coop-cloud/mattermost
coop-cloud/mattermost
1
0
Fork 2
Code Issues Pull Requests Projects Releases Wiki Activity

Add SSO and Email support #3

Merged
marlon merged 6 commits from sso into main 2025-02-11 20:09:26 +00:00
Conversation 1 Commits 6 Files Changed 9 +830 -3
9 changed files with 830 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
.env.sample
View File

@ -9,8 +9,28 @@ LETS_ENCRYPT_ENV=production
# Secret Versions # Secret Versions
SECRET_POSTGRES_PASSWORD_VERSION=v1 SECRET_POSTGRES_PASSWORD_VERSION=v1
COMPOSE_FILE="compose.yml"
# Container Settings # Container Settings
## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'. ## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'.
## A list of these tz database names can be looked up at Wikipedia ## A list of these tz database names can be looked up at Wikipedia
## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones ## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
TZ=UTC TZ=UTC
ORG_NAME="My Organization"
## Email Support
#COMPOSE_FILE="$COMPOSE_FILE:compose.email.yml"
#ORG_EMAIL_ADDRESS="youruser@youremail.org"
#SMTP_USER="youruser"
#SECRET_SMTP_PASS_VERSION=v1
#SMTP_HOST=""
#SMTP_PORT=587
#SMTP_SECURITY=STARTTLS #TLS or STARTTLS
## SSO config
#COMPOSE_FILE="$COMPOSE_FILE:compose.sso.yml"
#SSO_DOMAIN=accounts.example.com
#SSO_APP=mattermost
#SSO_ID=
#SECRET_MATTERMOST_SSO_SECRET_VERSION=v1

56
README.md
View File

@ -24,5 +24,61 @@
5. `abra app deploy YOURAPPNAME` 5. `abra app deploy YOURAPPNAME`
6. Open the configured domain in your browser to finish set-up 6. Open the configured domain in your browser to finish set-up
## Enable Email
**WARNING: Following these steps will overwrite the configuration of your Mattermost instance. Probably only run it on a fresh deployment.**
- `abra app config YOURAPPNAME`
- Uncomment the section starting with **Email Support**
- `abra app secret i YOURAPPNAME smtp_pass v1 'yourSMTPpassword'`
- `abra app undeploy YOURAPPNAME`
- `abra app deploy YOURAPPNAME`
- `abra app command -C YOURAPPNAME app reset_config` <- This will overwrite your configuration
## Enable SSO with Authentik
This is how to configure your Mattermost server to accept logins from your Authentik SSO provider.
### Configure Authentik
#### Create a property mapping
- Log in as administrator of your Authentik instance
- Go to https://authentik.yourserver.org/if/admin/#/core/property-mappings and choose **Create**
- Choose Scope Mapping
- Name: `Mattermost ID`
- Scope Name: `id`
- Description: *optional own description*
- Expression: `return { "id": request.user.id }`
- Create another Scope Mapping
- Name: `Mattermost Username`
- Scope Name: `username`
- Description: *optional own description*
- Expression: `return { "username": request.user.username }`
#### Create Application and Provider
- Go to https://authentik.yourserver.org/if/admin/#/core/applications and choose **Create With Wizard**
- Application Name: mattermost
- **Next**
- Choose OAuth2/OIDC
- Set Authorization flow: `default-provider-authorization-implicit-consent (Authorize Application)`
- Copy the **Client ID** and **Client Secret**, you'll need them later
- Add Redirect URIs:
- https://mattermost.yourserver.org/login/gitlab/complete
- https://mattermost.yourserver.org/signup/gitlab/complete
- Expand Advanced Protocol Settings
- Under Scopes, select `Mattermost ID` and `Mattermost Username`, and click the > to add them to **Selected Scopes**
- **Submit**
### Configure Mattermost
**WARNING: Following these steps will overwrite the configuration of your Mattermost instance. Probably only run it on a fresh deployment.**
- `abra app configure YOURAPPNAME`
- Uncomment the section starting with `## SSO config`
- Set `SSO_ID` to the value you saved when configuring Authentik
- `abra app secret insert YOURAPPNAME mattermost_sso_secret v1 <the authentik provider secret you saved>`
- `abra app undeploy YOURAPPNAME`
- `abra app deploy YOURAPPNAME`
- `abra app command -C YOURAPPNAME app reset_config` <- This will overwrite your configuration
### Disable non-SSO login (Optional)
- Ensure that your SSO user has the **System Admin** role: https://YOURAPPNAME/admin_console/user_management/users
- Go to https://YOURAPPNAME/admin_console/authentication/email
- Set **Enable sign-in with email** and **Enable sign-in with username** to `false`
[`abra`]: https://git.coopcloud.tech/coop-cloud/abra [`abra`]: https://git.coopcloud.tech/coop-cloud/abra
[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik [`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik

