diff --git a/.env.sample b/.env.sample index 1a692c2..7beb531 100644 --- a/.env.sample +++ b/.env.sample @@ -9,8 +9,28 @@ LETS_ENCRYPT_ENV=production # Secret Versions SECRET_POSTGRES_PASSWORD_VERSION=v1 +COMPOSE_FILE="compose.yml" + # Container Settings ## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'. ## A list of these tz database names can be looked up at Wikipedia ## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones TZ=UTC + +ORG_NAME="My Organization" + +## Email Support +#COMPOSE_FILE="$COMPOSE_FILE:compose.email.yml" +#ORG_EMAIL_ADDRESS="youruser@youremail.org" +#SMTP_USER="youruser" +#SECRET_SMTP_PASS_VERSION=v1 +#SMTP_HOST="" +#SMTP_PORT=587 +#SMTP_SECURITY=STARTTLS #TLS or STARTTLS + +## SSO config +#COMPOSE_FILE="$COMPOSE_FILE:compose.sso.yml" +#SSO_DOMAIN=accounts.example.com +#SSO_APP=mattermost +#SSO_ID= +#SECRET_MATTERMOST_SSO_SECRET_VERSION=v1 \ No newline at end of file diff --git a/README.md b/README.md index 3acc87c..c446982 100644 --- a/README.md +++ b/README.md @@ -24,5 +24,61 @@ 5. `abra app deploy YOURAPPNAME` 6. Open the configured domain in your browser to finish set-up +## Enable Email +**WARNING: Following these steps will overwrite the configuration of your Mattermost instance. Probably only run it on a fresh deployment.** +- `abra app config YOURAPPNAME` +- Uncomment the section starting with **Email Support** +- `abra app secret i YOURAPPNAME smtp_pass v1 'yourSMTPpassword'` +- `abra app undeploy YOURAPPNAME` +- `abra app deploy YOURAPPNAME` +- `abra app command -C YOURAPPNAME app reset_config` <- This will overwrite your configuration + +## Enable SSO with Authentik +This is how to configure your Mattermost server to accept logins from your Authentik SSO provider. + +### Configure Authentik +#### Create a property mapping +- Log in as administrator of your Authentik instance +- Go to https://authentik.yourserver.org/if/admin/#/core/property-mappings and choose **Create** +- Choose Scope Mapping + - Name: `Mattermost ID` + - Scope Name: `id` + - Description: *optional own description* + - Expression: `return { "id": request.user.id }` +- Create another Scope Mapping + - Name: `Mattermost Username` + - Scope Name: `username` + - Description: *optional own description* + - Expression: `return { "username": request.user.username }` +#### Create Application and Provider +- Go to https://authentik.yourserver.org/if/admin/#/core/applications and choose **Create With Wizard** + - Application Name: mattermost + - **Next** + - Choose OAuth2/OIDC + - Set Authorization flow: `default-provider-authorization-implicit-consent (Authorize Application)` + - Copy the **Client ID** and **Client Secret**, you'll need them later + - Add Redirect URIs: + - https://mattermost.yourserver.org/login/gitlab/complete + - https://mattermost.yourserver.org/signup/gitlab/complete + - Expand Advanced Protocol Settings + - Under Scopes, select `Mattermost ID` and `Mattermost Username`, and click the > to add them to **Selected Scopes** + - **Submit** + +### Configure Mattermost +**WARNING: Following these steps will overwrite the configuration of your Mattermost instance. Probably only run it on a fresh deployment.