running mattermost server outside of docker.

The config.json file needs to be copied to /var/lib/mattermost/config with perms of 640 and owned by mattermost:mattermost.  It is understood that this may need to be re-arranged to fit in with the rest of a system; and that the actual production deployment process is not yet defined.

Change-Id: Ied3c80541fdc3b72bc7fdfa558114afd5d66d4c3

1 files changed, 77 insertions, 0 deletions

diff --git a/services/mattermost/mattermost.nix b/services/mattermost/mattermost.nix
new file mode 100644
index 0000000..132fdeb
--- /dev/null
+++ b/services/mattermost/mattermost.nix
@@ -0,0 +1,77 @@
+{ config, pkgs, lib, ... }:
+
+let
+  mattermostPassword = ""; # Change to a strong password
+in {
+  networking.firewall.allowedTCPPorts = [ 80 443 8065 ];
+
+  services.mattermost.database.peerAuth = true;
+
+  systemd.services.mattermost = {
+    description = "Mattermost server";
+    after = [ "network.target" "postgresql.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      User = "mattermost";
+      Group = "mattermost";
+      WorkingDirectory = "/var/lib/mattermost";
+      ExecStart = "${pkgs.mattermost}/bin/mattermost";
+      Environment = [
+        "MM_SQLSETTINGS_DRIVERNAME=postgres"
+        "MM_SQLSETTINGS_DATASOURCE=postgres://mattermost:QwErAsDf@localhost:5432/mattermost?sslmode=disable&connect_timeout=10"
+        "MM_SERVICESETTINGS_SITEURL=http://islmm"
+        "MM_SERVICESETTINGS_LISTENADDRESS=:8065"
+        "MM_SERVICESETTINGS_ENABLEUSERCREATION=true"
+        "MM_SERVICESETTINGS_ALLOWCORSFROM=*"
+      ];
+      Restart = "always";
+    };
+    preStart = ''
+      mkdir -p /var/lib/mattermost/bin
+      mkdir -p /var/lib/mattermost/client
+      mkdir -p /var/lib/mattermost/config
+      mkdir -p /var/lib/mattermost/templates
+      cp -r ${pkgs.mattermost}/client/* /var/lib/mattermost/client/
+      cp -r ${pkgs.mattermost}/bin/*  /var/lib/mattermost/bin/
+      cp -r ${pkgs.mattermost}/config/*  /var/lib/mattermost/config/
+      cp -r ${pkgs.mattermost}/templates/*  /var/lib/mattermost/templates/
+      chown -R mattermost:mattermost /var/lib/mattermost
+    '';
+  };
+
+  users.users.mattermost = {
+    isSystemUser = true;
+    home = "/var/lib/mattermost";
+    createHome = true;
+    group = "mattermost";
+  };
+
+  users.groups.mattermost = { };
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "mattermost" ];
+    ensureUsers = [
+      {
+        name = "mattermost";
+        ensureDBOwnership = true;
+      }
+    ];
+    initialScript = pkgs.writeText "init-mattermost.sql" ''
+      DO $$
+      BEGIN
+        IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'mattermost') THEN
+          CREATE ROLE mattermost LOGIN PASSWORD 'QwErAsDf';
+        END IF;
+      END
+      $$;
+      ALTER DATABASE mattermost OWNER TO mattermost;
+    '';
+  };
+  services.postgresql.authentication = ''
+    local   all             postgres                                peer
+    local   all             mattermost                              md5
+    host    all             all             127.0.0.1/32            md5
+    host    all             all             ::1/128                 md5
+  '';
+}