6
abra.sh
View File

@ -1 +1,7 @@
export ENTRYPOINT_VERSION=v1 export ENTRYPOINT_VERSION=v1
export MATTERMOST_CONFIG_VERSION=v1
reset_config() {
cp /config-to-copy.json /mattermost/config/config.json && touch /mattermost/config/CoopCloudManaged
mmctl config reload --local
}

20
compose.email.yml Normal file
View File

@ -0,0 +1,20 @@
version: "3.8"
services:
app:
configs:
- source: mattermost_config
target: /config-to-copy.json
secrets:
- smtp_pass
secrets:
smtp_pass:
external: true
name: ${STACK_NAME}_smtp_pass_${SECRET_SMTP_PASS_VERSION}
configs:
mattermost_config:
name: ${STACK_NAME}_mattermost_config_${MATTERMOST_CONFIG_VERSION}
file: ./config.json.tmpl
template_driver: golang

20
compose.sso.yml Normal file
View File

@ -0,0 +1,20 @@
version: "3.8"
services:
app:
configs:
- source: mattermost_config
target: /config-to-copy.json
secrets:
- mattermost_sso_secret
secrets:
mattermost_sso_secret:
external: true
name: ${STACK_NAME}_mattermost_sso_secret_${SECRET_MATTERMOST_SSO_SECRET_VERSION}
configs:
mattermost_config:
name: ${STACK_NAME}_mattermost_config_${MATTERMOST_CONFIG_VERSION}
file: ./config.json.tmpl
template_driver: golang

5
compose.yml
View File

@ -2,7 +2,7 @@ version: "3.8"
services: services:
app: app:
image: mattermost/mattermost-team-edition:9.11.8 image: mattermost/mattermost-team-edition:10.5.0
environment: environment:
- TZ - TZ
- MM_SQLSETTINGS_DRIVERNAME=postgres - MM_SQLSETTINGS_DRIVERNAME=postgres
@ -29,6 +29,7 @@ services:
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
- "coop-cloud.${STACK_NAME}.version=1.5.3+9.11.8" - "coop-cloud.${STACK_NAME}.version=1.5.3+9.11.8"
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
- "backupbot.backup=true" - "backupbot.backup=true"
- "backupbot.backup.path=/mattermost,/etc/ssl" - "backupbot.backup.path=/mattermost,/etc/ssl"
configs: configs:
@ -59,7 +60,6 @@ services:
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql" backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/postgres-backup.sql"
backupbot.backup.path: "/var/lib/postgresql/data/" backupbot.backup.path: "/var/lib/postgresql/data/"
secrets: secrets:
postgres_password: postgres_password:
external: true external: true
@ -70,6 +70,7 @@ configs:
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION} name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
file: ./entrypoint.sh file: ./entrypoint.sh
networks: networks:
proxy: proxy:
external: true external: true

