
 ## Cutover nginx
 
 After the new Svelte stack is up and healthy, update the shared nginx config on