{ config, pkgs, lib, ... }: let mattermostPassword = ""; # Change to a strong password in { networking.firewall.allowedTCPPorts = [ 80 443 8065 ]; services.mattermost.database.peerAuth = true; systemd.services.mattermost = { description = "Mattermost server"; after = [ "network.target" "postgresql.service" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { User = "mattermost"; Group = "mattermost"; WorkingDirectory = "/var/lib/mattermost"; ExecStart = "${pkgs.mattermost}/bin/mattermost"; Environment = [ "MM_SQLSETTINGS_DRIVERNAME=postgres" "MM_SQLSETTINGS_DATASOURCE=postgres://mattermost:QwErAsDf@localhost:5432/mattermost?sslmode=disable&connect_timeout=10" "MM_SERVICESETTINGS_SITEURL=http://islmm" "MM_SERVICESETTINGS_LISTENADDRESS=:8065" "MM_SERVICESETTINGS_ENABLEUSERCREATION=true" "MM_SERVICESETTINGS_ALLOWCORSFROM=*" ]; Restart = "always"; }; preStart = '' mkdir -p /var/lib/mattermost/bin mkdir -p /var/lib/mattermost/client mkdir -p /var/lib/mattermost/config mkdir -p /var/lib/mattermost/templates cp -r ${pkgs.mattermost}/client/* /var/lib/mattermost/client/ cp -r ${pkgs.mattermost}/bin/* /var/lib/mattermost/bin/ cp -r ${pkgs.mattermost}/config/* /var/lib/mattermost/config/ cp -r ${pkgs.mattermost}/templates/* /var/lib/mattermost/templates/ chown -R mattermost:mattermost /var/lib/mattermost ''; }; users.users.mattermost = { isSystemUser = true; home = "/var/lib/mattermost"; createHome = true; group = "mattermost"; }; users.groups.mattermost = { }; services.postgresql = { enable = true; ensureDatabases = [ "mattermost" ]; ensureUsers = [ { name = "mattermost"; ensureDBOwnership = true; } ]; initialScript = pkgs.writeText "init-mattermost.sql" '' DO $$ BEGIN IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'mattermost') THEN CREATE ROLE mattermost LOGIN PASSWORD 'QwErAsDf'; END IF; END $$; ALTER DATABASE mattermost OWNER TO mattermost; ''; }; services.postgresql.authentication = '' local all postgres peer local all mattermost md5 host all all 127.0.0.1/32 md5 host all all ::1/128 md5 ''; }