686
config.json.tmpl Normal file
View File

@ -0,0 +1,686 @@
{
"ServiceSettings": {
"SiteURL": "",
"WebsocketURL": "",
"LicenseFileLocation": "",
"ListenAddress": ":8065",
"ConnectionSecurity": "",
"TLSCertFile": "",
"TLSKeyFile": "",
"TLSMinVer": "1.2",
"TLSStrictTransport": false,
"TLSStrictTransportMaxAge": 63072000,
"TLSOverwriteCiphers": [],
"UseLetsEncrypt": false,
"LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
"Forward80To443": false,
"TrustedProxyIPHeader": [],
"ReadTimeout": 300,
"WriteTimeout": 300,
"IdleTimeout": 60,
"MaximumLoginAttempts": 10,
"GoroutineHealthThreshold": -1,
"EnableOAuthServiceProvider": true,
"EnableIncomingWebhooks": true,
"EnableOutgoingWebhooks": true,
"EnableOutgoingOAuthConnections": false,
"EnableCommands": true,
"OutgoingIntegrationRequestsTimeout": 30,
"EnablePostUsernameOverride": false,
"EnablePostIconOverride": false,
"GoogleDeveloperKey": "",
"EnableLinkPreviews": true,
"EnablePermalinkPreviews": true,
"RestrictLinkPreviews": "",
"EnableTesting": false,
"EnableDeveloper": false,
"DeveloperFlags": "",
"EnableClientPerformanceDebugging": false,
"EnableOpenTracing": false,
"EnableSecurityFixAlert": true,
"EnableInsecureOutgoingConnections": false,
"AllowedUntrustedInternalConnections": "",
"EnableMultifactorAuthentication": false,
"EnforceMultifactorAuthentication": false,
"EnableUserAccessTokens": false,
"AllowCorsFrom": "",
"CorsExposedHeaders": "",
"CorsAllowCredentials": false,
"CorsDebug": false,
"AllowCookiesForSubdomains": false,
"ExtendSessionLengthWithActivity": true,
"TerminateSessionsOnPasswordChange": true,
"SessionLengthWebInDays": 30,
"SessionLengthWebInHours": 720,
"SessionLengthMobileInDays": 30,
"SessionLengthMobileInHours": 720,
"SessionLengthSSOInDays": 30,
"SessionLengthSSOInHours": 720,
"SessionCacheInMinutes": 10,
"SessionIdleTimeoutInMinutes": 43200,
"WebsocketSecurePort": 443,
"WebsocketPort": 80,
"WebserverMode": "gzip",
"EnableGifPicker": true,
"GiphySdkKey": "",
"EnableCustomEmoji": true,
"EnableEmojiPicker": true,
"PostEditTimeLimit": -1,
"TimeBetweenUserTypingUpdatesMilliseconds": 5000,
"EnablePostSearch": true,
"EnableFileSearch": true,
"MinimumHashtagLength": 3,
"EnableUserTypingMessages": true,
"EnableChannelViewedMessages": true,
"EnableUserStatuses": true,
"ExperimentalEnableAuthenticationTransfer": true,
"ClusterLogTimeoutMilliseconds": 2000,
"EnableTutorial": true,
"EnableOnboardingFlow": true,
"ExperimentalEnableDefaultChannelLeaveJoinMessages": true,
"ExperimentalGroupUnreadChannels": "disabled",
"EnableAPITeamDeletion": false,
"EnableAPITriggerAdminNotifications": false,
"EnableAPIUserDeletion": false,
"EnableAPIPostDeletion": false,
"EnableDesktopLandingPage": true,
"ExperimentalEnableHardenedMode": false,
"ExperimentalStrictCSRFEnforcement": false,
"EnableEmailInvitations": false,
"DisableBotsWhenOwnerIsDeactivated": true,
"EnableBotAccountCreation": false,
"EnableSVGs": false,
"EnableLatex": false,
"EnableInlineLatex": true,
"PostPriority": true,
"AllowPersistentNotifications": true,
"AllowPersistentNotificationsForGuests": false,
"PersistentNotificationIntervalMinutes": 5,
"PersistentNotificationMaxCount": 6,
"PersistentNotificationMaxRecipients": 5,
"EnableAPIChannelDeletion": false,
"EnableLocalMode": true,
"LocalModeSocketLocation": "/var/tmp/mattermost_local.socket",
"EnableAWSMetering": false,
"SplitKey": "",
"FeatureFlagSyncIntervalSeconds": 30,
"DebugSplit": false,
"ThreadAutoFollow": true,
"CollapsedThreads": "always_on",
"ManagedResourcePaths": "",
"EnableCustomGroups": true,
"AllowSyncedDrafts": true,
"UniqueEmojiReactionLimitPerPost": 50,
"RefreshPostStatsRunTime": "00:00",
"MaximumPayloadSizeBytes": 300000,
"MaximumURLLength": 2048,
"ScheduledPosts": true
