services/mattermost/mattermost.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

{ config, pkgs, lib, ... }:

let
  mattermostPassword = ""; # Change to a strong password
in {
  networking.firewall.allowedTCPPorts = [ 80 443 8065 ];

  services.mattermost.database.peerAuth = true;

  systemd.services.mattermost = {
    description = "Mattermost server";
    after = [ "network.target" "postgresql.service" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      User = "mattermost";
      Group = "mattermost";
      WorkingDirectory = "/var/lib/mattermost";
      ExecStart = "${pkgs.mattermost}/bin/mattermost";
      Environment = [
        "MM_SQLSETTINGS_DRIVERNAME=postgres"
        "MM_SQLSETTINGS_DATASOURCE=postgres://mattermost:QwErAsDf@localhost:5432/mattermost?sslmode=disable&connect_timeout=10"
        "MM_SERVICESETTINGS_SITEURL=http://islmm"
        "MM_SERVICESETTINGS_LISTENADDRESS=:8065"
        "MM_SERVICESETTINGS_ENABLEUSERCREATION=true"
        "MM_SERVICESETTINGS_ALLOWCORSFROM=*"
      ];
      Restart = "always";
    };
    preStart = ''
      mkdir -p /var/lib/mattermost/bin
      mkdir -p /var/lib/mattermost/client
      mkdir -p /var/lib/mattermost/config
      mkdir -p /var/lib/mattermost/templates
      cp -r ${pkgs.mattermost}/client/* /var/lib/mattermost/client/
      cp -r ${pkgs.mattermost}/bin/*  /var/lib/mattermost/bin/
      cp -r ${pkgs.mattermost}/config/*  /var/lib/mattermost/config/
      cp -r ${pkgs.mattermost}/templates/*  /var/lib/mattermost/templates/
      chown -R mattermost:mattermost /var/lib/mattermost
    '';
  };

  users.users.mattermost = {
    isSystemUser = true;
    home = "/var/lib/mattermost";
    createHome = true;
    group = "mattermost";
  };

  users.groups.mattermost = { };

  services.postgresql = {
    enable = true;
    ensureDatabases = [ "mattermost" ];
    ensureUsers = [
      {
        name = "mattermost";
        ensureDBOwnership = true;
      }
    ];
    initialScript = pkgs.writeText "init-mattermost.sql" ''
      DO $$
      BEGIN
        IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'mattermost') THEN
          CREATE ROLE mattermost LOGIN PASSWORD 'QwErAsDf';
        END IF;
      END
      $$;
      ALTER DATABASE mattermost OWNER TO mattermost;
    '';
  };
  services.postgresql.authentication = ''
    local   all             postgres                                peer
    local   all             mattermost                              md5
    host    all             all             127.0.0.1/32            md5
    host    all             all             ::1/128                 md5
  '';
}