13 changed files with 75 additions and 887 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -3,12 +3,10 @@ kind: pipeline
 name: deploy to swarm-test.autonomic.zone
 steps:
  - name: deployment
-    image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
+    image: decentral1se/stack-ssh-deploy:latest
    settings:
      host: swarm-test.autonomic.zone
      stack: mattermost
      networks:
       - proxy
      purge: true
      deploy_key:
        from_secret: drone_ssh_swarm_test
@ -35,17 +33,24 @@ trigger:
 ---
 kind: pipeline
-name: generate recipe catalogue
+name: recipe release
 steps:
  - name: release a new version
    image: decentral1se/drone-abra:latest
    settings:
      command: recipe mattermost release
      deploy_key:
        from_secret: abra_bot_deploy_key
  - name: trigger downstream builds
    image: plugins/downstream
    settings:
-      server: https://build.coopcloud.tech
+      server: https://drone.autonomic.zone
      token:
-        from_secret: drone_abra-bot_token
+        from_secret: decentral1se_token
      fork: true
      repositories:
-        - toolshed/auto-recipes-catalogue-json
+        - coop-cloud/auto-apps-json
-
+    depends_on:
-trigger:
+      - release a new version
-  event: tag
+on
--- a/.env.sample
+++ b/.env.sample
@ -9,28 +9,20 @@ LETS_ENCRYPT_ENV=production
 # Secret Versions
 SECRET_POSTGRES_PASSWORD_VERSION=v1
 COMPOSE_FILE="compose.yml"
 # Container Settings
 ## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'.
 ## A list of these tz database names can be looked up at Wikipedia
 ## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 TZ=UTC
-ORG_NAME="My Organization"
+## Make Mattermost container readonly. This interferes with the regeneration of root.html inside the container. Only use
 ## it if you know what you're doing.
 ## See https://github.com/mattermost/docker/issues/18
 MATTERMOST_CONTAINER_READONLY=false
 ## Additional configuration settings for Mattermost. Documentation on the variables and the settings itself can be found at
 ## https://docs.mattermost.com/administration/config-settings.html
 ## Keep in mind that variables set here will take precedence over the same setting in config.json. This includes
 ## the system console as well and settings set with env variables will be greyed out.
 ## Email Support
 #COMPOSE_FILE="$COMPOSE_FILE:compose.email.yml"
 #ORG_EMAIL_ADDRESS="youruser@youremail.org"
 #SMTP_USER="youruser"
 #SECRET_SMTP_PASS_VERSION=v1
 #SMTP_HOST=""
 #SMTP_PORT=587
 #SMTP_SECURITY=STARTTLS #TLS or STARTTLS
 ## SSO config
 #COMPOSE_FILE="$COMPOSE_FILE:compose.sso.yml"
 #SSO_DOMAIN=accounts.example.com
 #SSO_APP=mattermost
 #SSO_ID=
 #SECRET_MATTERMOST_SSO_SECRET_VERSION=v1
--- a/README.md
+++ b/README.md
@ -2,14 +2,14 @@
 <!-- metadata -->
-* **Category**: Apps
+* **Category**:
-* **Status**: 3
+* **Status**: 
-* **Image**: [`mattermost/mattermost-team-edition`](https://hub.docker.com/r/mattermost/mattermost-team-edition), 4, upstream
+* **Image**:
-* **Healthcheck**: No
+* **Healthcheck**: N
-* **Backups**: Yes
+* **Backups**: N
-* **Email**: 1
+* **Email**: 
-* **Tests**: 2
+* **Tests**: N
-* **SSO**: No
+* **SSO**: N
 <!-- endmetadata -->
@ -24,61 +24,5 @@
 5. `abra app deploy YOURAPPNAME`
 6. Open the configured domain in your browser to finish set-up
 ## Enable Email
 **WARNING: Following these steps will overwrite the configuration of your Mattermost instance. Probably only run it on a fresh deployment.**
 - `abra app config YOURAPPNAME`
 - Uncomment the section starting with **Email Support**
 - `abra app secret i YOURAPPNAME smtp_pass v1 'yourSMTPpassword'`
 - `abra app undeploy YOURAPPNAME`
 - `abra app deploy YOURAPPNAME`
 - `abra app command -C YOURAPPNAME app reset_config` <- This will overwrite your configuration
 ## Enable SSO with Authentik
 This is how to configure your Mattermost server to accept logins from your Authentik SSO provider.
