Mattermost: Enable networking for the container.

Otherwise, the login via keycloak will fail, as mattermost cannot verify
the associated token. Since networking.nat only appears to work for ipv4
and I have no idea how to do it with ipv6, this unfortunately implies
downgrading the container's networking to ipv4 only ...
This commit is contained in:
stuebinm 2021-03-16 23:59:32 +01:00
parent f24da2510d
commit b07e4d08fa
No known key found for this signature in database
GPG key ID: 695C841098BECF1D

View file

@ -4,8 +4,8 @@
containers.mattermost = {
autoStart = true;
privateNetwork = true;
hostAddress6 = "fd00::42:24";
localAddress6 = "fd00::42:25";
hostAddress = "192.168.100.30";
localAddress = "192.168.100.31";
bindMounts."/secrets" = {
hostPath = "/var/lib/mattermost/";
@ -24,7 +24,7 @@
enable = true;
siteUrl = "https://mattermost-beta.infra4future.de";
siteName = "Mattermost - Blabla for Future";
listenAddress = "[::]:3000";
listenAddress = "0.0.0.0:3000";
mutableConfig = false;
secretConfig = "/secrets/secrets.json";
@ -83,7 +83,7 @@
EnableFileAttachments = true;
MaxFileSize = 52428800;
DriverName = "local";
Directory = "/mnt/storage";
Directory = "/var/lib/mattermost/uploads-storage";
EnablePublicLink = true;
PublicLinkSalt = "3k7p3yxdhz6798b3b9openfr9rn3ymwu";
};
@ -116,7 +116,7 @@
AnnouncementSettings.EnableBanner = false;
GitLabSettings = {
Enable = true;
Id = "mattermost";
Id = "mattermost-beta";
Scope = "";
AuthEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
TokenEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
@ -186,7 +186,7 @@
enable = true;
config = ''
.:53 {
forward . 64:ff9b::1.1.1.1
forward . 1.1.1.1
}
'';
};
@ -194,9 +194,18 @@
};
services.nginx.virtualHosts."mattermost-beta.infra4future.de" = {
locations."/".proxyPass = "http://[${config.containers.mattermost.localAddress6}]:3000";
locations."/" = {
proxyPass = "http://${config.containers.mattermost.localAddress}:3000";
proxyWebsockets = true;
};
forceSSL = true;
enableACME = true;
};
networking.nat = {
enable = true;
internalInterfaces = [ "ve-mattermost" ];
externalInterface = "enp6s0";
};
}