** +- `abra app configure YOURAPPNAME` + - Uncomment the section starting with `## SSO config` + - Set `SSO_ID` to the value you saved when configuring Authentik +- `abra app secret insert YOURAPPNAME mattermost_sso_secret v1 ` +- `abra app undeploy YOURAPPNAME` +- `abra app deploy YOURAPPNAME` +- `abra app command -C YOURAPPNAME app reset_config` <- This will overwrite your configuration + +### Disable non-SSO login (Optional) +- Ensure that your SSO user has the **System Admin** role: https://YOURAPPNAME/admin_console/user_management/users +- Go to https://YOURAPPNAME/admin_console/authentication/email +- Set **Enable sign-in with email** and **Enable sign-in with username** to `false` + + [`abra`]: https://git.coopcloud.tech/coop-cloud/abra [`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik diff --git a/abra.sh b/abra.sh index e6c130b..12aa1c6 100644 --- a/abra.sh +++ b/abra.sh @@ -1 +1,7 @@ export ENTRYPOINT_VERSION=v1 +export MATTERMOST_CONFIG_VERSION=v1 + +reset_config() { + cp /config-to-copy.json /mattermost/config/config.json && touch /mattermost/config/CoopCloudManaged + mmctl config reload --local +} \ No newline at end of file diff --git a/compose.email.yml b/compose.email.yml new file mode 100644 index 0000000..145099f --- /dev/null +++ b/compose.email.yml @@ -0,0 +1,20 @@ +version: "3.8" + +services: + app: + configs: + - source: mattermost_config + target: /config-to-copy.json + secrets: + - smtp_pass + +secrets: + smtp_pass: + external: true + name: ${STACK_NAME}_smtp_pass_${SECRET_SMTP_PASS_VERSION} + +configs: + mattermost_config: + name: ${STACK_NAME}_mattermost_config_${MATTERMOST_CONFIG_VERSION} + file: ./config.json.tmpl + template_driver: golang \ No newline at end of file diff --git a/compose.sso.yml b/compose.sso.yml new file mode 100644 index 0000000..be47042 --- /dev/null +++ b/compose.sso.yml @@ -0,0 +1,20 @@ +version: "3.8" + +services: + app: + configs: + - source: mattermost_config + target: /config-to-copy.json + secrets: + - mattermost_sso_secret + +secrets: + mattermost_sso_secret: + external: true + name: ${STACK_NAME}_mattermost_sso_secret_${SECRET_MATTERMOST_SSO_SECRET_VERSION} + +configs: + mattermost_config: + name: ${STACK_NAME}_mattermost_config_${MATTERMOST_CONFIG_VERSION} + file: ./config.json.tmpl + template_driver: golang \ No newline at end of file diff --git a/compose.yml b/compose.yml index 9175eab..98cca64 100644 --- a/compose.yml +++ b/compose.yml @@ -2,7 +2,7 @@ version: "3.8" services: app: - image: mattermost/mattermost-team-edition:9.11.8 + image: mattermost/mattermost-team-edition:10.5.0 environment: - TZ - MM_SQLSETTINGS_DRIVERNAME=postgres @@ -29,6 +29,7 @@ services: - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "coop-cloud.${STACK_NAME}.version=1.5.3+9.11.8" + - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}" - "backupbot.backup=true" - "backupbot.backup.path=/mattermost,/etc/ssl" configs: @@ -59,7 +60,6 @@ services: backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql" backupbot.backup.path: "/var/lib/postgresql/data/" - secrets: postgres_password: external: true @@ -70,6 +70,7 @@ configs: name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION} file: ./entrypoint.sh + networks: proxy: external: true diff --git a/config.json.tmpl b/config.json.tmpl new file mode 100644 index 0000000..320cdd2 --- /dev/null +++ b/config.json.tmpl @@ -0,0 +1,686 @@ +{ + "ServiceSettings": { + "SiteURL": "", + "WebsocketURL": "", + "LicenseFileLocation": "", + "ListenAddress": ":8065", + "ConnectionSecurity": "", + "TLSCertFile": "", + "TLSKeyFile": "", + "TLSMinVer": "1.2", + "TLSStrictTransport": false, + "TLSStrictTransportMaxAge": 