 ### Configure Authentik
 #### Create a property mapping
 - Log in as administrator of your Authentik instance
 - Go to https://authentik.yourserver.org/if/admin/#/core/property-mappings and choose **Create**
 - Choose Scope Mapping
   - Name: `Mattermost ID`
   - Scope Name: `id`
   - Description: *optional own description*
   - Expression: `return { "id": request.user.id }`
 - Create another Scope Mapping
   - Name: `Mattermost Username`
   - Scope Name: `username`
   - Description: *optional own description*
   - Expression: `return { "username": request.user.username }`
 #### Create Application and Provider
 - Go to https://authentik.yourserver.org/if/admin/#/core/applications and choose **Create With Wizard**
   - Application Name: mattermost
   - **Next**
   - Choose OAuth2/OIDC
   - Set Authorization flow: `default-provider-authorization-implicit-consent (Authorize Application)`
   - Copy the **Client ID** and **Client Secret**, you'll need them later
   - Add Redirect URIs:
      - https://mattermost.yourserver.org/login/gitlab/complete
      - https://mattermost.yourserver.org/signup/gitlab/complete
   - Expand Advanced Protocol Settings
   - Under Scopes, select `Mattermost ID` and `Mattermost Username`, and click the > to add them to **Selected Scopes**
   - **Submit**
 ### Configure Mattermost
 **WARNING: Following these steps will overwrite the configuration of your Mattermost instance. Probably only run it on a fresh deployment.**
 - `abra app configure YOURAPPNAME`
   - Uncomment the section starting with `## SSO config`
   - Set `SSO_ID` to the value you saved when configuring Authentik
 - `abra app secret insert YOURAPPNAME mattermost_sso_secret v1 <the authentik provider secret you saved>`
 - `abra app undeploy YOURAPPNAME`
 - `abra app deploy YOURAPPNAME`
 - `abra app command -C YOURAPPNAME app reset_config` <- This will overwrite your configuration
 ### Disable non-SSO login (Optional)
 - Ensure that your SSO user has the **System Admin** role: https://YOURAPPNAME/admin_console/user_management/users
 - Go to https://YOURAPPNAME/admin_console/authentication/email
 - Set **Enable sign-in with email** and **Enable sign-in with username** to `false`
 [`abra`]: https://git.coopcloud.tech/coop-cloud/abra
 [`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik
--- a/abra-mattermost-entrypoint.sh
+++ b/abra-mattermost-entrypoint.sh
@ -15,11 +15,5 @@ else
    exit 1
 fi
 # If the default Mattermost config hasn't already been replaced
 # by the templated config this recipe generates, replace it
 if ! test -f "/mattermost/config/CoopCloudManaged"; then
    cp /config-to-copy.json /mattermost/config/config.json && touch /mattermost/config/CoopCloudManaged
 fi
 # https://github.com/mattermost/mattermost-server/blob/master/build/Dockerfile
 /entrypoint.sh "mattermost"
--- a/abra.sh
+++ b/abra.sh
@ -1,7 +0,0 @@
 export ENTRYPOINT_VERSION=v1
 export MATTERMOST_CONFIG_VERSION=v1
 reset_config() {
    cp /config-to-copy.json /mattermost/config/config.json && touch /mattermost/config/CoopCloudManaged
    mmctl config reload --local
 }
--- a/compose.email.yml
+++ b/compose.email.yml
@ -1,20 +0,0 @@
 version: "3.8"
 services:
  app:
    configs:
      - source: mattermost_config
        target: /config-to-copy.json
    secrets:
      - smtp_pass
 secrets:
  smtp_pass:
    external: true
    name: ${STACK_NAME}_smtp_pass_${SECRET_SMTP_PASS_VERSION}
 configs:
  mattermost_config:
    name: ${STACK_NAME}_mattermost_config_${MATTERMOST_CONFIG_VERSION}
    file: ./config.json.tmpl
    template_driver: golang
--- a/compose.sso.yml
+++ b/compose.sso.yml
@ -1,20 +0,0 @@
 version: "3.8"
 services:
  app:
    configs:
      - source: mattermost_config
        target: /config-to-copy.json
    secrets:
      - mattermost_sso_secret
 secrets:
  mattermost_sso_secret:
    external: true
    name: ${STACK_NAME}_mattermost_sso_secret_${SECRET_MATTERMOST_SSO_SECRET_VERSION}
 configs:
  mattermost_config:
    name: ${STACK_NAME}_mattermost_config_${MATTERMOST_CONFIG_VERSION}
    file: ./config.json.tmpl
    template_driver: golang
--- a/compose.yml
+++ b/compose.yml
@ -1,19 +1,50 @@
 version: "3.8"
 services:
-  app:
+  postgres:
-    image: mattermost/mattermost-team-edition:10.5.0
+    image: postgres:13-alpine
    security_opt:
      - no-new-privileges:true
    tmpfs:
      - /tmp
      - /var/run/postgresql
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      # timezone inside container
      - TZ
-      - MM_SQLSETTINGS_DRIVERNAME=postgres
+
-      - MM_SERVICESETTINGS_SITEURL=https://${DOMAIN}
+      # necessary Postgres options/variables
      - POSTGRES_USER=mattermost
