diff options
| author | Robert Orr <robert@coffeezombie.com> | 2025-05-30 10:08:48 -0700 |
|---|---|---|
| committer | Robert <robert@coffeezombie.com> | 2025-06-05 15:25:23 -0800 |
| commit | bf3a4dff20feead2a87e5833988344fcc7970611 (patch) | |
| tree | 355e3df9b0e22ede8e31890facfb111669c433bd /services | |
| parent | 8fa86294cfb2798bdf844a629a5694e582c72542 (diff) | |
running mattermost server outside of docker.
The config.json file needs to be copied to /var/lib/mattermost/config with perms of 640 and owned by mattermost:mattermost. It is understood that this may need to be re-arranged to fit in with the rest of a system; and that the actual production deployment process is not yet defined. Change-Id: Ied3c80541fdc3b72bc7fdfa558114afd5d66d4c3
Diffstat (limited to 'services')
| -rw-r--r-- | services/mattermost/config.json | 669 | ||||
| -rw-r--r-- | services/mattermost/mattermost.nix | 77 |
2 files changed, 746 insertions, 0 deletions
diff --git a/services/mattermost/config.json b/services/mattermost/config.json new file mode 100644 index 0000000..cae32ae --- /dev/null +++ b/services/mattermost/config.json @@ -0,0 +1,669 @@ +{ + "ServiceSettings": { + "SiteURL": "", + "WebsocketURL": "", + "LicenseFileLocation": "", + "ListenAddress": ":8065", + "ConnectionSecurity": "", + "TLSCertFile": "", + "TLSKeyFile": "", + "TLSMinVer": "1.2", + "TLSStrictTransport": false, + "TLSStrictTransportMaxAge": 63072000, + "TLSOverwriteCiphers": [], + "UseLetsEncrypt": false, + "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache", + "Forward80To443": false, + "TrustedProxyIPHeader": [], + "ReadTimeout": 300, + "WriteTimeout": 300, + "IdleTimeout": 60, + "MaximumLoginAttempts": 10, + "GoroutineHealthThreshold": -1, + "EnableOAuthServiceProvider": true, + "EnableIncomingWebhooks": true, + "EnableOutgoingWebhooks": true, + "EnableOutgoingOAuthConnections": false, + "EnableCommands": true, + "OutgoingIntegrationRequestsTimeout": 30, + "EnablePostUsernameOverride": false, + "EnablePostIconOverride": false, + "GoogleDeveloperKey": "", + "EnableLinkPreviews": true, + "EnablePermalinkPreviews": true, + "RestrictLinkPreviews": "", + "EnableTesting": false, + "EnableDeveloper": false, + "DeveloperFlags": "", + "EnableClientPerformanceDebugging": false, + "EnableOpenTracing": false, + "EnableSecurityFixAlert": true, + "EnableInsecureOutgoingConnections": false, + "AllowedUntrustedInternalConnections": "", + "EnableMultifactorAuthentication": false, + "EnforceMultifactorAuthentication": false, + "EnableUserAccessTokens": false, + "AllowCorsFrom": "", + "CorsExposedHeaders": "", + "CorsAllowCredentials": false, + "CorsDebug": false, + "AllowCookiesForSubdomains": false, + "ExtendSessionLengthWithActivity": true, + "TerminateSessionsOnPasswordChange": true, + "SessionLengthWebInDays": 30, + "SessionLengthWebInHours": 720, + "SessionLengthMobileInDays": 30, + "SessionLengthMobileInHours": 720, + "SessionLengthSSOInDays": 30, + "SessionLengthSSOInHours": 720, + "SessionCacheInMinutes": 10, + "SessionIdleTimeoutInMinutes": 43200, + "WebsocketSecurePort": 443, + "WebsocketPort": 80, + "WebserverMode": "gzip", + "EnableGifPicker": true, + "GiphySdkKey": "", + "EnableCustomEmoji": true, + "EnableEmojiPicker": true, + "PostEditTimeLimit": -1, + "TimeBetweenUserTypingUpdatesMilliseconds": 5000, + "EnablePostSearch": true, + "EnableFileSearch": true, + "MinimumHashtagLength": 3, + "EnableUserTypingMessages": true, + "EnableChannelViewedMessages": true, + "EnableUserStatuses": true, + "ExperimentalEnableAuthenticationTransfer": true, + "ClusterLogTimeoutMilliseconds": 2000, + "EnableTutorial": true, + "EnableOnboardingFlow": true, + "ExperimentalEnableDefaultChannelLeaveJoinMessages": true, + "ExperimentalGroupUnreadChannels": "disabled", + "EnableAPITeamDeletion": false, + "EnableAPITriggerAdminNotifications": false, + "EnableAPIUserDeletion": false, + "EnableAPIPostDeletion": false, + "EnableDesktopLandingPage": true, + "ExperimentalEnableHardenedMode": false, + "ExperimentalStrictCSRFEnforcement": false, + "EnableEmailInvitations": false, + "DisableBotsWhenOwnerIsDeactivated": true, + "EnableBotAccountCreation": false, + "EnableSVGs": false, + "EnableLatex": false, + "EnableInlineLatex": true, + "PostPriority": true, + "AllowPersistentNotifications": true, + "AllowPersistentNotificationsForGuests": false, + "PersistentNotificationIntervalMinutes": 5, + "PersistentNotificationMaxCount": 6, + "PersistentNotificationMaxRecipients": 5, + "EnableAPIChannelDeletion": false, + "EnableLocalMode": false, + "LocalModeSocketLocation": "/var/tmp/mattermost_local.socket", + "EnableAWSMetering": false, + "SplitKey": "", + "FeatureFlagSyncIntervalSeconds": 30, + "DebugSplit": false, + "ThreadAutoFollow": true, + "CollapsedThreads": "always_on", + "ManagedResourcePaths": "", + "EnableCustomGroups": true, + "AllowSyncedDrafts": true, + "UniqueEmojiReactionLimitPerPost": 50, + "RefreshPostStatsRunTime": "00:00", + "MaximumPayloadSizeBytes": 300000, + "MaximumURLLength": 2048, + "ScheduledPosts": true, + "EnableWebHubChannelIteration": false + }, + "TeamSettings": { + "SiteName": "ISL Mattermost", + "MaxUsersPerTeam": 50, + "EnableJoinLeaveMessageByDefault": true, + "EnableUserCreation": true, + "EnableOpenServer": false, + "EnableUserDeactivation": false, + "RestrictCreationToDomains": "", + "EnableCustomUserStatuses": true, + "EnableCustomBrand": false, + "CustomBrandText": "", + "CustomDescriptionText": "", + "RestrictDirectMessage": "any", + "EnableLastActiveTime": true, + "UserStatusAwayTimeout": 300, + "MaxChannelsPerTeam": 2000, + "MaxNotificationsPerChannel": 1000, + "EnableConfirmNotificationsToChannel": true, + "TeammateNameDisplay": "username", + "ExperimentalViewArchivedChannels": true, + "ExperimentalEnableAutomaticReplies": false, + "LockTeammateNameDisplay": false, + "ExperimentalPrimaryTeam": "", + "ExperimentalDefaultChannels": [] + }, + "ClientRequirements": { + "AndroidLatestVersion": "", + "AndroidMinVersion": "", + "IosLatestVersion": "", + "IosMinVersion": "" + }, + "SqlSettings": { + "DriverName": "postgres", + "DataSource": "postgres://mmuser:mostest@localhost/mattermost_test?sslmode=disable\u0026connect_timeout=10\u0026binary_parameters=yes", + "DataSourceReplicas": [], + "DataSourceSearchReplicas": [], + "MaxIdleConns": 20, + "ConnMaxLifetimeMilliseconds": 3600000, + "ConnMaxIdleTimeMilliseconds": 300000, + "MaxOpenConns": 