},
"TeamSettings": {
"SiteName": "Mattermost",
"MaxUsersPerTeam": 50,
"EnableJoinLeaveMessageByDefault": true,
"EnableUserCreation": true,
"EnableOpenServer": false,
"EnableUserDeactivation": false,
"RestrictCreationToDomains": "",
"EnableCustomUserStatuses": true,
"EnableCustomBrand": false,
"CustomBrandText": "",
"CustomDescriptionText": "",
"RestrictDirectMessage": "any",
"EnableLastActiveTime": true,
"UserStatusAwayTimeout": 300,
"MaxChannelsPerTeam": 2000,
"MaxNotificationsPerChannel": 1000,
"EnableConfirmNotificationsToChannel": true,
"TeammateNameDisplay": "username",
"ExperimentalViewArchivedChannels": true,
"ExperimentalEnableAutomaticReplies": false,
"LockTeammateNameDisplay": false,
"ExperimentalPrimaryTeam": "",
"ExperimentalDefaultChannels": []
},
"ClientRequirements": {
"AndroidLatestVersion": "",
"AndroidMinVersion": "",
"IosLatestVersion": "",
"IosMinVersion": ""
},
"SqlSettings": {
"DriverName": "postgres",
"DataSource": "postgres://mmuser:mostest@localhost/mattermost_test?sslmode=disable\u0026connect_timeout=10\u0026binary_parameters=yes",
"DataSourceReplicas": [],
"DataSourceSearchReplicas": [],
"MaxIdleConns": 20,
"ConnMaxLifetimeMilliseconds": 3600000,
"ConnMaxIdleTimeMilliseconds": 300000,
"MaxOpenConns": 300,
"Trace": false,
"AtRestEncryptKey": "etcbtej9ar4b5ickh9kqmmmbwkgnd9ds",
"QueryTimeout": 30,
"DisableDatabaseSearch": false,
"MigrationsStatementTimeoutSeconds": 100000,
"ReplicaLagSettings": [],
"ReplicaMonitorIntervalSeconds": 5
},
"LogSettings": {
"EnableConsole": true,
"ConsoleLevel": "INFO",
"ConsoleJson": true,
"EnableColor": false,
"EnableFile": true,
"FileLevel": "INFO",
"FileJson": true,
"FileLocation": "",
"EnableWebhookDebugging": true,
"EnableDiagnostics": true,
"VerboseDiagnostics": false,
"EnableSentry": true,
"AdvancedLoggingJSON": {},
"MaxFieldSize": 2048
},
"ExperimentalAuditSettings": {
"FileEnabled": false,
"FileName": "",
"FileMaxSizeMB": 100,
"FileMaxAgeDays": 0,
"FileMaxBackups": 0,
"FileCompress": false,
"FileMaxQueueSize": 1000,
"AdvancedLoggingJSON": {}
},
"NotificationLogSettings": {
"EnableConsole": true,
"ConsoleLevel": "INFO",
"ConsoleJson": true,
"EnableColor": false,
"EnableFile": true,
"FileLevel": "INFO",
"FileJson": true,
"FileLocation": "",
"AdvancedLoggingJSON": {}
},
"PasswordSettings": {
"MinimumLength": 8,
"Lowercase": false,
"Number": false,
"Uppercase": false,
"Symbol": false,
"EnableForgotLink": true
},
"FileSettings": {
"EnableFileAttachments": true,
"EnableMobileUpload": true,
"EnableMobileDownload": true,
"MaxFileSize": 104857600,
"MaxImageResolution": 33177600,
"MaxImageDecoderConcurrency": -1,
"DriverName": "local",
"Directory": "./data/",
"EnablePublicLink": false,
"ExtractContent": true,
"ArchiveRecursion": false,
"PublicLinkSalt": "br5pxoytkqgpwptybafe56dhfi7du38m",
"InitialFont": "nunito-bold.ttf",
"AmazonS3AccessKeyId": "",
"AmazonS3SecretAccessKey": "",
"AmazonS3Bucket": "",
"AmazonS3PathPrefix": "",
"AmazonS3Region": "",
"AmazonS3Endpoint": "s3.amazonaws.com",
"AmazonS3SSL": true,
"AmazonS3SignV2": false,
"AmazonS3SSE": false,
"AmazonS3Trace": false,
"AmazonS3RequestTimeoutMilliseconds": 30000,
"AmazonS3UploadPartSizeBytes": 5242880,
"AmazonS3StorageClass": "",
"DedicatedExportStore": false,
"ExportDriverName": "local",
"ExportDirectory": "./data/",
"ExportAmazonS3AccessKeyId": "",
"ExportAmazonS3SecretAccessKey": "",
"ExportAmazonS3Bucket": "",
"ExportAmazonS3PathPrefix": "",
"ExportAmazonS3Region": "",
"ExportAmazonS3Endpoint": "s3.amazonaws.com",
"ExportAmazonS3SSL": true,
"ExportAmazonS3SignV2": false,
"ExportAmazonS3SSE": false,
"ExportAmazonS3Trace": false,
"ExportAmazonS3RequestTimeoutMilliseconds": 30000,
"ExportAmazonS3PresignExpiresSeconds": 21600,
