Mattermost: Enable networking for the container.

Otherwise, the login via keycloak will fail, as mattermost cannot verify the associated token. Since networking.nat only appears to work for ipv4 and I have no idea how to do it with ipv6, this unfortunately implies downgrading the container's networking to ipv4 only ...
2021-03-16 23:59:32 +01:00 · 2021-03-16 23:59:32 +01:00 · b07e4d08fa
commit b07e4d08fa
parent f24da2510d
1 changed files with 16 additions and 7 deletions
--- a/hosts/hainich/services/mattermost.nix
+++ b/hosts/hainich/services/mattermost.nix
@ -4,8 +4,8 @@
  containers.mattermost = {
    autoStart = true;
    privateNetwork = true;
-    hostAddress6 = "fd00::42:24";
-    localAddress6 = "fd00::42:25";
+    hostAddress = "192.168.100.30";
+    localAddress = "192.168.100.31";

    bindMounts."/secrets" = {
      hostPath = "/var/lib/mattermost/";
@ -24,7 +24,7 @@
        enable = true;
        siteUrl = "https://mattermost-beta.infra4future.de";
        siteName = "Mattermost - Blabla for Future";
-        listenAddress = "[::]:3000";
+        listenAddress = "0.0.0.0:3000";
        mutableConfig = false;

        secretConfig = "/secrets/secrets.json";
@ -83,7 +83,7 @@
            EnableFileAttachments = true;
            MaxFileSize = 52428800;
            DriverName = "local";
-            Directory = "/mnt/storage";
+            Directory = "/var/lib/mattermost/uploads-storage";
            EnablePublicLink = true;
            PublicLinkSalt = "3k7p3yxdhz6798b3b9openfr9rn3ymwu";
          };
@ -116,7 +116,7 @@
          AnnouncementSettings.EnableBanner = false;
          GitLabSettings = {
            Enable = true;
-            Id = "mattermost";
+            Id = "mattermost-beta";
            Scope = "";
            AuthEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
            TokenEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
@ -186,7 +186,7 @@
        enable = true;
        config = ''
          .:53 {
-          forward . 64:ff9b::1.1.1.1
+          forward . 1.1.1.1
          }
        '';
      };
@ -194,9 +194,18 @@
  };

  services.nginx.virtualHosts."mattermost-beta.infra4future.de" = {
-    locations."/".proxyPass = "http://[${config.containers.mattermost.localAddress6}]:3000";
+    locations."/" = {
+      proxyPass = "http://${config.containers.mattermost.localAddress}:3000";
+      proxyWebsockets = true;
+    };
    forceSSL = true;
    enableACME = true;
  };

+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-mattermost" ];
+    externalInterface = "enp6s0";
+  };
+
 }