forked from hacc/haccfiles
stuebinm
4d5e82a0d9
this has not been used for quite some time, and since the new mattermost version displays the plugin's button more prominently it's now definitly time to remove this.
211 lines
7.3 KiB
Nix
211 lines
7.3 KiB
Nix
{ config, pkgs, lib, ...}:
|
|
|
|
{
|
|
sops.secrets = {
|
|
"mattermost/env" = {};
|
|
};
|
|
|
|
hacc.containers.mattermost = {
|
|
bindSecrets = true;
|
|
|
|
config = { config, lib, pkgs, ... }: {
|
|
environment.systemPackages = [ pkgs.morph pkgs.pgloader ];
|
|
|
|
systemd.services.mattermost.serviceConfig.EnvironmentFile =
|
|
lib.mkForce "/secrets/env";
|
|
|
|
services.mattermost = {
|
|
enable = true;
|
|
siteUrl = "https://mattermost.infra4future.de";
|
|
siteName = "Mattermost for Future";
|
|
listenAddress = "0.0.0.0:3000";
|
|
mutableConfig = false;
|
|
|
|
statePath = "/persist/mattermost";
|
|
|
|
extraConfig = {
|
|
ServiceSettings = {
|
|
TrustedProxyIPHeader = [ "X-Forwarded-For" "X-Real-Ip" ];
|
|
ReadTimeout = 300;
|
|
WriteTimeout = 600;
|
|
IdleTimeout = 60;
|
|
MaximumLoginAttempts = 10;
|
|
AllowCorsFrom = "*.infra4future.de/*";
|
|
WebserverMode = "gzip";
|
|
EnableCustomEmoji = true;
|
|
EnableEmojiPicker = true;
|
|
EnableGifPicker = false;
|
|
RestrictCustomEmojiCreation = "all";
|
|
RestrictPostDelete = "all";
|
|
AllowEditPost = "always";
|
|
PostEditTimeout = -1;
|
|
EnableTutorial = false;
|
|
ExperimentalChannelSidebarOrganization = "default_on";
|
|
ExperimentalChannelOrganization = true;
|
|
ExperimentalDataPrefetch = true;
|
|
EnableEmailInvitations = true;
|
|
DisableLegacyMFA = true;
|
|
EnableSVGs = true;
|
|
EnableLaTeX = true;
|
|
ThreadAutoFollow = true;
|
|
EnableSecurityFixAlert = false;
|
|
CollapsedThreads = "default_on";
|
|
};
|
|
TeamSettings = {
|
|
EnableTeamCreation = true;
|
|
EnableUserCreation = true;
|
|
MaxUsersPerTeam = 250;
|
|
EnableOpenServer = false;
|
|
EnableUserDeactivation = true;
|
|
ExperimentalViewArchivedChannels = true;
|
|
ExperimentalEnableAutomaticReplies = true;
|
|
};
|
|
LogSettings = {
|
|
EnableConsole = true;
|
|
ConsoleLevel = "ERROR";
|
|
EnableDiagnostics = false;
|
|
EnableWebhookDebugging = false;
|
|
};
|
|
NotificationLogSettings = {
|
|
EnableConsole = true;
|
|
ConsoleLevel = "INFO";
|
|
};
|
|
PasswordSettings = {
|
|
MinimumLength = 10;
|
|
# turn of all the bullshit requirements
|
|
Lowercase = false;
|
|
Number = false;
|
|
Uppercase = false;
|
|
Symbol = false;
|
|
};
|
|
FileSettings = {
|
|
EnableFileAttachments = true;
|
|
MaxFileSize = 52428800;
|
|
DriverName = "local";
|
|
Directory = "/persist/mattermost/upload-storage";
|
|
EnablePublicLink = true;
|
|
PublicLinkSalt = "3k7p3yxdhz6798b3b9openfr9rn3ymwu";
|
|
};
|
|
EmailSettings = {
|
|
EnableSignUpWithEmail = false;
|
|
EnableSignInWithEmail = false;
|
|
EnableSignInWithUsername = false;
|
|
SendEmailNotifications = true;
|
|
FeedbackName = "mattermost";
|
|
FeedbackEmail = "mattermost@infra4future.de";
|
|
ReplyToAddress = "mattermost@infra4future.de";
|
|
FeedbackOrganization = "∆infra4future.de";
|
|
EnableSMTPAuth = true;
|
|
SMTPUsername = "noreply@infra4future.de";
|
|
SMTPServer = "mail.hacc.space";
|
|
SMTPPort = "465";
|
|
SMTPServerTimeout = 10;
|
|
ConnectionSecurity = "TLS";
|
|
};
|
|
RateLimitSettings.Enable = false;