63072000, + "TLSOverwriteCiphers": [], + "UseLetsEncrypt": false, + "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache", + "Forward80To443": false, + "TrustedProxyIPHeader": [], + "ReadTimeout": 300, + "WriteTimeout": 300, + "IdleTimeout": 60, + "MaximumLoginAttempts": 10, + "GoroutineHealthThreshold": -1, + "EnableOAuthServiceProvider": true, + "EnableIncomingWebhooks": true, + "EnableOutgoingWebhooks": true, + "EnableOutgoingOAuthConnections": false, + "EnableCommands": true, + "OutgoingIntegrationRequestsTimeout": 30, + "EnablePostUsernameOverride": false, + "EnablePostIconOverride": false, + "GoogleDeveloperKey": "", + "EnableLinkPreviews": true, + "EnablePermalinkPreviews": true, + "RestrictLinkPreviews": "", + "EnableTesting": false, + "EnableDeveloper": false, + "DeveloperFlags": "", + "EnableClientPerformanceDebugging": false, + "EnableOpenTracing": false, + "EnableSecurityFixAlert": true, + "EnableInsecureOutgoingConnections": false, + "AllowedUntrustedInternalConnections": "", + "EnableMultifactorAuthentication": false, + "EnforceMultifactorAuthentication": false, + "EnableUserAccessTokens": false, + "AllowCorsFrom": "", + "CorsExposedHeaders": "", + "CorsAllowCredentials": false, + "CorsDebug": false, + "AllowCookiesForSubdomains": false, + "ExtendSessionLengthWithActivity": true, + "TerminateSessionsOnPasswordChange": true, + "SessionLengthWebInDays": 30, + "SessionLengthWebInHours": 720, + "SessionLengthMobileInDays": 30, + "SessionLengthMobileInHours": 720, + "SessionLengthSSOInDays": 30, + "SessionLengthSSOInHours": 720, + "SessionCacheInMinutes": 10, + "SessionIdleTimeoutInMinutes": 43200, + "WebsocketSecurePort": 443, + "WebsocketPort": 80, + "WebserverMode": "gzip", + "EnableGifPicker": true, + "GiphySdkKey": "", + "EnableCustomEmoji": true, + "EnableEmojiPicker": true, + "PostEditTimeLimit": -1, + "TimeBetweenUserTypingUpdatesMilliseconds": 5000, + "EnablePostSearch": true, + "EnableFileSearch": true, + "MinimumHashtagLength": 3, + "EnableUserTypingMessages": true, + "EnableChannelViewedMessages": true, + "EnableUserStatuses": true, + "ExperimentalEnableAuthenticationTransfer": true, + "ClusterLogTimeoutMilliseconds": 2000, + "EnableTutorial": true, + "EnableOnboardingFlow": true, + "ExperimentalEnableDefaultChannelLeaveJoinMessages": true, + "ExperimentalGroupUnreadChannels": "disabled", + "EnableAPITeamDeletion": false, + "EnableAPITriggerAdminNotifications": false, + "EnableAPIUserDeletion": false, + "EnableAPIPostDeletion": false, + "EnableDesktopLandingPage": true, + "ExperimentalEnableHardenedMode": false, + "ExperimentalStrictCSRFEnforcement": false, + "EnableEmailInvitations": false, + "DisableBotsWhenOwnerIsDeactivated": true, + "EnableBotAccountCreation": false, + "EnableSVGs": false, + "EnableLatex": false, + "EnableInlineLatex": true, + "PostPriority": true, + "AllowPersistentNotifications": true, + "AllowPersistentNotificationsForGuests": false, + "PersistentNotificationIntervalMinutes": 5, + "PersistentNotificationMaxCount": 6, + "PersistentNotificationMaxRecipients": 5, + "EnableAPIChannelDeletion": false, + "EnableLocalMode": true, + "LocalModeSocketLocation": "/var/tmp/mattermost_local.socket", + "EnableAWSMetering": false, + "SplitKey": "", + "FeatureFlagSyncIntervalSeconds": 30, + "DebugSplit": false, + "ThreadAutoFollow": true, + "CollapsedThreads": "always_on", + "ManagedResourcePaths": "", + "EnableCustomGroups": true, + "AllowSyncedDrafts": true, + "UniqueEmojiReactionLimitPerPost": 