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
      - POSTGRES_DB=mattermost
    secrets:
      - postgres_password
    networks:
      - internal
  app:
    image: mattermost/mattermost-team-edition:5.39
    security_opt:
      - no-new-privileges:true
    read_only: ${MATTERMOST_CONTAINER_READONLY}
    tmpfs:
      - /tmp
    volumes:
      - mattermost_config:/mattermost/config:rw
      - mattermost_data:/mattermost/data:rw
      - mattermost_logs:/mattermost/logs:rw
      - mattermost_plugins:/mattermost/plugins:rw
      - mattermost_client_plugins:/mattermost/client/plugins:rw
-      - mattermost_certs:/etc/ssl/certs:ro
+    environment:
      # timezone inside container
      - TZ
      # necessary Mattermost options/variables (see env.sample)
      - MM_SQLSETTINGS_DRIVERNAME=postgres
      # additional settings
      - MM_SERVICESETTINGS_SITEURL=https://${DOMAIN}
    networks:
      - proxy
      - internal
@ -28,10 +59,6 @@ services:
        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
        - "coop-cloud.${STACK_NAME}.version=1.5.3+9.11.8"
        - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
        - "backupbot.backup=true"
        - "backupbot.backup.path=/mattermost,/etc/ssl"
    configs:
      - source: abra_mattermost_entrypoint
        target: /abra-mattermost-entrypoint.sh
@ -40,26 +67,6 @@ services:
      - postgres_password
    entrypoint: /abra-mattermost-entrypoint.sh
  postgres:
    image: postgres:15-alpine
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      - TZ
      - POSTGRES_USER=mattermost
      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
      - POSTGRES_DB=mattermost
    secrets:
      - postgres_password
    networks:
      - internal
    deploy:
      labels:
        backupbot.backup: "true"
        backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/postgres-backup.sql"
        backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql"
        backupbot.backup.path: "/var/lib/postgresql/data/"
 secrets:
  postgres_password:
    external: true
@ -67,9 +74,8 @@ secrets:
 configs:
  abra_mattermost_entrypoint:
-    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
+    name: abra_mattermost_entrypoint
-    file: ./entrypoint.sh
+    file: ./abra-mattermost-entrypoint.sh
 networks:
  proxy:
@ -79,8 +85,8 @@ networks:
 volumes:
  postgres_data:
  mattermost_config:
  mattermost_certs:
  mattermost_data:
  mattermost_logs:
  mattermost_plugins:
  mattermost_client_plugins:
--- a/config.json.tmpl
+++ b/config.json.tmpl
@ -1,686 +0,0 @@
 {
    "ServiceSettings": {
        "SiteURL": "",
        "WebsocketURL": "",
        "LicenseFileLocation": "",
        "ListenAddress": ":8065",
        "ConnectionSecurity": "",
        "TLSCertFile": "",
        "TLSKeyFile": "",
        "TLSMinVer": "1.2",
        "TLSStrictTransport": false,
        "TLSStrictTransportMaxAge": 63072000,
        "TLSOverwriteCiphers": [],
        "UseLetsEncrypt": false,
        "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
        "Forward80To443": false,
        "TrustedProxyIPHeader": [],
        "ReadTimeout": 300,
        "WriteTimeout": 300,
        "IdleTimeout": 60,
        "MaximumLoginAttempts": 10,
        "GoroutineHealthThreshold": -1,
        "EnableOAuthServiceProvider": true,
        "EnableIncomingWebhooks": true,
        "EnableOutgoingWebhooks": true,
        "EnableOutgoingOAuthConnections": false,
        "EnableCommands": true,
        "OutgoingIntegrationRequestsTimeout": 30,
        "EnablePostUsernameOverride": false,
        "EnablePostIconOverride": false,
        "GoogleDeveloperKey": "",
        "EnableLinkPreviews": true,
        "EnablePermalinkPreviews": true,
        "RestrictLinkPreviews": "",
        "EnableTesting": false,
        "EnableDeveloper": false,
        "DeveloperFlags": "",
        "EnableClientPerformanceDebugging": false,
        "EnableOpenTracing": false,
        "EnableSecurityFixAlert": true,
        "EnableInsecureOutgoingConnections": false,
        "AllowedUntrustedInternalConnections": "",
        "EnableMultifactorAuthentication": false,
        "EnforceMultifactorAuthentication": false,
        "EnableUserAccessTokens": false,
        "AllowCorsFrom": "",
        "CorsExposedHeaders": "",
        "CorsAllowCredentials": false,
        "CorsDebug": false,
        "AllowCookiesForSubdomains": false,
        "ExtendSessionLengthWithActivity": true,
        "TerminateSessionsOnPasswordChange": true,
        "SessionLengthWebInDays": 30,
        "SessionLengthWebInHours": 720,
        "SessionLengthMobileInDays": 30,
        "SessionLengthMobileInHours": 720,
        "SessionLengthSSOInDays": 30,