|
|
PrivacySettings = {
|
|
ShowEmailAddress = false;
|
|
ShowFullName = true;
|
|
};
|
|
# to disable the extra landing page advertising the app
|
|
NativeAppSettings = {
|
|
AppDownloadLink = "";
|
|
AndroidAppDownloadLink = "";
|
|
IosAppDownloadLink = "";
|
|
};
|
|
SupportSettings = {
|
|
TermsOfServiceLink = "https://infra4future.de/nutzungsbedingungen.html";
|
|
PrivacyPolicyLink = "https://infra4future.de/nutzungsbedingungen.html";
|
|
AboutLink = "https://infra4future.de";
|
|
SupportEmail = "info@infra4future.de";
|
|
CustomTermsOfServiceEnabled = false;
|
|
EnableAskCommunityLink = true;
|
|
};
|
|
AnnouncementSettings.EnableBanner = false;
|
|
GitLabSettings = {
|
|
Enable = true;
|
|
Id = "mattermost";
|
|
Scope = "";
|
|
AuthEndpoint = "https://login.infra4future.de/oauth2/authorize";
|
|
TokenEndpoint = "https://login.infra4future.de/oauth2/token";
|
|
UserApiEndpoint = "https://login.infra4future.de/oauth2/userinfo";
|
|
};
|
|
# for some reason, these don't appear to be working; the startup
|
|
# process complaines and sets these back to en
|
|
LocalizationSettings = {
|
|
DefaultServerLocale = "de";
|
|
DefaultClientLocale = "de";
|
|
AvailableLocales = "de,en";
|
|
};
|
|
MessageExportSettings.EnableExport = false;
|
|
# plugins appear to have trouble with the read-only filesystem; it may
|
|
# be necessary to manually change their paths etc.
|
|
PluginSettings = {
|
|
Enable = true;
|
|
EnableUploads = true;
|
|
Plugins = {
|
|
"com.github.matterpoll.matterpoll" = {
|
|
experimentalui = true;
|
|
trigger = "poll";
|
|
};
|
|
};
|
|
PluginStates = {
|
|
"com.github.matterpoll.matterpoll".Enable = true;
|
|
};
|
|
};
|
|
ComplianceSettings.Enable = false;
|
|
ClusterSettings.Enable = false;
|
|
MetricsSettings.Enable = false;
|
|
GuestAccountsSettings.Enable = false;
|
|
FeatureFlags.CollapsedThreads = true;
|
|
SqlSettings.DriverName = "postgres";
|
|
SqlSettings.DataSource = "postgres:///mattermost?host=/run/postgresql";
|
|
};
|
|
|
|
# turn of the weirder parts of this module (which insist on passwords
|
|
# in nix files, instead of just using socket-based authentication)
|
|
#
|
|
# It will still attempt to use its default password, but postgres will
|
|
# just let it in regardless of that.
|
|
localDatabaseCreate = false;
|
|
};
|
|
|
|
services.postgresql = {
|
|
enable = lib.mkForce true; # mattermost sets this to false. wtf.
|
|
package = pkgs.postgresql_15;
|
|
ensureDatabases = [ "mattermost" ];
|
|
ensureUsers = [ {
|
|
name = "mattermost";
|
|
ensureDBOwnership = true;
|
|
} ];
|
|
|
|
authentication = lib.mkForce ''
|
|
# Generated file; do not edit!
|
|
local all all trust
|
|
'';
|
|
};
|
|
|
|
services.postgresqlBackup = {
|
|
enable = true;
|
|
databases = [ "mattermost" ];
|
|
startAt = "*-*-* 23:45:00";
|
|
location = "/persist/backups/postgres";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."mattermost.infra4future.de" = {
|
|
locations."/" = {
|
|
proxyPass = "http://${config.containers.mattermost.localAddress}:3000";
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
# Mattermost CSR Patch
|
|
proxy_hide_header Content-Security-Policy;
|
|
proxy_hide_header X-Frame-Options;
|
|
proxy_redirect off;
|
|
'';
|
|
};
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
};
|
|
}
|