Working docker-compose.yml

.drone.yml

@@ -0,0 +1,56 @@
+---
+kind: pipeline
+name: deploy to swarm-test.autonomic.zone
+steps:
+  - name: deployment
+    image: decentral1se/stack-ssh-deploy:latest
+    settings:
+      host: swarm-test.autonomic.zone
+      stack: mattermost
+      purge: true
+      deploy_key:
+        from_secret: drone_ssh_swarm_test
+    environment:
+      DOMAIN: mattermost.swarm-test.autonomic.zone
+      LETS_ENCRYPT_ENV: production
+
+  - name: notify coopcloud-dev on failure
+    image: plugins/matrix
+    settings:
+      homeserver: https://matrix.autonomic.zone
+      roomid: "IFazIpLtxiScqbHqoa:autonomic.zone"
+      userid: "@autono-bot:autonomic.zone"
+      accesstoken:
+        from_secret: autono_bot_access_token
+    depends_on:
+    - deployment
+  when:
+    status:
+      - failure
+trigger:
+  branch:
+    - main
+
+---
+kind: pipeline
+name: recipe release
+steps:
+  - name: release a new version
+    image: decentral1se/drone-abra:latest
+    settings:
+      command: recipe mattermost release
+      deploy_key:
+        from_secret: abra_bot_deploy_key
+
+  - name: trigger downstream builds
+    image: plugins/downstream
+    settings:
+      server: https://drone.autonomic.zone
+      token:
+        from_secret: decentral1se_token
+      fork: true
+      repositories:
+        - coop-cloud/auto-apps-json
+    depends_on:
+      - release a new version
+on

.env.example

@@ -0,0 +1,81 @@
+# Domain of service
+DOMAIN=mm.example.com
+
+# Container settings
+## Timezone inside the containers. The value needs to be in the form 'Europe/Berlin'.
+## A list of these tz database names can be looked up at Wikipedia
+## https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+TZ=UTC
+RESTART_POLICY=unless-stopped
+
+# Postgres settings
+## Documentation for this image and available settings can be found on hub.docker.com
+## https://hub.docker.com/_/postgres
+## Please keep in mind this will create a superuser and it's recommended to use a less privileged
+## user to connect to the database.
+## A guide on how to change the database user to a nonsuperuser can be found in docs/creation-of-nonsuperuser.md
+POSTGRES_IMAGE_TAG=13-alpine
+POSTGRES_DATA_PATH=./volumes/db/var/lib/postgresql/data
+
+POSTGRES_USER=mmuser
+POSTGRES_PASSWORD=mmuser_password
+POSTGRES_DB=mattermost
+
+# Nginx
+## The nginx container will use a configuration found at the NGINX_MATTERMOST_CONFIG. The config aims
+## to be secure and uses a catch-all server vhost which will work out-of-the-box. For additional settings
+## or changes ones can edit it or provide another config. Important note: inside the container, nginx sources
+## every config file inside */etc/nginx/conf.d* ending with a *.conf* file extension.
+
+## Inside the container the uid and gid is 101. The folder owner can be set with
+## `sudo chown -R 101:101 ./nginx` if needed.
+NGINX_IMAGE_TAG=alpine
+
+## The folder containing server blocks and any additional config to nginx.conf
+NGINX_CONFIG_PATH=./nginx/conf.d
+NGINX_DHPARAMS_FILE=./nginx/dhparams4096.pem
+
+CERT_PATH=./volumes/web/cert/cert.pem
+KEY_PATH=./volumes/web/cert/key-no-password.pem
+#GITLAB_PKI_CHAIN_PATH=<path_to_your_gitlab_pki>/pki_chain.pem
+#CERT_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/fullchain.pem
+#KEY_PATH=./certs/etc/letsencrypt/live/${DOMAIN}/privkey.pem
+
+## Exposed ports to the host. Inside the container 80 and 443 will be used
+HTTPS_PORT=443
+HTTP_PORT=80
+
+# Mattermost settings
+## Inside the container the uid and gid is 2000. The folder owner can be set with
+## `sudo chown -R 2000:2000 ./volumes/app/mattermost`.
+MATTERMOST_CONFIG_PATH=./volumes/app/mattermost/config
+MATTERMOST_DATA_PATH=./volumes/app/mattermost/data
+MATTERMOST_LOGS_PATH=./volumes/app/mattermost/logs
+MATTERMOST_PLUGINS_PATH=./volumes/app/mattermost/plugins
+MATTERMOST_CLIENT_PLUGINS_PATH=./volumes/app/mattermost/client/plugins
+
+## This will be 'mattermost-enterprise-edition' or 'mattermost-team-edition' based on the version of Mattermost you're installing.
+MATTERMOST_IMAGE=mattermost-enterprise-edition
+MATTERMOST_IMAGE_TAG=5.39
+
+## Make Mattermost container readonly. This interferes with the regeneration of root.html inside the container. Only use
+## it if you know what you're doing.
+## See https://github.com/mattermost/docker/issues/18
+MATTERMOST_CONTAINER_READONLY=false
+
+## The app port is only relevant for using Mattermost without the nginx container as reverse proxy. This is not meant
+## to be used with the internal HTTP server exposed but rather in case one wants to host several services on one host
+## or for using it behind another existing reverse proxy.
+APP_PORT=8065
+
+## Configuration settings for Mattermost. Documentation on the variables and the settings itself can be found at
+## https://docs.mattermost.com/administration/config-settings.html
+## Keep in mind that variables set here will take precedence over the same setting in config.json. This includes
+## the system console as well and settings set with env variables will be greyed out.
+
+## Below one can find necessary settings to spin up the Mattermost container
+MM_SQLSETTINGS_DRIVERNAME=postgres
+MM_SQLSETTINGS_DATASOURCE=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable&connect_timeout=10
+
+## Example settings (any additional setting added here also needs to be introduced in the docker-compose.yml)
+MM_SERVICESETTINGS_SITEURL=https://${DOMAIN}

