services/mattermost.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

{ config, pkgs, lib, ... }:

{
  services.mattermost = {
    enable = true;

    # The defaults, here for easy reference.
    host = "127.0.0.1";
    port = 8065;

    # This is a placeholder, since it's the one domain name that's actually
    # mapped to this server right now. Under no circumstances should we ever
    # expose Mattermost directly to traffic from the internet, it always needs
    # to be behind our reverse proxy, so please don't actually open the port
    # or anything like that. Use an ssh tunnel for experimenting with it,
    # until then.
    siteUrl = "https://experiments.internetsafetylabs.org";

    # For the usual nix reasons, we prefer to disable Mattermost's in-band
    # configuration and do all config through nix.
    preferNixConfig = true;

    telemetry = {
      enableDiagnostics = false;
      enableSecurityAlerts = false;
    };

    database.peerAuth = true;
  };

  services.postgresqlBackup.databases = [ "mattermost" ];
}