300, + "Trace": false, + "AtRestEncryptKey": "955gsbx8x1y8o1qrfcerkwxdq9dmoboq", + "QueryTimeout": 30, + "DisableDatabaseSearch": false, + "MigrationsStatementTimeoutSeconds": 100000, + "ReplicaLagSettings": [], + "ReplicaMonitorIntervalSeconds": 5 + }, + "LogSettings": { + "EnableConsole": true, + "ConsoleLevel": "DEBUG", + "ConsoleJson": true, + "EnableColor": false, + "EnableFile": true, + "FileLevel": "INFO", + "FileJson": true, + "FileLocation": "", + "EnableWebhookDebugging": true, + "EnableDiagnostics": true, + "VerboseDiagnostics": false, + "EnableSentry": true, + "AdvancedLoggingJSON": {}, + "MaxFieldSize": 2048 + }, + "ExperimentalAuditSettings": { + "FileEnabled": false, + "FileName": "", + "FileMaxSizeMB": 100, + "FileMaxAgeDays": 0, + "FileMaxBackups": 0, + "FileCompress": false, + "FileMaxQueueSize": 1000, + "AdvancedLoggingJSON": {} + }, + "NotificationLogSettings": { + "EnableConsole": true, + "ConsoleLevel": "DEBUG", + "ConsoleJson": true, + "EnableColor": false, + "EnableFile": true, + "FileLevel": "INFO", + "FileJson": true, + "FileLocation": "", + "AdvancedLoggingJSON": {} + }, + "PasswordSettings": { + "MinimumLength": 8, + "Lowercase": false, + "Number": false, + "Uppercase": false, + "Symbol": false, + "EnableForgotLink": true + }, + "FileSettings": { + "EnableFileAttachments": true, + "EnableMobileUpload": true, + "EnableMobileDownload": true, + "MaxFileSize": 104857600, + "MaxImageResolution": 33177600, + "MaxImageDecoderConcurrency": -1, + "DriverName": "local", + "Directory": "./data/", + "EnablePublicLink": false, + "ExtractContent": true, + "ArchiveRecursion": false, + "PublicLinkSalt": "34raygudchr9bpehj4pyu8z4if1oymy9", + "InitialFont": "nunito-bold.ttf", + "AmazonS3AccessKeyId": "", + "AmazonS3SecretAccessKey": "", + "AmazonS3Bucket": "", + "AmazonS3PathPrefix": "", + "AmazonS3Region": "", + "AmazonS3Endpoint": "s3.amazonaws.com", + "AmazonS3SSL": true, + "AmazonS3SignV2": false, + "AmazonS3SSE": false, + "AmazonS3Trace": false, + "AmazonS3RequestTimeoutMilliseconds": 30000, + "AmazonS3UploadPartSizeBytes": 5242880, + "AmazonS3StorageClass": "", + "DedicatedExportStore": false, + "ExportDriverName": "local", + "ExportDirectory": "./data/", + "ExportAmazonS3AccessKeyId": "", + "ExportAmazonS3SecretAccessKey": "", + "ExportAmazonS3Bucket": "", + "ExportAmazonS3PathPrefix": "", + "ExportAmazonS3Region": "", + "ExportAmazonS3Endpoint": "s3.amazonaws.com", + "ExportAmazonS3SSL": true, + "ExportAmazonS3SignV2": false, + "ExportAmazonS3SSE": false, + "ExportAmazonS3Trace": false, + "ExportAmazonS3RequestTimeoutMilliseconds": 30000, + "ExportAmazonS3PresignExpiresSeconds": 21600, + "ExportAmazonS3UploadPartSizeBytes": 104857600, + "ExportAmazonS3StorageClass": "" + }, + "EmailSettings": { + "EnableSignUpWithEmail": true, + "EnableSignInWithEmail": true, + "EnableSignInWithUsername": true, + "SendEmailNotifications": true, + "UseChannelInEmailNotifications": false, + "RequireEmailVerification": false, + "FeedbackName": "", + "FeedbackEmail": "test@example.com", + "ReplyToAddress": "test@example.com", + "FeedbackOrganization": "", + "EnableSMTPAuth": false, + "SMTPUsername": "", + "SMTPPassword": "", + "SMTPServer": "localhost", + "SMTPPort": "10025", + "SMTPServerTimeout": 