s4f-conference: another mattermost
this one's not connected to our SSO and intended for short-term use only, after which it will be deleted again. I've gone through at least some of mattermost's options to see how many of these are actually relevant anymore. Some can be left out. Unlike the other mattermost it also doesn't use any mysql.
This commit is contained in:
parent
6e84a9f9f8
commit
d933a6ef98
3 changed files with 139 additions and 2 deletions
|
|
@ -20,6 +20,7 @@
|
||||||
./uffd.nix
|
./uffd.nix
|
||||||
./lxc.nix
|
./lxc.nix
|
||||||
./monit.nix
|
./monit.nix
|
||||||
|
./s4f-conference.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
hacc.bindToPersist = [ "/var/lib/acme" ];
|
hacc.bindToPersist = [ "/var/lib/acme" ];
|
||||||
|
|
|
||||||
134
parsons/s4f-conference.nix
Normal file
134
parsons/s4f-conference.nix
Normal file
|
|
@ -0,0 +1,134 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops.secrets = {
|
||||||
|
"s4f-conference/env" = {};
|
||||||
|
};
|
||||||
|
|
||||||
|
hacc.containers.s4f-conference = {
|
||||||
|
bindSecrets = true;
|
||||||
|
|
||||||
|
config = { config, lib, pkgs, ... }: {
|
||||||
|
systemd.services.mattermost.serviceConfig.EnvironmentFile =
|
||||||
|
lib.mkForce "/secrets/env";
|
||||||
|
|
||||||
|
services.mattermost = {
|
||||||
|
enable = true;
|
||||||
|
siteUrl = "https://s4f-conference.infra4future.de";
|
||||||
|
siteName = "Scientists for Future Chat";
|
||||||
|
listenAddress = "0.0.0.0:3000";
|
||||||
|
mutableConfig = false;
|
||||||
|
|
||||||
|
statePath = "/persist/mattermost";
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
ServiceSettings = {
|
||||||
|
TrustedProxyIPHeader = [ "X-Forwarded-For" "X-Real-Ip" ];
|
||||||
|
EnableEmailInvitations = true;
|
||||||
|
};
|
||||||
|
TeamSettings = {
|
||||||
|
EnableUserCreation = true;
|
||||||
|
EnableUserDeactivation = true;
|
||||||
|
EnableOpenServer = false;
|
||||||
|
};
|
||||||
|
PasswordSettings = {
|
||||||
|
MinimumLength = 10;
|
||||||
|
};
|
||||||
|
FileSettings = {
|
||||||
|
EnableFileAttachments = true;
|
||||||
|
MaxFileSize = 52428800;
|
||||||
|
DriverName = "local";
|
||||||
|
Directory = "/persist/upload-storage";
|
||||||
|
EnablePublicLink = true;
|
||||||
|
PublicLinkSalt = "3k7p3yxdhz6798b3b9openfr9rn3ymwu";
|
||||||
|
};
|
||||||
|
EmailSettings = {
|
||||||
|
EnableSignUpWithEmail = true;
|
||||||
|
EnableSignInWithEmail = true;
|
||||||
|
EnableSignInWithUsername = true;
|
||||||
|
SendEmailNotifications = true;
|
||||||
|
FeedbackName = "mattermost";
|
||||||
|
FeedbackEmail = "mattermost@infra4future.de";
|
||||||
|
ReplyToAddress = "mattermost@infra4future.de";
|
||||||
|
FeedbackOrganization = "∆infra4future.de";
|
||||||
|
EnableSMTPAuth = true;
|
||||||
|
SMTPUsername = "noreply@infra4future.de";
|
||||||
|
SMTPServer = "mail.hacc.space";
|
||||||
|
SMTPPort = "465";
|
||||||
|
SMTPServerTimeout = 10;
|
||||||
|
ConnectionSecurity = "TLS";
|
||||||
|
};
|
||||||
|
RateLimitSettings.Enable = false;
|
||||||
|
PrivacySettings = {
|
||||||
|
ShowEmailAddress = false;
|
||||||
|
ShowFullName = true;
|
||||||
|
};
|
||||||
|
# to disable the extra landing page advertising the app
|
||||||
|
NativeAppSettings = {
|
||||||
|
AppDownloadLink = "";
|
||||||
|
AndroidAppDownloadLink = "";
|
||||||
|
IosAppDownloadLink = "";
|
||||||
|
};
|
||||||
|
LogSettings = {
|
||||||
|
EnableConsole = true;
|
||||||
|
ConsoleLevel = "ERROR";
|
||||||
|
EnableDiagnostics = false;
|
||||||
|
EnableWebhookDebugging = false;
|
||||||
|
};
|
||||||
|
SupportSettings = {
|
||||||
|
TermsOfServiceLink = "https://infra4future.de/nutzungsbedingungen.html";
|
||||||
|
PrivacyPolicyLink = "https://infra4future.de/nutzungsbedingungen.html";
|
||||||
|
AboutLink = "https://infra4future.de";
|
||||||
|
SupportEmail = "info@infra4future.de";
|
||||||
|
CustomTermsOfServiceEnabled = false;
|
||||||
|
EnableAskCommunityLink = true;
|
||||||
|
};
|
||||||
|
AnnouncementSettings.EnableBanner = false;
|
||||||
|
ComplianceSettings.Enable = false;
|
||||||
|
ClusterSettings.Enable = false;
|
||||||
|
MetricsSettings.Enable = false;
|
||||||
|
GuestAccountsSettings.Enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
localDatabaseCreate = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
enable = lib.mkForce true; # mattermost sets this to false. wtf.