.env.sample

@@ -0,0 +1,8 @@
+TYPE=mattermost
+
+DOMAIN=mattermost.example.com
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.mattermost.example.com`'
+LETS_ENCRYPT_ENV=production
+on

.gitignore

@@ -0,0 +1,6 @@
+.envrc
+.env
+reference
+deploy.sh
+run.sh
+.idea

docker-compose.yml

@@ -0,0 +1,78 @@
+version: "3.8"
+
+services:
+  postgres:
+    image: postgres:${POSTGRES_IMAGE_TAG}
+    restart: ${RESTART_POLICY}
+    security_opt:
+      - no-new-privileges:true
+    tmpfs:
+      - /tmp
+      - /var/run/postgresql
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    environment:
+      # timezone inside container
+      - TZ
+
+      # necessary Postgres options/variables
+      - POSTGRES_USER
+      - POSTGRES_PASSWORD
+      - POSTGRES_DB
+    networks:
+      - internal
+
+  mattermost:
+    image: mattermost/${MATTERMOST_IMAGE}:${MATTERMOST_IMAGE_TAG}
+    restart: ${RESTART_POLICY}
+    security_opt:
+      - no-new-privileges:true
+    read_only: ${MATTERMOST_CONTAINER_READONLY}
+    tmpfs:
+      - /tmp
+    volumes:
+      - mattermost_config:/mattermost/config:rw
+      - mattermost_data:/mattermost/data:rw
+      - mattermost_logs:/mattermost/logs:rw
+      - mattermost_plugins:/mattermost/plugins:rw
+      - mattermost_client_plugins:/mattermost/client/plugins:rw
+    environment:
+      # timezone inside container
+      - TZ
+
+      # necessary Mattermost options/variables (see env.example)
+      - MM_SQLSETTINGS_DRIVERNAME
+      - MM_SQLSETTINGS_DATASOURCE
+
+      # additional settings
+      - MM_SERVICESETTINGS_SITEURL
+    ports:
+      - ${APP_PORT}:8065
+    networks:
+      - proxy
+      - internal
+    deploy:
+      labels:
+        - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+
+networks:
+  proxy:
+    external: true
+  internal:
+
+volumes:
+  postgres_data:
+  mattermost_config:
+  mattermost_data:
+  mattermost_logs:
+  mattermost_plugins:
+  mattermost_client_plugins:
+