10, + "ConnectionSecurity": "", + "SendPushNotifications": true, + "PushNotificationServer": "https://push-test.mattermost.com", + "PushNotificationContents": "full", + "PushNotificationBuffer": 1000, + "EnableEmailBatching": false, + "EmailBatchingBufferSize": 256, + "EmailBatchingInterval": 30, + "EnablePreviewModeBanner": true, + "SkipServerCertificateVerification": false, + "EmailNotificationContentsType": "full", + "LoginButtonColor": "#0000", + "LoginButtonBorderColor": "#2389D7", + "LoginButtonTextColor": "#2389D7" + }, + "RateLimitSettings": { + "Enable": false, + "PerSec": 10, + "MaxBurst": 100, + "MemoryStoreSize": 10000, + "VaryByRemoteAddr": true, + "VaryByUser": false, + "VaryByHeader": "" + }, + "PrivacySettings": { + "ShowEmailAddress": true, + "ShowFullName": true + }, + "SupportSettings": { + "TermsOfServiceLink": "https://mattermost.com/pl/terms-of-use/", + "PrivacyPolicyLink": "https://mattermost.com/pl/privacy-policy/", + "AboutLink": "https://mattermost.com/pl/about-mattermost", + "HelpLink": "https://mattermost.com/pl/help/", + "ReportAProblemLink": "https://mattermost.com/pl/report-a-bug", + "ForgotPasswordLink": "", + "SupportEmail": "", + "CustomTermsOfServiceEnabled": false, + "CustomTermsOfServiceReAcceptancePeriod": 365, + "EnableAskCommunityLink": true + }, + "AnnouncementSettings": { + "EnableBanner": false, + "BannerText": "", + "BannerColor": "#f2a93b", + "BannerTextColor": "#333333", + "AllowBannerDismissal": true, + "AdminNoticesEnabled": true, + "UserNoticesEnabled": true, + "NoticesURL": "https://notices.mattermost.com/", + "NoticesFetchFrequency": 3600, + "NoticesSkipCache": false + }, + "ThemeSettings": { + "EnableThemeSelection": true, + "DefaultTheme": "default", + "AllowCustomThemes": true, + "AllowedThemes": [] + }, + "GitLabSettings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "", + "AuthEndpoint": "", + "TokenEndpoint": "", + "UserAPIEndpoint": "", + "DiscoveryEndpoint": "", + "ButtonText": "", + "ButtonColor": "" + }, + "GoogleSettings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "profile email", + "AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "UserAPIEndpoint": "https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata", + "DiscoveryEndpoint": "", + "ButtonText": "", + "ButtonColor": "" + }, + "Office365Settings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "User.Read", + "AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize", + "TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token", + "UserAPIEndpoint": "https://graph.microsoft.com/v1.0/me", + "DiscoveryEndpoint": "", + "DirectoryId": "" + }, + "OpenIdSettings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "profile openid email", + "AuthEndpoint": "", + "TokenEndpoint": "", + "UserAPIEndpoint": "", + "DiscoveryEndpoint": "", + "ButtonText": "", + "ButtonColor": "#145DBF" + }, + "LdapSettings": { + "Enable": false, + "EnableSync": false, + "LdapServer": "", + "LdapPort": 389, + "ConnectionSecurity": "", + "BaseDN": "", + "BindUsername": "", + "BindPassword": "", + "MaximumLoginAttempts": 