|
||||||
|
package = pkgs.postgresql_15;
|
||||||
|
ensureDatabases = [ "mattermost" ];
|
||||||
|
ensureUsers = [ {
|
||||||
|
name = "mattermost";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
} ];
|
||||||
|
|
||||||
|
authentication = lib.mkForce ''
|
||||||
|
# Generated file; do not edit!
|
||||||
|
local all all trust
|
||||||
|
host mattermost mattermost ::1/128 trust
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.postgresqlBackup = {
|
||||||
|
enable = true;
|
||||||
|
databases = [ "mattermost" ];
|
||||||
|
startAt = "*-*-* 23:45:00";
|
||||||
|
location = "/persist/backups/postgres";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."s4f-conference.infra4future.de" = {
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://${config.containers.s4f-conference.localAddress}:3000";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
extraConfig = ''
|
||||||
|
# Mattermost CSR Patch
|
||||||
|
proxy_hide_header Content-Security-Policy;
|
||||||
|
proxy_hide_header X-Frame-Options;
|
||||||
|
proxy_redirect off;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -11,6 +11,8 @@ auamost:
|
||||||
restic:
|
restic:
|
||||||
s3creds.env: ENC[AES256_GCM,data:9WNu5S4KmdMXdshSpawEjIexAKH6vZCPwb9xyq6xmerly1lxSfFZzgg60M0L3L+I4joLTVi23YBB8Eh6Xfx9GgxNww7w7BjMCQs/X16ecDWlb346TKf+,iv:Gu4CbXXJAlQYXRqOjIAUYmn8EU4mrvcOVc2eCh1Ikzs=,tag:1xpVIonHiAGHsXTY9liPQQ==,type:str]
|
s3creds.env: ENC[AES256_GCM,data:9WNu5S4KmdMXdshSpawEjIexAKH6vZCPwb9xyq6xmerly1lxSfFZzgg60M0L3L+I4joLTVi23YBB8Eh6Xfx9GgxNww7w7BjMCQs/X16ecDWlb346TKf+,iv:Gu4CbXXJAlQYXRqOjIAUYmn8EU4mrvcOVc2eCh1Ikzs=,tag:1xpVIonHiAGHsXTY9liPQQ==,type:str]
|
||||||
system: ENC[AES256_GCM,data:RIgO0QHVjwp2D3LoU62vLzepASdsXxu0DqUTA6Voa3K1d4xFHX2u+UR8AcqR,iv:O0K8i5ivne7WU+ygDEUcrvKW6DIfXjVPY63gpfsxEFE=,tag:n/1atQ5qlyB0SMHrYiTCrA==,type:str]
|
system: ENC[AES256_GCM,data:RIgO0QHVjwp2D3LoU62vLzepASdsXxu0DqUTA6Voa3K1d4xFHX2u+UR8AcqR,iv:O0K8i5ivne7WU+ygDEUcrvKW6DIfXjVPY63gpfsxEFE=,tag:n/1atQ5qlyB0SMHrYiTCrA==,type:str]
|
||||||
|
s4f-conference:
|
||||||
|
env: ENC[AES256_GCM,data:e4Fuurb37YQvracqLA8Z1VQL5MpiARE35NKCNdLgyxyVNRm6zSATwyH8DvkST8zuYadAv9wOwjv5q9Xlv7CWBFPyMMjkrHPZORJI,iv:36EGmqqIpeNWylinu902MFU3MZf6sPRWvUrSl5usxHI=,tag:XxoTdq10zgr6xtMn4TYDOA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -98,8 +100,8 @@ sops:
|
||||||
bndBTXJhQVE2OVlKeGNTbzJlL0duUzAKIWdesesYvBIN/m36fhzxq30+IT8qp/pF
|
bndBTXJhQVE2OVlKeGNTbzJlL0duUzAKIWdesesYvBIN/m36fhzxq30+IT8qp/pF
|
||||||
S6i7QqZF75y2BpEoupRCqNIAsHrouUE+U9ZQJZO8m9J591mWvbVJIw==
|
S6i7QqZF75y2BpEoupRCqNIAsHrouUE+U9ZQJZO8m9J591mWvbVJIw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-05-01T01:20:25Z"
|
lastmodified: "2024-05-08T11:06:26Z"
|
||||||
mac: ENC[AES256_GCM,data:2fVIskFTMl1jefsa3A9fbBBUBK3Ni9XpUjLbwgewEUEKDhwzHY7vjlauzEVtcFJhYkorG/I/0YkPE6PjHta8Qk4mAOfXeVeLDrwH0dmIoPxw+J4kCgRNgNGdhkvmSUBQKwmhfvG3owZnGvq6JfcKZW8HodXyZ+GQQNknGzoX1wQ=,iv:fIXw7lsLwMHsNpZyv9nil7pdXrYNm18UV87KY0Z2zJ4=,tag:L/zymgljJWopKN1q7rpPhg==,type:str]
|
mac: ENC[AES256_GCM,data:H18GHY66eYI8BfJNd1ybzTgrPoq+lGnSp1f+65/+cOOndgyzo9/XwgToB3tMMyJFIXbQ0li9zYIb0TMldSYsaXI1AixPqRh8UXwM5x7OBZCi3DFA+SLKhslO88Lw3abZ9IEkZgrnNjeLKKXxgZwPHEpmlkOS38rDYTFCToK5JVI=,iv:TKaay3eFIDGr++8F500n45BISH6LnhWQ1+x18HiXZD8=,tag:Zecr/XH6NfP8tOj4T9Fmqg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue