{ config, lib, pkgs, ... }: { sops.secrets = { "s4f-conference/env" = {}; }; hacc.containers.s4f-conference = { bindSecrets = true; config = { config, lib, pkgs, ... }: { systemd.services.mattermost.serviceConfig.EnvironmentFile = lib.mkForce "/secrets/env"; services.mattermost = { enable = true; siteUrl = "https://s4f-conference.infra4future.de"; siteName = "Scientists for Future Chat"; listenAddress = "0.0.0.0:3000"; mutableConfig = false; statePath = "/persist/mattermost"; extraConfig = { ServiceSettings = { TrustedProxyIPHeader = [ "X-Forwarded-For" "X-Real-Ip" ]; EnableEmailInvitations = true; }; TeamSettings = { EnableUserCreation = true; EnableUserDeactivation = true; EnableOpenServer = false; }; PasswordSettings = { MinimumLength = 10; }; FileSettings = { EnableFileAttachments = true; MaxFileSize = 52428800; DriverName = "local"; Directory = "/persist/upload-storage"; EnablePublicLink = true; PublicLinkSalt = "3k7p3yxdhz6798b3b9openfr9rn3ymwu"; }; EmailSettings = { EnableSignUpWithEmail = true; EnableSignInWithEmail = true; EnableSignInWithUsername = true; SendEmailNotifications = true; FeedbackName = "mattermost"; FeedbackEmail = "mattermost@infra4future.de"; ReplyToAddress = "mattermost@infra4future.de"; FeedbackOrganization = "∆infra4future.de"; EnableSMTPAuth = true; SMTPUsername = "noreply@infra4future.de"; SMTPServer = "mail.hacc.space"; SMTPPort = "465"; SMTPServerTimeout = 10; ConnectionSecurity = "TLS"; }; RateLimitSettings.Enable = false; PrivacySettings = { ShowEmailAddress = false; ShowFullName = true; }; # to disable the extra landing page advertising the app NativeAppSettings = { AppDownloadLink = ""; AndroidAppDownloadLink = ""; IosAppDownloadLink = ""; }; LogSettings = { EnableConsole = true; ConsoleLevel = "ERROR"; EnableDiagnostics = false; EnableWebhookDebugging = false; }; SupportSettings = { TermsOfServiceLink = "https://infra4future.de/nutzungsbedingungen.html"; PrivacyPolicyLink = "https://infra4future.de/nutzungsbedingungen.html"; AboutLink = "https://infra4future.de"; SupportEmail = "info@infra4future.de"; CustomTermsOfServiceEnabled = false; EnableAskCommunityLink = true; }; AnnouncementSettings.EnableBanner = false; ComplianceSettings.Enable = false; ClusterSettings.Enable = false; MetricsSettings.Enable = false; GuestAccountsSettings.Enable = true; }; localDatabaseCreate = false; }; services.postgresql = { enable = lib.mkForce true; # mattermost sets this to false. wtf. package = pkgs.postgresql_15; ensureDatabases = [ "mattermost" ]; ensureUsers = [ { name = "mattermost"; ensureDBOwnership = true; } ]; authentication = lib.mkForce '' # Generated file; do not edit! local all all trust host mattermost mattermost ::1/128 trust ''; }; services.postgresqlBackup = { enable = true; databases = [ "mattermost" ]; startAt = "*-*-* 23:45:00"; location = "/persist/backups/postgres"; }; }; }; services.nginx.virtualHosts."s4f-conference.infra4future.de" = { locations."/" = { proxyPass = "http://${config.containers.s4f-conference.localAddress}:3000"; proxyWebsockets = true; extraConfig = '' # Mattermost CSR Patch proxy_hide_header Content-Security-Policy; proxy_hide_header X-Frame-Options; proxy_redirect off; client_max_body_size 100M; ''; }; forceSSL = true; enableACME = true; }; }