        "SessionLengthSSOInHours": 720,
        "SessionCacheInMinutes": 10,
        "SessionIdleTimeoutInMinutes": 43200,
        "WebsocketSecurePort": 443,
        "WebsocketPort": 80,
        "WebserverMode": "gzip",
        "EnableGifPicker": true,
        "GiphySdkKey": "",
        "EnableCustomEmoji": true,
        "EnableEmojiPicker": true,
        "PostEditTimeLimit": -1,
        "TimeBetweenUserTypingUpdatesMilliseconds": 5000,
        "EnablePostSearch": true,
        "EnableFileSearch": true,
        "MinimumHashtagLength": 3,
        "EnableUserTypingMessages": true,
        "EnableChannelViewedMessages": true,
        "EnableUserStatuses": true,
        "ExperimentalEnableAuthenticationTransfer": true,
        "ClusterLogTimeoutMilliseconds": 2000,
        "EnableTutorial": true,
        "EnableOnboardingFlow": true,
        "ExperimentalEnableDefaultChannelLeaveJoinMessages": true,
        "ExperimentalGroupUnreadChannels": "disabled",
        "EnableAPITeamDeletion": false,
        "EnableAPITriggerAdminNotifications": false,
        "EnableAPIUserDeletion": false,
        "EnableAPIPostDeletion": false,
        "EnableDesktopLandingPage": true,
        "ExperimentalEnableHardenedMode": false,
        "ExperimentalStrictCSRFEnforcement": false,
        "EnableEmailInvitations": false,
        "DisableBotsWhenOwnerIsDeactivated": true,
        "EnableBotAccountCreation": false,
        "EnableSVGs": false,
        "EnableLatex": false,
        "EnableInlineLatex": true,
        "PostPriority": true,
        "AllowPersistentNotifications": true,
        "AllowPersistentNotificationsForGuests": false,
        "PersistentNotificationIntervalMinutes": 5,
        "PersistentNotificationMaxCount": 6,
        "PersistentNotificationMaxRecipients": 5,
        "EnableAPIChannelDeletion": false,
        "EnableLocalMode": true,
        "LocalModeSocketLocation": "/var/tmp/mattermost_local.socket",
        "EnableAWSMetering": false,
        "SplitKey": "",
        "FeatureFlagSyncIntervalSeconds": 30,
        "DebugSplit": false,
        "ThreadAutoFollow": true,
        "CollapsedThreads": "always_on",
        "ManagedResourcePaths": "",
        "EnableCustomGroups": true,
        "AllowSyncedDrafts": true,
        "UniqueEmojiReactionLimitPerPost": 50,
        "RefreshPostStatsRunTime": "00:00",
        "MaximumPayloadSizeBytes": 300000,
        "MaximumURLLength": 2048,
        "ScheduledPosts": true
    },
    "TeamSettings": {
        "SiteName": "Mattermost",
        "MaxUsersPerTeam": 50,
        "EnableJoinLeaveMessageByDefault": true,
        "EnableUserCreation": true,
        "EnableOpenServer": false,
        "EnableUserDeactivation": false,
        "RestrictCreationToDomains": "",
        "EnableCustomUserStatuses": true,
        "EnableCustomBrand": false,
        "CustomBrandText": "",
        "CustomDescriptionText": "",
        "RestrictDirectMessage": "any",
        "EnableLastActiveTime": true,
        "UserStatusAwayTimeout": 300,
        "MaxChannelsPerTeam": 2000,
        "MaxNotificationsPerChannel": 1000,
        "EnableConfirmNotificationsToChannel": true,
        "TeammateNameDisplay": "username",
        "ExperimentalViewArchivedChannels": true,
        "ExperimentalEnableAutomaticReplies": false,
        "LockTeammateNameDisplay": false,
        "ExperimentalPrimaryTeam": "",
        "ExperimentalDefaultChannels": []
    },
    "ClientRequirements": {
        "AndroidLatestVersion": "",
        "AndroidMinVersion": "",
        "IosLatestVersion": "",
        "IosMinVersion": ""
    },
    "SqlSettings": {
        "DriverName": "postgres",
        "DataSource": "postgres://mmuser:mostest@localhost/mattermost_test?sslmode=disable\u0026connect_timeout=10\u0026binary_parameters=yes",
        "DataSourceReplicas": [],
        "DataSourceSearchReplicas": [],
        "MaxIdleConns": 20,
        "ConnMaxLifetimeMilliseconds": 3600000,
        "ConnMaxIdleTimeMilliseconds": 300000,
        "MaxOpenConns": 300,
        "Trace": false,
        "AtRestEncryptKey": "etcbtej9ar4b5ickh9kqmmmbwkgnd9ds",
        "QueryTimeout": 30,
        "DisableDatabaseSearch": false,
        "MigrationsStatementTimeoutSeconds": 100000,
        "ReplicaLagSettings": [],
        "ReplicaMonitorIntervalSeconds": 5
    },
    "LogSettings": {
        "EnableConsole": true,
        "ConsoleLevel": "INFO",
        "ConsoleJson": true,
        "EnableColor": false,
        "EnableFile": true,
        "FileLevel": "INFO",
        "FileJson": true,
        "FileLocation": "",
        "EnableWebhookDebugging": true,
        "EnableDiagnostics": true,
        "VerboseDiagnostics": false,
        "EnableSentry": true,
        "AdvancedLoggingJSON": {},
        "MaxFieldSize": 2048
    },
    "ExperimentalAuditSettings": {
        "FileEnabled": false,
        "FileName": "",
        "FileMaxSizeMB": 100,
        "FileMaxAgeDays": 0,
        "FileMaxBackups": 0,
        "FileCompress": false,
        "FileMaxQueueSize": 1000,
        "AdvancedLoggingJSON": {}
    },
    "NotificationLogSettings": {
        "EnableConsole": true,
        "ConsoleLevel": "INFO",
        "ConsoleJson": true,
        "EnableColor": false,
        "EnableFile": true,
        "FileLevel": "INFO",
        "FileJson": true,
        "FileLocation": "",
        "AdvancedLoggingJSON": {}
    },
    "PasswordSettings": {
        "MinimumLength": 8,
        "Lowercase": false,
        "Number": false,
        "Uppercase": false,
        "Symbol": false,
        "EnableForgotLink": true
    },
    "FileSettings": {
        "EnableFileAttachments": true,
        "EnableMobileUpload": true,
        "EnableMobileDownload": true,
        "MaxFileSize": 104857600,
        "MaxImageResolution": 33177600,
        "MaxImageDecoderConcurrency": -1,
        "DriverName": "local",
        "Directory": "./data/",
        "EnablePublicLink": false,
        "ExtractContent": true,
        "ArchiveRecursion": false,
        "PublicLinkSalt": "br5pxoytkqgpwptybafe56dhfi7du38m",
        "InitialFont": "nunito-bold.ttf",
        "AmazonS3AccessKeyId": "",
        "AmazonS3SecretAccessKey": "",
        "AmazonS3Bucket": "",
        "AmazonS3PathPrefix": "",
        "AmazonS3Region": "",
        "AmazonS3Endpoint": "s3.amazonaws.com",
        "AmazonS3SSL": true,
        "AmazonS3SignV2": false,
        "AmazonS3SSE": false,
        "AmazonS3Trace": false,
        "AmazonS3RequestTimeoutMilliseconds": 30000,
        "AmazonS3UploadPartSizeBytes": 5242880,
        "AmazonS3StorageClass": "",
        "DedicatedExportStore": false,
        "ExportDriverName": "local",
        "ExportDirectory": "./data/",
        "ExportAmazonS3AccessKeyId": "",
        "ExportAmazonS3SecretAccessKey": "",
        "ExportAmazonS3Bucket": "",
        "ExportAmazonS3PathPrefix": "",
        "ExportAmazonS3Region": "",
        "ExportAmazonS3Endpoint": "s3.amazonaws.com",
        "ExportAmazonS3SSL": true,
        "ExportAmazonS3SignV2": false,
        "ExportAmazonS3SSE": false,
        "ExportAmazonS3Trace": false,
        "ExportAmazonS3RequestTimeoutMilliseconds": 30000,
        "ExportAmazonS3PresignExpiresSeconds": 21600,
        "ExportAmazonS3UploadPartSizeBytes": 104857600,
        "ExportAmazonS3StorageClass": ""
    },
    "EmailSettings": {
        "EnableSignUpWithEmail": true,
        "EnableSignInWithEmail": true,
        "EnableSignInWithUsername": true,
        "SendEmailNotifications": true,
        "UseChannelInEmailNotifications": false,
        "RequireEmailVerification": false,
        "FeedbackName": "{{ env "ORG_NAME" }}",
        "FeedbackEmail": "{{ env "ORG_EMAIL_ADDRESS" }}",
        "ReplyToAddress": "{{ env "ORG_EMAIL_ADDRESS" }}",
        "FeedbackOrganization": "",
        "EnableSMTPAuth": true,
        "SMTPUsername": "{{ env "SMTP_USER" }}",
        "SMTPPassword": "{{ secret "smtp_pass" }}",
        "SMTPServer": "{{ env "SMTP_HOST" }}",
        "SMTPPort": "{{ env "SMTP_PORT" }}",
        "SMTPServerTimeout": 10,
        "ConnectionSecurity": "{{ env "SMTP_SECURITY" }}",
        "SendPushNotifications": true,
        "PushNotificationServer": "https://push-test.mattermost.com",
        "PushNotificationContents": "full",
        "PushNotificationBuffer": 1000,
        "EnableEmailBatching": false,
        "EmailBatchingBufferSize": 256,
        "EmailBatchingInterval": 30,
        "EnablePreviewModeBanner": false,
        "SkipServerCertificateVerification": false,
        "EmailNotificationContentsType": "full",
        "LoginButtonColor": "#0000",
        "LoginButtonBorderColor": "#2389D7",
        "LoginButtonTextColor": "#2389D7"
    },
    "RateLimitSettings": {
        "Enable": false,
        "PerSec": 10,
        "MaxBurst": 100,
        "MemoryStoreSize": 10000,
        "VaryByRemoteAddr": true,
        "VaryByUser": false,
        "VaryByHeader": ""
    },
    "PrivacySettings": {
        "ShowEmailAddress": true,
        "ShowFullName": true
    },
    "SupportSettings": {
        "TermsOfServiceLink": "https://mattermost.com/pl/terms-of-use/",
        "PrivacyPolicyLink": "https://mattermost.com/pl/privacy-policy/",
        "AboutLink": "https://mattermost.com/pl/about-mattermost",
        "HelpLink": "https://mattermost.com/pl/help/",
        "ReportAProblemLink": "https://mattermost.com/pl/report-a-bug",
        "ForgotPasswordLink": "",
        "SupportEmail": "{{ env "ORG_EMAIL_ADDRESS" }}",
        "CustomTermsOfServiceEnabled": false,
        "CustomTermsOfServiceReAcceptancePeriod": 365,
        "EnableAskCommunityLink": true
    },
    "AnnouncementSettings": {
        "EnableBanner": false,
        "BannerText": "",
        "BannerColor": "#f2a93b",
        "BannerTextColor": "#333333",
        "AllowBannerDismissal": true,
        "AdminNoticesEnabled": true,
        "UserNoticesEnabled": true,
        "NoticesURL": "https://notices.mattermost.com/",
        "NoticesFetchFrequency": 3600,
        "NoticesSkipCache": false
    },
    "ThemeSettings": {
        "EnableThemeSelection": true,
        "DefaultTheme": "default",
        "AllowCustomThemes": true,
        "AllowedThemes": []
    },
    "GitLabSettings": {
        "Enable": true,
        "Secret": "{{ secret "mattermost_sso_secret" }}",
        "Id": "{{ env "SSO_ID" }}",
        "Scope": "",
        "AuthEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/authorize/",
        "TokenEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/token/",
        "UserAPIEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/userinfo/",
        "DiscoveryEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/{{ env "SSO_APP" }}/.well-known/openid-configuration",
        "ButtonText": "{{ env "ORG_NAME" }}",
        "ButtonColor": "#ff0000"
    },
    "GoogleSettings": {
        "Enable": false,
        "Secret": "",
        "Id": "",
        "Scope": "profile email",
        "AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
        "TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token",
        "UserAPIEndpoint": "https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata",
        "DiscoveryEndpoint": "",
        "ButtonText": "",
        "ButtonColor": ""
    },
    "Office365Settings": {
        "Enable": false,
        "Secret": "",
        "Id": "",
        "Scope": "User.Read",
        "AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
        "TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token",
        "UserAPIEndpoint": "https://graph.microsoft.com/v1.0/me",
        "DiscoveryEndpoint": "",
        "DirectoryId": ""
    },
    "OpenIdSettings": {
        "Enable": false,
        "Secret": "",
        "Id": "",
        "Scope": "profile openid email",
        "AuthEndpoint": "",
        "TokenEndpoint": "",
        "UserAPIEndpoint": "",
        "DiscoveryEndpoint": "",
        "ButtonText": "",
        "ButtonColor": "#145DBF"
    },
    "LdapSettings": {
        "Enable": false,
        "EnableSync": false,
        "LdapServer": "",
        "LdapPort": 389,
        "ConnectionSecurity": "",
        "BaseDN": "",
        "BindUsername": "",
        "BindPassword": "",
        "UserFilter": "",
        "GroupFilter": "",
        "GuestFilter": "",
        "EnableAdminFilter": false,
        "AdminFilter": "",
        "GroupDisplayNameAttribute": "",
        "GroupIdAttribute": "",
        "FirstNameAttribute": "",
        "LastNameAttribute": "",
        "EmailAttribute": "",
        "UsernameAttribute": "",
        "NicknameAttribute": "",
        "IdAttribute": "",
        "PositionAttribute": "",
        "LoginIdAttribute": "",
        "PictureAttribute": "",
        "SyncIntervalMinutes": 60,
        "SkipCertificateVerification": false,
        "PublicCertificateFile": "",
        "PrivateKeyFile": "",
        "QueryTimeout": 60,
        "MaxPageSize": 0,
        "LoginFieldName": "",
        "LoginButtonColor": "#0000",
        "LoginButtonBorderColor": "#2389D7",
        "LoginButtonTextColor": "#2389D7"
    },
    "ComplianceSettings": {
        "Enable": false,
        "Directory": "./data/",
        "EnableDaily": false,
        "BatchSize": 30000
    },
    "LocalizationSettings": {
        "DefaultServerLocale": "en",
        "DefaultClientLocale": "en",
        "AvailableLocales": "",
        "EnableExperimentalLocales": false
    },
    "SamlSettings": {
        "Enable": false,
        "EnableSyncWithLdap": false,
        "EnableSyncWithLdapIncludeAuth": false,
        "IgnoreGuestsLdapSync": false,
        "Verify": true,
        "Encrypt": true,
        "SignRequest": false,
        "IdpURL": "",
        "IdpDescriptorURL": "",
        "IdpMetadataURL": "",
        "ServiceProviderIdentifier": "",
        "AssertionConsumerServiceURL": "",
        "SignatureAlgorithm": "RSAwithSHA1",
        "CanonicalAlgorithm": "Canonical1.0",
        "ScopingIDPProviderId": "",
        "ScopingIDPName": "",
        "IdpCertificateFile": "",
        "PublicCertificateFile": "",