10, + "UserFilter": "", + "GroupFilter": "", + "GuestFilter": "", + "EnableAdminFilter": false, + "AdminFilter": "", + "GroupDisplayNameAttribute": "", + "GroupIdAttribute": "", + "FirstNameAttribute": "", + "LastNameAttribute": "", + "EmailAttribute": "", + "UsernameAttribute": "", + "NicknameAttribute": "", + "IdAttribute": "", + "PositionAttribute": "", + "LoginIdAttribute": "", + "PictureAttribute": "", + "SyncIntervalMinutes": 60, + "SkipCertificateVerification": false, + "PublicCertificateFile": "", + "PrivateKeyFile": "", + "QueryTimeout": 60, + "MaxPageSize": 0, + "LoginFieldName": "", + "LoginButtonColor": "#0000", + "LoginButtonBorderColor": "#2389D7", + "LoginButtonTextColor": "#2389D7" + }, + "ComplianceSettings": { + "Enable": false, + "Directory": "./data/", + "EnableDaily": false, + "BatchSize": 30000 + }, + "LocalizationSettings": { + "DefaultServerLocale": "en", + "DefaultClientLocale": "en", + "AvailableLocales": "", + "EnableExperimentalLocales": false + }, + "SamlSettings": { + "Enable": false, + "EnableSyncWithLdap": false, + "EnableSyncWithLdapIncludeAuth": false, + "IgnoreGuestsLdapSync": false, + "Verify": true, + "Encrypt": true, + "SignRequest": false, + "IdpURL": "", + "IdpDescriptorURL": "", + "IdpMetadataURL": "", + "ServiceProviderIdentifier": "", + "AssertionConsumerServiceURL": "", + "SignatureAlgorithm": "RSAwithSHA1", + "CanonicalAlgorithm": "Canonical1.0", + "ScopingIDPProviderId": "", + "ScopingIDPName": "", + "IdpCertificateFile": "", + "PublicCertificateFile": "", + "PrivateKeyFile": "", + "IdAttribute": "", + "GuestAttribute": "", + "EnableAdminAttribute": false, + "AdminAttribute": "", + "FirstNameAttribute": "", + "LastNameAttribute": "", + "EmailAttribute": "", + "UsernameAttribute": "", + "NicknameAttribute": "", + "LocaleAttribute": "", + "PositionAttribute": "", + "LoginButtonText": "SAML", + "LoginButtonColor": "#34a28b", + "LoginButtonBorderColor": "#2389D7", + "LoginButtonTextColor": "#ffffff" + }, + "NativeAppSettings": { + "AppCustomURLSchemes": [ + "mmauth://", + "mmauthbeta://" + ], + "AppDownloadLink": "https://mattermost.com/pl/download-apps", + "AndroidAppDownloadLink": "https://mattermost.com/pl/android-app/", + "IosAppDownloadLink": "https://mattermost.com/pl/ios-app/", + "MobileExternalBrowser": false + }, + "CacheSettings": { + "CacheType": "lru", + "RedisAddress": "", + "RedisPassword": "********************************", + "RedisDB": -1, + "DisableClientCache": false + }, + "ClusterSettings": { + "Enable": false, + "ClusterName": "", + "OverrideHostname": "", + "NetworkInterface": "", + "BindAddress": "", + "AdvertiseAddress": "", + "UseIPAddress": true, + "EnableGossipCompression": true, + "EnableExperimentalGossipEncryption": false, + "ReadOnlyConfig": true, + "GossipPort": 8074 + }, + "MetricsSettings": { + "Enable": false, + "BlockProfileRate": 0, + "ListenAddress": ":8067", + "EnableClientMetrics": true, + "EnableNotificationMetrics": true + }, + "ExperimentalSettings": { + "ClientSideCertEnable": false, + "ClientSideCertCheck": "secondary", + "LinkMetadataTimeoutMilliseconds": 5000, + "RestrictSystemAdmin": false, + "EnableSharedChannels": false, + "EnableRemoteClusterService": false, + "DisableAppBar": false, + "DisableRefetchingOnBrowserFocus": false, + "DelayChannelAutocomplete": false, + "DisableWakeUpReconnectHandler": false, + "UsersStatusAndProfileFetchingPollIntervalMilliseconds": 