add database setup; export everything from the flake as a module

database.nix is substantially copied from the ISL config repo, with a few
changes to make it more generic and usable by others

I also removed stuff in mattermost.nix that wasn't doing anything; I'll
detail that in comments

Change-Id: I0ff6ea69f293dc4070f277f30ae0fde5254cd87c

1 files changed, 18 insertions, 35 deletions

diff --git a/services/mattermost/mattermost.nix b/services/mattermost/default.nix
index 132fdeb..f16f721 100644
--- a/services/mattermost/mattermost.nix
+++ b/services/mattermost/default.nix
@@ -1,16 +1,23 @@
 { config, pkgs, lib, ... }:
 
-let
-  mattermostPassword = ""; # Change to a strong password
-in {
-  networking.firewall.allowedTCPPorts = [ 80 443 8065 ];
-
-  services.mattermost.database.peerAuth = true;
-
+{
   systemd.services.mattermost = {
     description = "Mattermost server";
     after = [ "network.target" "postgresql.service" ];
     wantedBy = [ "multi-user.target" ];
+
+    preStart = ''
+      mkdir -p /var/lib/mattermost/bin
+      mkdir -p /var/lib/mattermost/client
+      mkdir -p /var/lib/mattermost/config
+      mkdir -p /var/lib/mattermost/templates
+      cp -r ${pkgs.mattermost}/client/* /var/lib/mattermost/client/
+      cp -r ${pkgs.mattermost}/bin/*  /var/lib/mattermost/bin/
+      cp -r ${pkgs.mattermost}/config/*  /var/lib/mattermost/config/
+      cp -r ${pkgs.mattermost}/templates/*  /var/lib/mattermost/templates/
+      chown -R mattermost:mattermost /var/lib/mattermost
+    '';
+
     serviceConfig = {
       User = "mattermost";
       Group = "mattermost";
@@ -18,7 +25,7 @@ in {
       ExecStart = "${pkgs.mattermost}/bin/mattermost";
       Environment = [
         "MM_SQLSETTINGS_DRIVERNAME=postgres"
-        "MM_SQLSETTINGS_DATASOURCE=postgres://mattermost:QwErAsDf@localhost:5432/mattermost?sslmode=disable&connect_timeout=10"
+        "MM_SQLSETTINGS_DATASOURCE=postgres://mattermost@localhost:5432/mattermost?sslmode=disable&connect_timeout=10"
         "MM_SERVICESETTINGS_SITEURL=http://islmm"
         "MM_SERVICESETTINGS_LISTENADDRESS=:8065"
         "MM_SERVICESETTINGS_ENABLEUSERCREATION=true"
@@ -26,17 +33,6 @@ in {
       ];
       Restart = "always";
     };
-    preStart = ''
-      mkdir -p /var/lib/mattermost/bin
-      mkdir -p /var/lib/mattermost/client
-      mkdir -p /var/lib/mattermost/config
-      mkdir -p /var/lib/mattermost/templates
-      cp -r ${pkgs.mattermost}/client/* /var/lib/mattermost/client/
-      cp -r ${pkgs.mattermost}/bin/*  /var/lib/mattermost/bin/
-      cp -r ${pkgs.mattermost}/config/*  /var/lib/mattermost/config/
-      cp -r ${pkgs.mattermost}/templates/*  /var/lib/mattermost/templates/
-      chown -R mattermost:mattermost /var/lib/mattermost
-    '';
   };
 
   users.users.mattermost = {
@@ -50,6 +46,7 @@ in {
 
   services.postgresql = {
     enable = true;
+
     ensureDatabases = [ "mattermost" ];
     ensureUsers = [
       {
@@ -57,21 +54,7 @@ in {
         ensureDBOwnership = true;
       }
     ];
-    initialScript = pkgs.writeText "init-mattermost.sql" ''
-      DO $$
-      BEGIN
-        IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'mattermost') THEN
-          CREATE ROLE mattermost LOGIN PASSWORD 'QwErAsDf';
-        END IF;
-      END
-      $$;
-      ALTER DATABASE mattermost OWNER TO mattermost;
-    '';
   };
-  services.postgresql.authentication = ''
-    local   all             postgres                                peer
-    local   all             mattermost                              md5
-    host    all             all             127.0.0.1/32            md5
-    host    all             all             ::1/128                 md5
-  '';
+
+  services.postgresqlBackup.databases = [ "mattermost" ];
 }