50, + "RefreshPostStatsRunTime": "00:00", + "MaximumPayloadSizeBytes": 300000, + "MaximumURLLength": 2048, + "ScheduledPosts": true + }, + "TeamSettings": { + "SiteName": "Mattermost", + "MaxUsersPerTeam": 50, + "EnableJoinLeaveMessageByDefault": true, + "EnableUserCreation": true, + "EnableOpenServer": false, + "EnableUserDeactivation": false, + "RestrictCreationToDomains": "", + "EnableCustomUserStatuses": true, + "EnableCustomBrand": false, + "CustomBrandText": "", + "CustomDescriptionText": "", + "RestrictDirectMessage": "any", + "EnableLastActiveTime": true, + "UserStatusAwayTimeout": 300, + "MaxChannelsPerTeam": 2000, + "MaxNotificationsPerChannel": 1000, + "EnableConfirmNotificationsToChannel": true, + "TeammateNameDisplay": "username", + "ExperimentalViewArchivedChannels": true, + "ExperimentalEnableAutomaticReplies": false, + "LockTeammateNameDisplay": false, + "ExperimentalPrimaryTeam": "", + "ExperimentalDefaultChannels": [] + }, + "ClientRequirements": { + "AndroidLatestVersion": "", + "AndroidMinVersion": "", + "IosLatestVersion": "", + "IosMinVersion": "" + }, + "SqlSettings": { + "DriverName": "postgres", + "DataSource": "postgres://mmuser:mostest@localhost/mattermost_test?sslmode=disable\u0026connect_timeout=10\u0026binary_parameters=yes", + "DataSourceReplicas": [], + "DataSourceSearchReplicas": [], + "MaxIdleConns": 20, + "ConnMaxLifetimeMilliseconds": 3600000, + "ConnMaxIdleTimeMilliseconds": 300000, + "MaxOpenConns": 300, + "Trace": false, + "AtRestEncryptKey": "etcbtej9ar4b5ickh9kqmmmbwkgnd9ds", + "QueryTimeout": 30, + "DisableDatabaseSearch": false, + "MigrationsStatementTimeoutSeconds": 100000, + "ReplicaLagSettings": [], + "ReplicaMonitorIntervalSeconds": 5 + }, + "LogSettings": { + "EnableConsole": true, + "ConsoleLevel": "INFO", + "ConsoleJson": true, + "EnableColor": false, + "EnableFile": true, + "FileLevel": "INFO", + "FileJson": true, + "FileLocation": "", + "EnableWebhookDebugging": true, + "EnableDiagnostics": true, + "VerboseDiagnostics": false, + "EnableSentry": true, + "AdvancedLoggingJSON": {}, + "MaxFieldSize": 2048 + }, + "ExperimentalAuditSettings": { + "FileEnabled": false, + "FileName": "", + "FileMaxSizeMB": 100, + "FileMaxAgeDays": 0, + "FileMaxBackups": 0, + "FileCompress": false, + "FileMaxQueueSize": 1000, + "AdvancedLoggingJSON": {} + }, + "NotificationLogSettings": { + "EnableConsole": true, + "ConsoleLevel": "INFO", + "ConsoleJson": true, + "EnableColor": false, + "EnableFile": true, + "FileLevel": "INFO", + "FileJson": true, + "FileLocation": "", + "AdvancedLoggingJSON": {} + }, + "PasswordSettings": { + "MinimumLength": 8, + "Lowercase": false, + "Number": false, + "Uppercase": false, + "Symbol": false, + "EnableForgotLink": true + }, + "FileSettings": { + "EnableFileAttachments": true, + "EnableMobileUpload": true, + "EnableMobileDownload": true, + "MaxFileSize": 104857600, + "MaxImageResolution": 33177600, + "MaxImageDecoderConcurrency": -1, + "DriverName": "local", + "Directory": "./data/", + "EnablePublicLink": false, + "ExtractContent": true, + "ArchiveRecursion": false, + "PublicLinkSalt": "br5pxoytkqgpwptybafe56dhfi7du38m", + "InitialFont": "nunito-bold.ttf", + "AmazonS3AccessKeyId": "", + "AmazonS3SecretAccessKey": "", + "AmazonS3Bucket": "", + "AmazonS3PathPrefix": "", + "AmazonS3Region": "", + "AmazonS3Endpoint": "s3.amazonaws.com", + "AmazonS3SSL": true, + "AmazonS3SignV2": false, + "AmazonS3SSE": false, + "AmazonS3Trace": false, + "AmazonS3RequestTimeoutMilliseconds": 