From b494e676b0e89c975a9182546b47feafbb41dd55 Mon Sep 17 00:00:00 2001
From: stuebinm <stuebinm@disroot.org>
Date: Tue, 16 Mar 2021 23:59:32 +0100
Subject: [PATCH] Mattermost: Enable networking for the container.

Otherwise, the login via keycloak will fail, as mattermost cannot verify
the associated token. Since networking.nat only appears to work for ipv4
and I have no idea how to do it with ipv6, this unfortunately implies
downgrading the container's networking to ipv4 only ...
---
 hosts/hainich/services/mattermost.nix | 23 ++++++++++++++++-------
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/hosts/hainich/services/mattermost.nix b/hosts/hainich/services/mattermost.nix
index 19b172e..e06e1f3 100644
--- a/hosts/hainich/services/mattermost.nix
+++ b/hosts/hainich/services/mattermost.nix
@@ -4,8 +4,8 @@
   containers.mattermost = {
     autoStart = true;
     privateNetwork = true;
-    hostAddress6 = "fd00::42:24";
-    localAddress6 = "fd00::42:25";
+    hostAddress = "192.168.100.30";
+    localAddress = "192.168.100.31";
 
     bindMounts."/secrets" = {
       hostPath = "/var/lib/mattermost/";
@@ -24,7 +24,7 @@
         enable = true;
         siteUrl = "https://mattermost-beta.infra4future.de";
         siteName = "Mattermost - Blabla for Future";
-        listenAddress = "[::]:3000";
+        listenAddress = "0.0.0.0:3000";
         mutableConfig = false;
 
         secretConfig = "/secrets/secrets.json";
@@ -83,7 +83,7 @@
             EnableFileAttachments = true;
             MaxFileSize = 52428800;
             DriverName = "local";
-            Directory = "/mnt/storage";
+            Directory = "/var/lib/mattermost/uploads-storage";
             EnablePublicLink = true;
             PublicLinkSalt = "3k7p3yxdhz6798b3b9openfr9rn3ymwu";
           };
@@ -116,7 +116,7 @@
           AnnouncementSettings.EnableBanner = false;
           GitLabSettings = {
             Enable = true;
-            Id = "mattermost";
+            Id = "mattermost-beta";
             Scope = "";
             AuthEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/auth";
             TokenEndpoint = "https://auth.infra4future.de/auth/realms/forfuture/protocol/openid-connect/token";
@@ -186,7 +186,7 @@
         enable = true;
         config = ''
           .:53 {
-          forward . 64:ff9b::1.1.1.1
+          forward . 1.1.1.1
           }
         '';
       };
@@ -194,9 +194,18 @@
   };
 
   services.nginx.virtualHosts."mattermost-beta.infra4future.de" = {
-    locations."/".proxyPass = "http://[${config.containers.mattermost.localAddress6}]:3000";
+    locations."/" = {
+      proxyPass = "http://${config.containers.mattermost.localAddress}:3000";
+      proxyWebsockets = true;
+    };
     forceSSL = true;
     enableACME = true;
   };
 
+  networking.nat = {
+    enable = true;
+    internalInterfaces = [ "ve-mattermost" ];
+    externalInterface = "enp6s0";
+  };
+
 }