"ExportAmazonS3UploadPartSizeBytes": 104857600,
"ExportAmazonS3StorageClass": ""
},
"EmailSettings": {
"EnableSignUpWithEmail": true,
"EnableSignInWithEmail": true,
"EnableSignInWithUsername": true,
"SendEmailNotifications": true,
"UseChannelInEmailNotifications": false,
"RequireEmailVerification": false,
"FeedbackName": "{{ env "ORG_NAME" }}",
"FeedbackEmail": "{{ env "ORG_EMAIL_ADDRESS" }}",
"ReplyToAddress": "{{ env "ORG_EMAIL_ADDRESS" }}",
"FeedbackOrganization": "",
"EnableSMTPAuth": true,
"SMTPUsername": "{{ env "SMTP_USER" }}",
"SMTPPassword": "{{ secret "smtp_pass" }}",
"SMTPServer": "{{ env "SMTP_HOST" }}",
"SMTPPort": "{{ env "SMTP_PORT" }}",
"SMTPServerTimeout": 10,
"ConnectionSecurity": "{{ env "SMTP_SECURITY" }}",
"SendPushNotifications": true,
"PushNotificationServer": "https://push-test.mattermost.com",
"PushNotificationContents": "full",
"PushNotificationBuffer": 1000,
"EnableEmailBatching": false,
"EmailBatchingBufferSize": 256,
"EmailBatchingInterval": 30,
"EnablePreviewModeBanner": false,
"SkipServerCertificateVerification": false,
"EmailNotificationContentsType": "full",
"LoginButtonColor": "#0000",
"LoginButtonBorderColor": "#2389D7",
"LoginButtonTextColor": "#2389D7"
},
"RateLimitSettings": {
"Enable": false,
"PerSec": 10,
"MaxBurst": 100,
"MemoryStoreSize": 10000,
"VaryByRemoteAddr": true,
"VaryByUser": false,
"VaryByHeader": ""
},
"PrivacySettings": {
"ShowEmailAddress": true,
"ShowFullName": true
},
"SupportSettings": {
"TermsOfServiceLink": "https://mattermost.com/pl/terms-of-use/",
"PrivacyPolicyLink": "https://mattermost.com/pl/privacy-policy/",
"AboutLink": "https://mattermost.com/pl/about-mattermost",
"HelpLink": "https://mattermost.com/pl/help/",
"ReportAProblemLink": "https://mattermost.com/pl/report-a-bug",
"ForgotPasswordLink": "",
"SupportEmail": "{{ env "ORG_EMAIL_ADDRESS" }}",
"CustomTermsOfServiceEnabled": false,
"CustomTermsOfServiceReAcceptancePeriod": 365,
"EnableAskCommunityLink": true
},
"AnnouncementSettings": {
"EnableBanner": false,
"BannerText": "",
"BannerColor": "#f2a93b",
"BannerTextColor": "#333333",
"AllowBannerDismissal": true,
"AdminNoticesEnabled": true,
"UserNoticesEnabled": true,
"NoticesURL": "https://notices.mattermost.com/",
"NoticesFetchFrequency": 3600,
"NoticesSkipCache": false
},
"ThemeSettings": {
"EnableThemeSelection": true,
"DefaultTheme": "default",
"AllowCustomThemes": true,
"AllowedThemes": []
},
"GitLabSettings": {
"Enable": true,
"Secret": "{{ secret "mattermost_sso_secret" }}",
"Id": "{{ env "SSO_ID" }}",
"Scope": "",
"AuthEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/authorize/",
"TokenEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/token/",
"UserAPIEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/userinfo/",
"DiscoveryEndpoint": "https://{{ env "SSO_DOMAIN" }}/application/o/{{ env "SSO_APP" }}/.well-known/openid-configuration",
"ButtonText": "{{ env "ORG_NAME" }}",
"ButtonColor": "#ff0000"
},
"GoogleSettings": {
"Enable": false,
"Secret": "",
"Id": "",
"Scope": "profile email",
"AuthEndpoint": "https://accounts.google.com/o/oauth2/v2/auth",
"TokenEndpoint": "https://www.googleapis.com/oauth2/v4/token",
"UserAPIEndpoint": "https://people.googleapis.com/v1/people/me?personFields=names,emailAddresses,nicknames,metadata",
"DiscoveryEndpoint": "",
"ButtonText": "",
"ButtonColor": ""
},
"Office365Settings": {
"Enable": false,
"Secret": "",
"Id": "",
"Scope": "User.Read",
"AuthEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
"TokenEndpoint": "https://login.microsoftonline.com/common/oauth2/v2.0/token",
"UserAPIEndpoint": "https://graph.microsoft.com/v1.0/me",
"DiscoveryEndpoint": "",
"DirectoryId": ""
},
"OpenIdSettings": {
"Enable": false,
"Secret": "",