30000, + "AmazonS3UploadPartSizeBytes": 5242880, + "AmazonS3StorageClass": "", + "DedicatedExportStore": false, + "ExportDriverName": "local", + "ExportDirectory": "./data/", + "ExportAmazonS3AccessKeyId": "", + "ExportAmazonS3SecretAccessKey": "", + "ExportAmazonS3Bucket": "", + "ExportAmazonS3PathPrefix": "", + "ExportAmazonS3Region": "", + "ExportAmazonS3Endpoint": "s3.amazonaws.com", + "ExportAmazonS3SSL": true, + "ExportAmazonS3SignV2": false, + "ExportAmazonS3SSE": false, + "ExportAmazonS3Trace": false, + "ExportAmazonS3RequestTimeoutMilliseconds": 30000, + "ExportAmazonS3PresignExpiresSeconds": 21600, + "ExportAmazonS3UploadPartSizeBytes": 104857600, + "ExportAmazonS3StorageClass": "" + }, + "EmailSettings": { + "EnableSignUpWithEmail": true, + "EnableSignInWithEmail": true, + "EnableSignInWithUsername": true, + "SendEmailNotifications": true, + "UseChannelInEmailNotifications": false, + "RequireEmailVerification": false, + "FeedbackName": "{{ env "ORG_NAME" }}", + "FeedbackEmail": "{{ env "ORG_EMAIL_ADDRESS" }}", + "ReplyToAddress": "{{ env "ORG_EMAIL_ADDRESS" }}", + "FeedbackOrganization": "", + "EnableSMTPAuth": true, + "SMTPUsername": "{{ env "SMTP_USER" }}", + "SMTPPassword": "{{ secret "smtp_pass" }}", + "SMTPServer": "{{ env "SMTP_HOST" }}", + "SMTPPort": "{{ env "SMTP_PORT" }}", + "SMTPServerTimeout": 10, + "ConnectionSecurity": "{{ env "SMTP_SECURITY" }}", + "SendPushNotifications": true, + "PushNotificationServer": "https://push-test.mattermost.com", + "PushNotificationContents": "full", + "PushNotificationBuffer": 1000, + "EnableEmailBatching": false, + "EmailBatchingBufferSize": 256, + "EmailBatchingInterval": 30, + "EnablePreviewModeBanner": false, + "SkipServerCertificateVerification": false, + "EmailNotificationContentsType": "full", + "LoginButtonColor": "#0000", + "LoginButtonBorderColor": "#2389D7", + "LoginButtonTextColor": "#2389D7" + }, + "RateLimitSettings": { + "Enable": false, + "PerSec": 10, + "MaxBurst": 100, + "MemoryStoreSize": 10000, + "VaryByRemoteAddr": true, + "VaryByUser": false, + "VaryByHeader": "" + }, + "PrivacySettings": { + "ShowEmailAddress": true, + "ShowFullName": true + }, + "SupportSettings": { + "TermsOfServiceLink": "https://mattermost.com/pl/terms-of-use/", + "PrivacyPolicyLink": "https://mattermost.com/pl/privacy-policy/", + "AboutLink": "https://mattermost.com/pl/about-mattermost", + "HelpLink": "https://mattermost.com/pl/help/", + "ReportAProblemLink": "https://mattermost.com/pl/report-a-bug", + "ForgotPasswordLink": "", + "SupportEmail": "{{ env "ORG_EMAIL_ADDRESS" }}", + "CustomTermsOfServiceEnabled": false, + "CustomTermsOfServiceReAcceptancePeriod": 365, + "EnableAskCommunityLink": true + }, + "AnnouncementSettings": { + "EnableBanner": false, + "BannerText": "", + "BannerColor": "#f2a93b", + "BannerTextColor": "#333333", + "AllowBannerDismissal": true, + "AdminNoticesEnabled": true, + "UserNoticesEnabled": true, + "NoticesURL": "https://notices.mattermost.com/", + "NoticesFetchFrequency": 3600, + "NoticesSkipCache": false + }, + "ThemeSettings": { + "EnableThemeSelection": true, + "DefaultTheme": "default", + "AllowCustomThemes": true, + "AllowedThemes": [] + }, + "GitLabSettings": { + "Enable": true, + "Secret": "{{ secret "mattermost_sso_secret" }}", + "Id": "{{ env "SSO_ID" }}", + "Scope": "", + "AuthEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/authorize/", + "TokenEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/token/", + "UserAPIEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/userinfo/", + "DiscoveryEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/{{ env "SSO_APP" }}/.well-known/openid-configuration", + "ButtonText": "{{ env "ORG_NAME" }}", + "ButtonColor": "#ff0000" + }, + "GoogleSettings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "profile email", + "AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "UserAPIEndpoint": "https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata", + "DiscoveryEndpoint": "", + "ButtonText": "", + "ButtonColor": "" + }, + "Office365Settings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "User.Read", + "AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize", + "TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token", + "UserAPIEndpoint": "https://graph.microsoft.com/v1.0/me", + "DiscoveryEndpoint": "", + "DirectoryId": "" + }, + "OpenIdSettings": { + "Enable": false, + "Secret": "", + "Id": "", + "Scope": "profile openid email", + "AuthEndpoint": "", + "TokenEndpoint": "", + "UserAPIEndpoint": "", + "DiscoveryEndpoint": "", + "ButtonText": "", + "ButtonColor": "#145DBF" + }, + "LdapSettings": { + "Enable": false, + "EnableSync": false, + "LdapServer": "", + "LdapPort": 389, + "ConnectionSecurity": "", + "BaseDN": "", + "BindUsername": "", + "BindPassword": "", + "UserFilter": "", + "GroupFilter": "", + "GuestFilter": "", + "EnableAdminFilter": false, + "AdminFilter": "", + "GroupDisplayNameAttribute": "", + "GroupIdAttribute": "", + "FirstNameAttribute": "", + "LastNameAttribute": "", + "EmailAttribute": "", + "UsernameAttribute": "", + "NicknameAttribute": "", + "IdAttribute": "", + "PositionAttribute": "", + "LoginIdAttribute": "", + "PictureAttribute": "", + "SyncIntervalMinutes": 60, + "SkipCertificateVerification": false, + "PublicCertificateFile": "", + "PrivateKeyFile": "", + "QueryTimeout": 60, + "MaxPageSize": 0, + "LoginFieldName": "", + "LoginButtonColor": "#0000", + "LoginButtonBorderColor": "#2389D7", + "LoginButtonTextColor": "#2389D7" + }, + "ComplianceSettings": { + "Enable": false, + "Directory": "./data/", + "EnableDaily": false, + "BatchSize": 30000 + }, + "LocalizationSettings": { + "DefaultServerLocale": "en", + "DefaultClientLocale": "en", + "AvailableLocales": "", + "EnableExperimentalLocales": false + }, + "SamlSettings": { + "Enable": false, + "EnableSyncWithLdap": false, + "EnableSyncWithLdapIncludeAuth": false, + "IgnoreGuestsLdapSync": false, + "Verify": true, + "Encrypt": true, + "SignRequest": false, + "IdpURL": "", + "IdpDescriptorURL": "", + "IdpMetadataURL": "", + "ServiceProviderIdentifier": "", + "AssertionConsumerServiceURL": "", + "SignatureAlgorithm": "RSAwithSHA1", + "CanonicalAlgorithm": "Canonical1.0", + "ScopingIDPProviderId": "", + "ScopingIDPName": "", + "IdpCertificateFile": "", + "PublicCertificateFile": "", + "PrivateKeyFile": "", + "IdAttribute": "", + "GuestAttribute": "", + "EnableAdminAttribute": false, + "AdminAttribute": "", + "FirstNameAttribute": "", + "LastNameAttribute": "", + "EmailAttribute": "", + "UsernameAttribute": "", + "NicknameAttribute": "", + "LocaleAttribute": "", + "PositionAttribute": "", + "LoginButtonText": "SAML", + "LoginButtonColor": "#34a28b", + "LoginButtonBorderColor": "#2389D7", + "LoginButtonTextColor": "#ffffff" + }, + "NativeAppSettings": { + "AppCustomURLSchemes": [ + "mmauth://", + "mmauthbeta://" + ], + "AppDownloadLink": "https://mattermost.com/pl/download-apps", + "AndroidAppDownloadLink": "https://mattermost.com/pl/android-app/", + "IosAppDownloadLink": "https://mattermost.com/pl/ios-app/", + "MobileExternalBrowser": false + }, + "CacheSettings": { + "CacheType": "lru", + "RedisAddress": "", + "RedisPassword": "********************************", + "RedisDB": -1, + "DisableClientCache": false + }, + "ClusterSettings": { + "Enable": false, + "ClusterName": "", + "OverrideHostname": "", + "NetworkInterface": "", + "BindAddress": "", + "AdvertiseAddress": "", + "UseIPAddress": true, + "EnableGossipCompression": true, + "EnableExperimentalGossipEncryption": false, + "ReadOnlyConfig": true, + "GossipPort": 8074 + }, + "MetricsSettings": { + "Enable": false, + "BlockProfileRate": 0, + "ListenAddress": ":8067", + "EnableClientMetrics": true, + "EnableNotificationMetrics": true + }, + "ExperimentalSettings": { + "ClientSideCertEnable": false, + "ClientSideCertCheck": "secondary", + "LinkMetadataTimeoutMilliseconds": 5000, + "RestrictSystemAdmin": false, + "EnableSharedChannels": false, + "EnableRemoteClusterService": false, + "DisableAppBar": false, + "DisableRefetchingOnBrowserFocus": false, + "DelayChannelAutocomplete": false, + "DisableWakeUpReconnectHandler": false, + "UsersStatusAndProfileFetchingPollIntervalMilliseconds": 3000, + "YoutubeReferrerPolicy": false + }, + "AnalyticsSettings": { + "MaxUsersForStatistics": 2500 + }, + "ElasticsearchSettings": { + "ConnectionURL": "http://localhost:9200", + "Backend": "elasticsearch", + "Username": "elastic", + "Password": "changeme", + "EnableIndexing": false, + "EnableSearching": false, + "EnableAutocomplete": false, + "Sniff": true, + "PostIndexReplicas": 1, + "PostIndexShards": 1, + "ChannelIndexReplicas": 1, + "ChannelIndexShards": 1, + "UserIndexReplicas": 1, + "UserIndexShards": 1, + "AggregatePostsAfterDays": 365, + "PostsAggregatorJobStartTime": "03:00", + "IndexPrefix": "", + "LiveIndexingBatchSize": 1, + "BatchSize": 10000, + "RequestTimeoutSeconds": 30, + "SkipTLSVerification": false, + "CA": "", + "ClientCert": "", + "ClientKey": "", + "Trace": "", + "IgnoredPurgeIndexes": "" + }, + "BleveSettings": { + "IndexDir": "", + "EnableIndexing": false, + "EnableSearching": false, + "EnableAutocomplete": false, + "BatchSize": 10000 + }, + "DataRetentionSettings": { + "EnableMessageDeletion": false, + "EnableFileDeletion": false, + "EnableBoardsDeletion": false, + "MessageRetentionDays": 365, + "MessageRetentionHours": 0, + "FileRetentionDays": 365, + "FileRetentionHours": 0, + "BoardsRetentionDays": 365, + "DeletionJobStartTime": "02:00", + "BatchSize": 3000, + "TimeBetweenBatchesMilliseconds": 100, + "RetentionIdsBatchSize": 100 + }, + "MessageExportSettings": { + "EnableExport": false, + "ExportFormat": "actiance", + "DailyRunTime": "01:00", + "ExportFromTimestamp": 0, + "BatchSize": 10000, + "DownloadExportResults": false, + "ChannelBatchSize": 100, + "ChannelHistoryBatchSize": 10, + "GlobalRelaySettings": { + "CustomerType": "A9", + "SMTPUsername": "", + "SMTPPassword": "", + "EmailAddress": "", + "SMTPServerTimeout": 1800, + "CustomSMTPServerName": "", + "CustomSMTPPort": "25" + } + }, + "JobSettings": { + "RunJobs": true, + "RunScheduler": true, + "CleanupJobsThresholdDays": -1, + "CleanupConfigThresholdDays": -1 + }, + "PluginSettings": { + "Enable": true, + "EnableUploads": false, + "AllowInsecureDownloadURL": false, + "EnableHealthCheck": true, + "Directory": "./plugins", + "ClientDirectory": "./client/plugins", + "Plugins": { + "mattermost-ai": { + "config": { + "allowPrivateChannels": false, + "allowedTeamIDs": "", + "bots": null, + "defaultBotName": "", + "enableLLMTrace": false, + "enableUserRestrictions": false, + "onlyUsersOnTeam": "", + "services": null, + "transcriptBackend": "" + } + }, + "playbooks": { + "BotUserID": "d1a1xx1r7jyt8ca8mg1iqpgd3h" + } + }, + "PluginStates": { + "com.mattermost.calls": { + "Enable": true + }, + "com.mattermost.nps": { + "Enable": true + }, + "mattermost-ai": { + "Enable": true + }, + "playbooks": { + "Enable": true + } + }, + "EnableMarketplace": true, + "EnableRemoteMarketplace": true, + "AutomaticPrepackagedPlugins": true, + "RequirePluginSignature": false, + "MarketplaceURL": "https://api.integrations.mattermost.com", + "SignaturePublicKeyFiles": [], + "ChimeraOAuthProxyURL": "" + }, + "DisplaySettings": { + "CustomURLSchemes": [], + "MaxMarkdownNodes": 0 + }, + "GuestAccountsSettings": { + "Enable": false, + "HideTags": false, + "AllowEmailAccounts": true, + "EnforceMultifactorAuthentication": false, + "RestrictCreationToDomains": "" + }, + "ImageProxySettings": { + "Enable": false, + "ImageProxyType": "local", + "RemoteImageProxyURL": "", + "RemoteImageProxyOptions": "" + }, + "CloudSettings": { + "CWSURL": "https://customers.mattermost.com", + "CWSAPIURL": "https://api.internal.test.cloud.mattermost.com", + "CWSMock": false, + "Disable": false + }, + "ImportSettings": { + "Directory": "./import", + "RetentionDays": 30 + }, + "ExportSettings": { + "Directory": "./export", + "RetentionDays": 30 + }, + "WranglerSettings": { + "PermittedWranglerRoles": [], + "AllowedEmailDomain": [], + "MoveThreadMaxCount": 100, + "MoveThreadToAnotherTeamEnable": false, + "MoveThreadFromPrivateChannelEnable": false, + "MoveThreadFromDirectMessageChannelEnable": false, + "MoveThreadFromGroupMessageChannelEnable": false + }, + "ConnectedWorkspacesSettings": { + "EnableSharedChannels": false, + "EnableRemoteClusterService": false, + "DisableSharedChannelsStatusSync": false, + "MaxPostsPerSync": 50 + }, + "CoopCloudManaged": { + } +} \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index 9ca2f50..a2d385a 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -15,5 +15,11 @@ else exit 1 fi +# If the default Mattermost config hasn't already been replaced +# by the templated config this recipe generates, replace it +if ! test -f "/mattermost/config/CoopCloudManaged"; then + cp /config-to-copy.json /mattermost/config/config.json && touch /mattermost/config/CoopCloudManaged +fi + # https://github.com/mattermost/mattermost-server/blob/master/build/Dockerfile -/entrypoint.sh "mattermost" +/entrypoint.sh "mattermost" \ No newline at end of file diff --git a/gitlab_config_patch.json.tmpl b/gitlab_config_patch.json.tmpl new file mode 100644 index 0000000..2250c05 --- /dev/null +++ b/gitlab_config_patch.json.tmpl @@ -0,0 +1,12 @@ +{ + "Enable": true, + "Secret": "${MATTERMOST_SSO_SECRET}", + "Id": "${SSO_ID}", + "Scope": "", + "AuthEndpoint": "https://${SSO_DOMAIN}/application/o/authorize/", + "TokenEndpoint": "https://${SSO_DOMAIN}/application/o/token/", + "UserAPIEndpoint": "https://${SSO_DOMAIN}/application/o/userinfo/", + "DiscoveryEndpoint": "https://${SSO_DOMAIN}/application/o/${SSO_APP}/.well-known/openid-configuration", + "ButtonText": "${ORG_NAME}", + "ButtonColor": "#ff0000" +} \ No newline at end of file