3000, + "YoutubeReferrerPolicy": false + }, + "AnalyticsSettings": { + "MaxUsersForStatistics": 2500 + }, + "ElasticsearchSettings": { + "ConnectionURL": "http://localhost:9200", + "Backend": "elasticsearch", + "Username": "elastic", + "Password": "changeme", + "EnableIndexing": false, + "EnableSearching": false, + "EnableAutocomplete": false, + "Sniff": true, + "PostIndexReplicas": 1, + "PostIndexShards": 1, + "ChannelIndexReplicas": 1, + "ChannelIndexShards": 1, + "UserIndexReplicas": 1, + "UserIndexShards": 1, + "AggregatePostsAfterDays": 365, + "PostsAggregatorJobStartTime": "03:00", + "IndexPrefix": "", + "LiveIndexingBatchSize": 10, + "BatchSize": 10000, + "RequestTimeoutSeconds": 30, + "SkipTLSVerification": false, + "CA": "", + "ClientCert": "", + "ClientKey": "", + "Trace": "", + "IgnoredPurgeIndexes": "" + }, + "BleveSettings": { + "IndexDir": "", + "EnableIndexing": false, + "EnableSearching": false, + "EnableAutocomplete": false, + "BatchSize": 10000 + }, + "DataRetentionSettings": { + "EnableMessageDeletion": false, + "EnableFileDeletion": false, + "EnableBoardsDeletion": false, + "MessageRetentionDays": 365, + "MessageRetentionHours": 0, + "FileRetentionDays": 365, + "FileRetentionHours": 0, + "BoardsRetentionDays": 365, + "DeletionJobStartTime": "02:00", + "BatchSize": 3000, + "TimeBetweenBatchesMilliseconds": 100, + "RetentionIdsBatchSize": 100 + }, + "MessageExportSettings": { + "EnableExport": false, + "ExportFormat": "actiance", + "DailyRunTime": "01:00", + "ExportFromTimestamp": 0, + "BatchSize": 10000, + "DownloadExportResults": false, + "ChannelBatchSize": 100, + "ChannelHistoryBatchSize": 10, + "GlobalRelaySettings": { + "CustomerType": "A9", + "SMTPUsername": "", + "SMTPPassword": "", + "EmailAddress": "", + "SMTPServerTimeout": 1800, + "CustomSMTPServerName": "", + "CustomSMTPPort": "25" + } + }, + "JobSettings": { + "RunJobs": true, + "RunScheduler": true, + "CleanupJobsThresholdDays": -1, + "CleanupConfigThresholdDays": -1 + }, + "PluginSettings": { + "Enable": true, + "EnableUploads": false, + "AllowInsecureDownloadURL": false, + "EnableHealthCheck": true, + "Directory": "./plugins", + "ClientDirectory": "./client/plugins", + "Plugins": {}, + "PluginStates": { + "com.mattermost.calls": { + "Enable": true + }, + "com.mattermost.nps": { + "Enable": true + }, + "mattermost-ai": { + "Enable": true + }, + "playbooks": { + "Enable": true + } + }, + "EnableMarketplace": true, + "EnableRemoteMarketplace": true, + "AutomaticPrepackagedPlugins": true, + "RequirePluginSignature": false, + "MarketplaceURL": "https://api.integrations.mattermost.com", + "SignaturePublicKeyFiles": [], + "ChimeraOAuthProxyURL": "" + }, + "DisplaySettings": { + "CustomURLSchemes": [], + "MaxMarkdownNodes": 0 + }, + "GuestAccountsSettings": { + "Enable": false, + "HideTags": false, + "AllowEmailAccounts": true, + "EnforceMultifactorAuthentication": false, + "RestrictCreationToDomains": "" + }, + "ImageProxySettings": { + "Enable": false, + "ImageProxyType": "local", + "RemoteImageProxyURL": "", + "RemoteImageProxyOptions": "" + }, + "CloudSettings": { + "CWSURL": "https://customers.mattermost.com", + "CWSAPIURL": "https://portal.internal.prod.cloud.mattermost.com", + "CWSMock": false, + "Disable": false + }, + "ImportSettings": { + "Directory": "./import", + "RetentionDays": 30 + }, + "ExportSettings": { + "Directory": "./export", + "RetentionDays": 30 + }, + "WranglerSettings": { + "PermittedWranglerRoles": [], + "AllowedEmailDomain": [], + "MoveThreadMaxCount": 100, + "MoveThreadToAnotherTeamEnable": false, + "MoveThreadFromPrivateChannelEnable": false, + "MoveThreadFromDirectMessageChannelEnable": false, + "MoveThreadFromGroupMessageChannelEnable": false + }, + "ConnectedWorkspacesSettings": { + "EnableSharedChannels": false, + "EnableRemoteClusterService": false, + "DisableSharedChannelsStatusSync": false, + "MaxPostsPerSync": 50 + } +} \ No newline at end of file diff --git a/services/mattermost/mattermost.nix b/services/mattermost/mattermost.nix new file mode 100644 index 0000000..132fdeb --- /dev/null +++ b/services/mattermost/mattermost.nix @@ -0,0 +1,77 @@ +{ config, pkgs, lib, ... }: + +let + mattermostPassword = ""; # Change to a strong password +in { + networking.firewall.allowedTCPPorts = [ 80 443 8065 ]; + + services.mattermost.database.peerAuth = true; + + systemd.services.mattermost = { + description = "Mattermost server"; + after = [ "network.target" "postgresql.service" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "mattermost"; + Group = "mattermost"; + WorkingDirectory = "/var/lib/mattermost"; + ExecStart = "${pkgs.mattermost}/bin/mattermost"; + Environment = [ + "MM_SQLSETTINGS_DRIVERNAME=postgres" + "MM_SQLSETTINGS_DATASOURCE=postgres://mattermost:QwErAsDf@localhost:5432/mattermost?sslmode=disable&connect_timeout=10" + "MM_SERVICESETTINGS_SITEURL=http://islmm" + "MM_SERVICESETTINGS_LISTENADDRESS=:8065" + "MM_SERVICESETTINGS_ENABLEUSERCREATION=true" + "MM_SERVICESETTINGS_ALLOWCORSFROM=*" + ]; + Restart = "always"; + }; + preStart = '' + mkdir -p /var/lib/mattermost/bin + mkdir -p /var/lib/mattermost/client + mkdir -p /var/lib/mattermost/config + mkdir -p /var/lib/mattermost/templates + cp -r ${pkgs.mattermost}/client/* /var/lib/mattermost/client/ + cp -r ${pkgs.mattermost}/bin/* /var/lib/mattermost/bin/ + cp -r ${pkgs.mattermost}/config/* /var/lib/mattermost/config/ + cp -r ${pkgs.mattermost}/templates/* /var/lib/mattermost/templates/ + chown -R mattermost:mattermost /var/lib/mattermost + ''; + }; + + users.users.mattermost = { + isSystemUser = true; + home = "/var/lib/mattermost"; + createHome = true; + group = "mattermost"; + }; + + users.groups.mattermost = { }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "mattermost" ]; + ensureUsers = [ + { + name = "mattermost"; + ensureDBOwnership = true; + } + ]; + initialScript = pkgs.writeText "init-mattermost.sql" '' + DO $$ + BEGIN + IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'mattermost') THEN + CREATE ROLE mattermost LOGIN PASSWORD 'QwErAsDf'; + END IF; + END + $$; + ALTER DATABASE mattermost OWNER TO mattermost; + ''; + }; + services.postgresql.authentication = '' + local all postgres peer + local all mattermost md5 + host all all 127.0.0.1/32 md5 + host all all ::1/128 md5 + ''; +} |