"Id": "",
"Scope": "profile openid email",
"AuthEndpoint": "",
"TokenEndpoint": "",
"UserAPIEndpoint": "",
"DiscoveryEndpoint": "",
"ButtonText": "",
"ButtonColor": "#145DBF"
},
"LdapSettings": {
"Enable": false,
"EnableSync": false,
"LdapServer": "",
"LdapPort": 389,
"ConnectionSecurity": "",
"BaseDN": "",
"BindUsername": "",
"BindPassword": "",
"UserFilter": "",
"GroupFilter": "",
"GuestFilter": "",
"EnableAdminFilter": false,
"AdminFilter": "",
"GroupDisplayNameAttribute": "",
"GroupIdAttribute": "",
"FirstNameAttribute": "",
"LastNameAttribute": "",
"EmailAttribute": "",
"UsernameAttribute": "",
"NicknameAttribute": "",
"IdAttribute": "",
"PositionAttribute": "",
"LoginIdAttribute": "",
"PictureAttribute": "",
"SyncIntervalMinutes": 60,
"SkipCertificateVerification": false,
"PublicCertificateFile": "",
"PrivateKeyFile": "",
"QueryTimeout": 60,
"MaxPageSize": 0,
"LoginFieldName": "",
"LoginButtonColor": "#0000",
"LoginButtonBorderColor": "#2389D7",
"LoginButtonTextColor": "#2389D7"
},
"ComplianceSettings": {
"Enable": false,
"Directory": "./data/",
"EnableDaily": false,
"BatchSize": 30000
},
"LocalizationSettings": {
"DefaultServerLocale": "en",
"DefaultClientLocale": "en",
"AvailableLocales": "",
"EnableExperimentalLocales": false
},
"SamlSettings": {
"Enable": false,
"EnableSyncWithLdap": false,
"EnableSyncWithLdapIncludeAuth": false,
"IgnoreGuestsLdapSync": false,
"Verify": true,
"Encrypt": true,
"SignRequest": false,
"IdpURL": "",
"IdpDescriptorURL": "",
"IdpMetadataURL": "",
"ServiceProviderIdentifier": "",
"AssertionConsumerServiceURL": "",
"SignatureAlgorithm": "RSAwithSHA1",
"CanonicalAlgorithm": "Canonical1.0",
"ScopingIDPProviderId": "",
"ScopingIDPName": "",
"IdpCertificateFile": "",
"PublicCertificateFile": "",
"PrivateKeyFile": "",
"IdAttribute": "",
"GuestAttribute": "",
"EnableAdminAttribute": false,
"AdminAttribute": "",
"FirstNameAttribute": "",
"LastNameAttribute": "",
"EmailAttribute": "",
"UsernameAttribute": "",
"NicknameAttribute": "",
"LocaleAttribute": "",
"PositionAttribute": "",
"LoginButtonText": "SAML",
"LoginButtonColor": "#34a28b",
"LoginButtonBorderColor": "#2389D7",
"LoginButtonTextColor": "#ffffff"
},
"NativeAppSettings": {
"AppCustomURLSchemes": [
"mmauth://",
"mmauthbeta://"
],
"AppDownloadLink": "https://mattermost.com/pl/download-apps",
"AndroidAppDownloadLink": "https://mattermost.com/pl/android-app/",
"IosAppDownloadLink": "https://mattermost.com/pl/ios-app/",
"MobileExternalBrowser": false
},
"CacheSettings": {
"CacheType": "lru",
"RedisAddress": "",
"RedisPassword": "********************************",
"RedisDB": -1,
"DisableClientCache": false
},
"ClusterSettings": {
"Enable": false,
"ClusterName": "",
"OverrideHostname": "",
"NetworkInterface": "",
"BindAddress": "",
"AdvertiseAddress": "",
"UseIPAddress": true,
"EnableGossipCompression": true,
"EnableExperimentalGossipEncryption": false,
"ReadOnlyConfig": true,
"GossipPort": 8074
},
"MetricsSettings": {
"Enable": false,
"BlockProfileRate": 0,
"ListenAddress": ":8067",
"EnableClientMetrics": true,
"EnableNotificationMetrics": true
},
"ExperimentalSettings": {
"ClientSideCertEnable": false,
"ClientSideCertCheck": "secondary",
"LinkMetadataTimeoutMilliseconds": 5000,
"RestrictSystemAdmin": false,
"EnableSharedChannels": false,
"EnableRemoteClusterService": false,
"DisableAppBar": false,
"DisableRefetchingOnBrowserFocus": false,
"DelayChannelAutocomplete": false,
"DisableWakeUpReconnectHandler": false,
"UsersStatusAndProfileFetchingPollIntervalMilliseconds": 3000,
"YoutubeReferrerPolicy": false
},
"AnalyticsSettings": {
"MaxUsersForStatistics": 2500
},
"ElasticsearchSettings": {
"ConnectionURL": "http://localhost:9200",
"Backend": "elasticsearch",
"Username": "elastic",