        "PrivateKeyFile": "",
        "IdAttribute": "",
        "GuestAttribute": "",
        "EnableAdminAttribute": false,
        "AdminAttribute": "",
        "FirstNameAttribute": "",
        "LastNameAttribute": "",
        "EmailAttribute": "",
        "UsernameAttribute": "",
        "NicknameAttribute": "",
        "LocaleAttribute": "",
        "PositionAttribute": "",
        "LoginButtonText": "SAML",
        "LoginButtonColor": "#34a28b",
        "LoginButtonBorderColor": "#2389D7",
        "LoginButtonTextColor": "#ffffff"
    },
    "NativeAppSettings": {
        "AppCustomURLSchemes": [
            "mmauth://",
            "mmauthbeta://"
        ],
        "AppDownloadLink": "https://mattermost.com/pl/download-apps",
        "AndroidAppDownloadLink": "https://mattermost.com/pl/android-app/",
        "IosAppDownloadLink": "https://mattermost.com/pl/ios-app/",
        "MobileExternalBrowser": false
    },
    "CacheSettings": {
        "CacheType": "lru",
        "RedisAddress": "",
        "RedisPassword": "********************************",
        "RedisDB": -1,
        "DisableClientCache": false
    },
    "ClusterSettings": {
        "Enable": false,
        "ClusterName": "",
        "OverrideHostname": "",
        "NetworkInterface": "",
        "BindAddress": "",
        "AdvertiseAddress": "",
        "UseIPAddress": true,
        "EnableGossipCompression": true,
        "EnableExperimentalGossipEncryption": false,
        "ReadOnlyConfig": true,
        "GossipPort": 8074
    },
    "MetricsSettings": {
        "Enable": false,
        "BlockProfileRate": 0,
        "ListenAddress": ":8067",
        "EnableClientMetrics": true,
        "EnableNotificationMetrics": true
    },
    "ExperimentalSettings": {
        "ClientSideCertEnable": false,
        "ClientSideCertCheck": "secondary",
        "LinkMetadataTimeoutMilliseconds": 5000,
        "RestrictSystemAdmin": false,
        "EnableSharedChannels": false,
        "EnableRemoteClusterService": false,
        "DisableAppBar": false,
        "DisableRefetchingOnBrowserFocus": false,
        "DelayChannelAutocomplete": false,
        "DisableWakeUpReconnectHandler": false,
        "UsersStatusAndProfileFetchingPollIntervalMilliseconds": 3000,
        "YoutubeReferrerPolicy": false
    },
    "AnalyticsSettings": {
        "MaxUsersForStatistics": 2500
    },
    "ElasticsearchSettings": {
        "ConnectionURL": "http://localhost:9200",
        "Backend": "elasticsearch",
        "Username": "elastic",
        "Password": "changeme",
        "EnableIndexing": false,
        "EnableSearching": false,
        "EnableAutocomplete": false,
        "Sniff": true,
        "PostIndexReplicas": 1,
        "PostIndexShards": 1,
        "ChannelIndexReplicas": 1,
        "ChannelIndexShards": 1,
        "UserIndexReplicas": 1,
        "UserIndexShards": 1,
        "AggregatePostsAfterDays": 365,
        "PostsAggregatorJobStartTime": "03:00",
        "IndexPrefix": "",
        "LiveIndexingBatchSize": 1,
        "BatchSize": 10000,
        "RequestTimeoutSeconds": 30,
        "SkipTLSVerification": false,
        "CA": "",
        "ClientCert": "",
        "ClientKey": "",
        "Trace": "",
        "IgnoredPurgeIndexes": ""
    },
    "BleveSettings": {
        "IndexDir": "",
        "EnableIndexing": false,
        "EnableSearching": false,
        "EnableAutocomplete": false,
        "BatchSize": 10000
    },
    "DataRetentionSettings": {
        "EnableMessageDeletion": false,
        "EnableFileDeletion": false,
        "EnableBoardsDeletion": false,
        "MessageRetentionDays": 365,
        "MessageRetentionHours": 0,
        "FileRetentionDays": 365,
        "FileRetentionHours": 0,
        "BoardsRetentionDays": 365,
        "DeletionJobStartTime": "02:00",
        "BatchSize": 3000,
        "TimeBetweenBatchesMilliseconds": 100,
        "RetentionIdsBatchSize": 100
    },
    "MessageExportSettings": {
        "EnableExport": false,
        "ExportFormat": "actiance",
        "DailyRunTime": "01:00",
        "ExportFromTimestamp": 0,
        "BatchSize": 10000,
        "DownloadExportResults": false,
        "ChannelBatchSize": 100,
        "ChannelHistoryBatchSize": 10,
        "GlobalRelaySettings": {
            "CustomerType": "A9",
            "SMTPUsername": "",
            "SMTPPassword": "",
            "EmailAddress": "",
            "SMTPServerTimeout": 1800,
            "CustomSMTPServerName": "",
            "CustomSMTPPort": "25"
        }
    },
    "JobSettings": {
        "RunJobs": true,
        "RunScheduler": true,
        "CleanupJobsThresholdDays": -1,
        "CleanupConfigThresholdDays": -1
