From aecfac7a404b86b26d28bfe2a3077d3b0a41eee4 Mon Sep 17 00:00:00 2001
From: Irene Knapp <ireneista@internetsafetylabs.org>
Date: Thu, 5 Jun 2025 18:01:02 -0700
Subject: add database setup; export everything from the flake as a module

database.nix is substantially copied from the ISL config repo, with a few
changes to make it more generic and usable by others

I also removed stuff in mattermost.nix that wasn't doing anything; I'll
detail that in comments

Change-Id: I0ff6ea69f293dc4070f277f30ae0fde5254cd87c
---
 services/mattermost/default.nix    | 60 +++++++++++++++++++++++++++++
 services/mattermost/mattermost.nix | 77 --------------------------------------
 2 files changed, 60 insertions(+), 77 deletions(-)
 create mode 100644 services/mattermost/default.nix
 delete mode 100644 services/mattermost/mattermost.nix

(limited to 'services/mattermost')

diff --git a/services/mattermost/default.nix b/services/mattermost/default.nix
new file mode 100644
index 0000000..f16f721
--- /dev/null
+++ b/services/mattermost/default.nix
@@ -0,0 +1,60 @@
+{ config, pkgs, lib, ... }:
+
+{
+  systemd.services.mattermost = {
+    description = "Mattermost server";
+    after = [ "network.target" "postgresql.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    preStart = ''
+      mkdir -p /var/lib/mattermost/bin
+      mkdir -p /var/lib/mattermost/client
+      mkdir -p /var/lib/mattermost/config
+      mkdir -p /var/lib/mattermost/templates
+      cp -r ${pkgs.mattermost}/client/* /var/lib/mattermost/client/
+      cp -r ${pkgs.mattermost}/bin/*  /var/lib/mattermost/bin/
+      cp -r ${pkgs.mattermost}/config/*  /var/lib/mattermost/config/
+      cp -r ${pkgs.mattermost}/templates/*  /var/lib/mattermost/templates/
+      chown -R mattermost:mattermost /var/lib/mattermost
+    '';
+
+    serviceConfig = {
+      User = "mattermost";
+      Group = "mattermost";
+      WorkingDirectory = "/var/lib/mattermost";
+      ExecStart = "${pkgs.mattermost}/bin/mattermost";
+      Environment = [
+        "MM_SQLSETTINGS_DRIVERNAME=postgres"
+        "MM_SQLSETTINGS_DATASOURCE=postgres://mattermost@localhost:5432/mattermost?sslmode=disable&connect_timeout=10"
+        "MM_SERVICESETTINGS_SITEURL=http://islmm"
+        "MM_SERVICESETTINGS_LISTENADDRESS=:8065"
+        "MM_SERVICESETTINGS_ENABLEUSERCREATION=true"
+        "MM_SERVICESETTINGS_ALLOWCORSFROM=*"
+      ];
+      Restart = "always";
+    };
+  };
+
+  users.users.mattermost = {
+    isSystemUser = true;
+    home = "/var/lib/mattermost";
+    createHome = true;
+    group = "mattermost";
+  };
+
+  users.groups.mattermost = { };
+
+  services.postgresql = {
+    enable = true;
+
+    ensureDatabases = [ "mattermost" ];
+    ensureUsers = [
+      {
+        name = "mattermost";
+        ensureDBOwnership = true;
+      }
+    ];
+  };
+
+  services.postgresqlBackup.databases = [ "mattermost" ];
+}
diff --git a/services/mattermost/mattermost.nix b/services/mattermost/mattermost.nix
deleted file mode 100644
index 132fdeb..0000000
--- a/services/mattermost/mattermost.nix
+++ /dev/null
@@ -1,77 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-  mattermostPassword = ""; # Change to a strong password
-in {
-  networking.firewall.allowedTCPPorts = [ 80 443 8065 ];
-
-  services.mattermost.database.peerAuth = true;
-
-  systemd.services.mattermost = {
-    description = "Mattermost server";
-    after = [ "network.target" "postgresql.service" ];
-    wantedBy = [ "multi-user.target" ];
-    serviceConfig = {
-      User = "mattermost";
-      Group = "mattermost";
-      WorkingDirectory = "/var/lib/mattermost";
-      ExecStart = "${pkgs.mattermost}/bin/mattermost";
-      Environment = [
-        "MM_SQLSETTINGS_DRIVERNAME=postgres"
-        "MM_SQLSETTINGS_DATASOURCE=postgres://mattermost:QwErAsDf@localhost:5432/mattermost?sslmode=disable&connect_timeout=10"
-        "MM_SERVICESETTINGS_SITEURL=http://islmm"
-        "MM_SERVICESETTINGS_LISTENADDRESS=:8065"
-        "MM_SERVICESETTINGS_ENABLEUSERCREATION=true"
-        "MM_SERVICESETTINGS_ALLOWCORSFROM=*"
-      ];
-      Restart = "always";
-    };
-    preStart = ''
-      mkdir -p /var/lib/mattermost/bin
-      mkdir -p /var/lib/mattermost/client
-      mkdir -p /var/lib/mattermost/config
-      mkdir -p /var/lib/mattermost/templates
-      cp -r ${pkgs.mattermost}/client/* /var/lib/mattermost/client/
-      cp -r ${pkgs.mattermost}/bin/*  /var/lib/mattermost/bin/
-      cp -r ${pkgs.mattermost}/config/*  /var/lib/mattermost/config/
-      cp -r ${pkgs.mattermost}/templates/*  /var/lib/mattermost/templates/
-      chown -R mattermost:mattermost /var/lib/mattermost
-    '';
-  };
-
-  users.users.mattermost = {
-    isSystemUser = true;
-    home = "/var/lib/mattermost";
-    createHome = true;
-    group = "mattermost";
-  };
-
-  users.groups.mattermost = { };
-
-  services.postgresql = {
-    enable = true;
-    ensureDatabases = [ "mattermost" ];
-    ensureUsers = [
-      {
-        name = "mattermost";
-        ensureDBOwnership = true;
-      }
-    ];
-    initialScript = pkgs.writeText "init-mattermost.sql" ''
-      DO $$
-      BEGIN
-        IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'mattermost') THEN
-          CREATE ROLE mattermost LOGIN PASSWORD 'QwErAsDf';
-        END IF;
-      END
-      $$;
-      ALTER DATABASE mattermost OWNER TO mattermost;
-    '';
-  };
-  services.postgresql.authentication = ''
-    local   all             postgres                                peer
-    local   all             mattermost                              md5
-    host    all             all             127.0.0.1/32            md5
-    host    all             all             ::1/128                 md5
-  '';
-}
-- 
cgit 1.4.1