"Password": "changeme",
"EnableIndexing": false,
"EnableSearching": false,
"EnableAutocomplete": false,
"Sniff": true,
"PostIndexReplicas": 1,
"PostIndexShards": 1,
"ChannelIndexReplicas": 1,
"ChannelIndexShards": 1,
"UserIndexReplicas": 1,
"UserIndexShards": 1,
"AggregatePostsAfterDays": 365,
"PostsAggregatorJobStartTime": "03:00",
"IndexPrefix": "",
"LiveIndexingBatchSize": 1,
"BatchSize": 10000,
"RequestTimeoutSeconds": 30,
"SkipTLSVerification": false,
"CA": "",
"ClientCert": "",
"ClientKey": "",
"Trace": "",
"IgnoredPurgeIndexes": ""
},
"BleveSettings": {
"IndexDir": "",
"EnableIndexing": false,
"EnableSearching": false,
"EnableAutocomplete": false,
"BatchSize": 10000
},
"DataRetentionSettings": {
"EnableMessageDeletion": false,
"EnableFileDeletion": false,
"EnableBoardsDeletion": false,
"MessageRetentionDays": 365,
"MessageRetentionHours": 0,
"FileRetentionDays": 365,
"FileRetentionHours": 0,
"BoardsRetentionDays": 365,
"DeletionJobStartTime": "02:00",
"BatchSize": 3000,
"TimeBetweenBatchesMilliseconds": 100,
"RetentionIdsBatchSize": 100
},
"MessageExportSettings": {
"EnableExport": false,
"ExportFormat": "actiance",
"DailyRunTime": "01:00",
"ExportFromTimestamp": 0,
"BatchSize": 10000,
"DownloadExportResults": false,
"ChannelBatchSize": 100,
"ChannelHistoryBatchSize": 10,
"GlobalRelaySettings": {
"CustomerType": "A9",
"SMTPUsername": "",
"SMTPPassword": "",
"EmailAddress": "",
"SMTPServerTimeout": 1800,
"CustomSMTPServerName": "",
"CustomSMTPPort": "25"
}
},
"JobSettings": {
"RunJobs": true,
"RunScheduler": true,
"CleanupJobsThresholdDays": -1,
"CleanupConfigThresholdDays": -1
},
"PluginSettings": {
"Enable": true,
"EnableUploads": false,
"AllowInsecureDownloadURL": false,
"EnableHealthCheck": true,
"Directory": "./plugins",
"ClientDirectory": "./client/plugins",
"Plugins": {
"mattermost-ai": {
"config": {
"allowPrivateChannels": false,
"allowedTeamIDs": "",
"bots": null,
"defaultBotName": "",
"enableLLMTrace": false,
"enableUserRestrictions": false,
"onlyUsersOnTeam": "",
"services": null,
"transcriptBackend": ""
}
},
"playbooks": {
"BotUserID": "d1a1xx1r7jyt8ca8mg1iqpgd3h"
}
},
"PluginStates": {
"com.mattermost.calls": {
"Enable": true
},
"com.mattermost.nps": {
"Enable": true
},
"mattermost-ai": {
"Enable": true
},
"playbooks": {
"Enable": true
}
},
"EnableMarketplace": true,
"EnableRemoteMarketplace": true,
"AutomaticPrepackagedPlugins": true,
"RequirePluginSignature": false,
"MarketplaceURL": "https://api.integrations.mattermost.com",
"SignaturePublicKeyFiles": [],
"ChimeraOAuthProxyURL": ""
},
"DisplaySettings": {
"CustomURLSchemes": [],
"MaxMarkdownNodes": 0
},
"GuestAccountsSettings": {
"Enable": false,
"HideTags": false,
"AllowEmailAccounts": true,
"EnforceMultifactorAuthentication": false,
"RestrictCreationToDomains": ""
},
"ImageProxySettings": {
"Enable": false,
"ImageProxyType": "local",
"RemoteImageProxyURL": "",
"RemoteImageProxyOptions": ""
},
"CloudSettings": {
"CWSURL": "https://customers.mattermost.com",
"CWSAPIURL": "https://api.internal.test.cloud.mattermost.com",
"CWSMock": false,
"Disable": false
},
"ImportSettings": {
"Directory": "./import",
"RetentionDays": 30
},
"ExportSettings": {
"Directory": "./export",
"RetentionDays": 30
},
"WranglerSettings": {
"PermittedWranglerRoles": [],
"AllowedEmailDomain": [],
"MoveThreadMaxCount": 100,
"MoveThreadToAnotherTeamEnable": false,
"MoveThreadFromPrivateChannelEnable": false,
"MoveThreadFromDirectMessageChannelEnable": false,
"MoveThreadFromGroupMessageChannelEnable": false
},
"ConnectedWorkspacesSettings": {
"EnableSharedChannels": false,
"EnableRemoteClusterService": false,
"DisableSharedChannelsStatusSync": false,
"MaxPostsPerSync": 50
},
"CoopCloudManaged": {
}
}

