Mattermost: Enable networking for the container.

Otherwise, the login via keycloak will fail, as mattermost cannot verify
the associated token. Since networking.nat only appears to work for ipv4
and I have no idea how to do it with ipv6, this unfortunately implies
downgrading the container's networking to ipv4 only ...
This commit is contained in:
stuebinm 2021-03-16 23:59:32 +01:00
parent f24da2510d
commit b07e4d08fa
No known key found for this signature in database
GPG key ID: 695C841098BECF1D

View file

@ -4,8 +4,8 @@
containers.mattermost = { containers.mattermost = {
autoStart = true; autoStart = true;
privateNetwork = true; privateNetwork = true;
hostAddress6 = "fd00::42:24"; hostAddress = "192.168.100.30";
localAddress6 = "fd00::42:25"; localAddress = "192.168.100.31";
bindMounts."/secrets" = { bindMounts."/secrets" = {
hostPath = "/var/lib/mattermost/"; hostPath = "/var/lib/mattermost/";
@ -24,7 +24,7 @@
enable = true; enable = true;
siteUrl = "https://mattermost-beta.infra4future.de"; siteUrl = "https://mattermost-beta.infra4future.de";
siteName = "Mattermost - Blabla for Future"; siteName = "Mattermost - Blabla for Future";
listenAddress = "[::]:3000"; listenAddress = "0.0.0.0:3000";
mutableConfig = false; mutableConfig = false;
secretConfig = "/secrets/secrets.json"; secretConfig = "/secrets/secrets.json";
@ -83,7 +83,7 @@
EnableFileAttachments = true; EnableFileAttachments = true;
MaxFileSize = 52428800; MaxFileSize = 52428800;
DriverName = "local"; DriverName = "local";
Directory = "/mnt/storage"; Directory = "/var/lib/mattermost/uploads-storage";
EnablePublicLink = true; EnablePublicLink = true;
PublicLinkSalt = "3k7p3yxdhz6798b3b9openfr9rn3ymwu"; PublicLinkSalt = "3k7p3yxdhz6798b3b9openfr9rn3ymwu";
}; };
@ -116,7 +116,7 @@
AnnouncementSettings.EnableBanner = false; AnnouncementSettings.EnableBanner = false;
GitLabSettings = { GitLabSettings = {
Enable = true; Enable = true;
Id = "mattermost"; Id = "mattermost-beta";
Scope = ""; Scope = "";
AuthEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth"; AuthEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
TokenEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token"; TokenEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
@ -186,7 +186,7 @@
enable = true; enable = true;
config = '' config = ''
.:53 { .:53 {
forward . 64:ff9b::1.1.1.1 forward . 1.1.1.1
} }
''; '';
}; };
@ -194,9 +194,18 @@
}; };
services.nginx.virtualHosts."mattermost-beta.infra4future.de" = { services.nginx.virtualHosts."mattermost-beta.infra4future.de" = {
locations."/".proxyPass = "http://[${config.containers.mattermost.localAddress6}]:3000"; locations."/" = {
proxyPass = "http://${config.containers.mattermost.localAddress}:3000";
proxyWebsockets = true;
};
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
}; };
networking.nat = {
enable = true;
internalInterfaces = [ "ve-mattermost" ];
externalInterface = "enp6s0";
};
} }