    },
    "PluginSettings": {
        "Enable": true,
        "EnableUploads": false,
        "AllowInsecureDownloadURL": false,
        "EnableHealthCheck": true,
        "Directory": "./plugins",
        "ClientDirectory": "./client/plugins",
        "Plugins": {
            "mattermost-ai": {
                "config": {
                    "allowPrivateChannels": false,
                    "allowedTeamIDs": "",
                    "bots": null,
                    "defaultBotName": "",
                    "enableLLMTrace": false,
                    "enableUserRestrictions": false,
                    "onlyUsersOnTeam": "",
                    "services": null,
                    "transcriptBackend": ""
                }
            },
            "playbooks": {
                "BotUserID": "d1a1xx1r7jyt8ca8mg1iqpgd3h"
            }
        },
        "PluginStates": {
            "com.mattermost.calls": {
                "Enable": true
            },
            "com.mattermost.nps": {
                "Enable": true
            },
            "mattermost-ai": {
                "Enable": true
            },
            "playbooks": {
                "Enable": true
            }
        },
        "EnableMarketplace": true,
        "EnableRemoteMarketplace": true,
        "AutomaticPrepackagedPlugins": true,
        "RequirePluginSignature": false,
        "MarketplaceURL": "https://api.integrations.mattermost.com",
        "SignaturePublicKeyFiles": [],
        "ChimeraOAuthProxyURL": ""
    },
    "DisplaySettings": {
        "CustomURLSchemes": [],
        "MaxMarkdownNodes": 0
    },
    "GuestAccountsSettings": {
        "Enable": false,
        "HideTags": false,
        "AllowEmailAccounts": true,
        "EnforceMultifactorAuthentication": false,
        "RestrictCreationToDomains": ""
    },
    "ImageProxySettings": {
        "Enable": false,
        "ImageProxyType": "local",
        "RemoteImageProxyURL": "",
        "RemoteImageProxyOptions": ""
    },
    "CloudSettings": {
        "CWSURL": "https://customers.mattermost.com",
        "CWSAPIURL": "https://api.internal.test.cloud.mattermost.com",
        "CWSMock": false,
        "Disable": false
    },
    "ImportSettings": {
        "Directory": "./import",
        "RetentionDays": 30
    },
    "ExportSettings": {
        "Directory": "./export",
        "RetentionDays": 30
    },
    "WranglerSettings": {
        "PermittedWranglerRoles": [],
        "AllowedEmailDomain": [],
        "MoveThreadMaxCount": 100,
        "MoveThreadToAnotherTeamEnable": false,
        "MoveThreadFromPrivateChannelEnable": false,
        "MoveThreadFromDirectMessageChannelEnable": false,
        "MoveThreadFromGroupMessageChannelEnable": false
    },
    "ConnectedWorkspacesSettings": {
        "EnableSharedChannels": false,
        "EnableRemoteClusterService": false,
        "DisableSharedChannelsStatusSync": false,
        "MaxPostsPerSync": 50
    },
    "CoopCloudManaged": {        
    }
 }
--- a/gitlab_config_patch.json.tmpl
+++ b/gitlab_config_patch.json.tmpl
@ -1,12 +0,0 @@
 {
  "Enable": true,
  "Secret": "${MATTERMOST_SSO_SECRET}",
  "Id": "${SSO_ID}",
  "Scope": "",
  "AuthEndpoint": "https://${SSO_DOMAIN}/application/o/authorize/",
  "TokenEndpoint": "https://${SSO_DOMAIN}/application/o/token/",
  "UserAPIEndpoint": "https://${SSO_DOMAIN}/application/o/userinfo/",
  "DiscoveryEndpoint": "https://${SSO_DOMAIN}/application/o/${SSO_APP}/.well-known/openid-configuration",
  "ButtonText": "${ORG_NAME}",
  "ButtonColor": "#ff0000"
 }
--- a/release/0.1.0+7.0.txt
+++ b/release/0.1.0+7.0.txt
@ -1,6 +0,0 @@
 This should be a fairly stable update. The only strange behaviour we've noticed so far has been:
 - When clicking on 'Channels' to change to 'Boards' or 'Playbooks', your window may flicker and just reload 'Channels'. Click 'Boards' or 'Playbooks' again and it should behave as expected.
 - When clicking on private messages, you may get an error telling you that you don't have permission to view these.
 To fix both of these errors, logout of your server in your Mattermost client, delete the server (if you are using an app), and then re-add it. We haven't noticed any issues after doing this.
--- a/release/1.4.1+9.5.11
+++ b/release/1.4.1+9.5.11
@ -1 +0,0 @@
 hotfix: rollback to last functional version
--- a/release/2.0.0+10.5.0
+++ b/release/2.0.0+10.5.0
@ -1 +0,0 @@
 Note that the first time you enable the email or sso configurations it will reset your existing Mattermost configuration.
		`@ -1 +0,0 @@`
			`Note that the first time you enable the email or sso configurations it will reset your existing Mattermost configuration.`