8
entrypoint.sh
View File

@ -15,5 +15,11 @@ else
exit 1 exit 1
fi fi
# If the default Mattermost config hasn't already been replaced
# by the templated config this recipe generates, replace it
if ! test -f "/mattermost/config/CoopCloudManaged"; then
cp /config-to-copy.json /mattermost/config/config.json && touch /mattermost/config/CoopCloudManaged
fi
# https://github.com/mattermost/mattermost-server/blob/master/build/Dockerfile # https://github.com/mattermost/mattermost-server/blob/master/build/Dockerfile
/entrypoint.sh "mattermost" /entrypoint.sh "mattermost"

12
gitlab_config_patch.json.tmpl Normal file
View File

@ -0,0 +1,12 @@
{
"Enable": true,
"Secret": "${MATTERMOST_SSO_SECRET}",
"Id": "${SSO_ID}",
"Scope": "",
"AuthEndpoint": "https://${SSO_DOMAIN}/application/o/authorize/",
"TokenEndpoint": "https://${SSO_DOMAIN}/application/o/token/",
"UserAPIEndpoint": "https://${SSO_DOMAIN}/application/o/userinfo/",
"DiscoveryEndpoint": "https://${SSO_DOMAIN}/application/o/${SSO_APP}/.well-known/openid-configuration",
"ButtonText": "${ORG_NAME}",
"ButtonColor": "#ff0000"
}