From e2fb7b4df42b77f20e6c595614b89f0f8cf78b2b Mon Sep 17 00:00:00 2001 From: Dmitry Voronin Date: Sat, 19 Oct 2024 04:23:28 +0300 Subject: [PATCH] Chat: Add Mattermost container for possible use later. --- container/Chat.nix | 81 ++++++++++++++++++++++++++++ container/Postgres.nix | 1 + container/proxy/host/Chat.nix | 28 ++++++++++ host/x86_64-linux/home/Container.nix | 1 + 4 files changed, 111 insertions(+) create mode 100644 container/Chat.nix create mode 100644 container/proxy/host/Chat.nix diff --git a/container/Chat.nix b/container/Chat.nix new file mode 100644 index 0000000..b34abf1 --- /dev/null +++ b/container/Chat.nix @@ -0,0 +1,81 @@ +{ + container, + lib, + config, + pkgs, + ... +}: +let + cfg = config.container.module.chat; + db = config.container.module.postgres; +in +{ + options = { + container.module.chat = { + enable = lib.mkEnableOption "chat container."; + address = lib.mkOption { + default = "10.1.0.20"; + type = lib.types.str; + }; + port = lib.mkOption { + default = 8065; + type = lib.types.int; + }; + domain = lib.mkOption { + default = "chat.${config.container.domain}"; + type = lib.types.str; + }; + storage = lib.mkOption { + default = "${config.container.storage}/chat"; + type = lib.types.str; + }; + }; + }; + + # WIP: https://search.nixos.org/options?channel=24.05&from=0&size=50&sort=relevance&type=packages&query=mattermost + config = lib.mkIf cfg.enable { + systemd.tmpfiles.rules = container.mkContainerDir cfg [ "data" ]; + + containers.chat = container.mkContainer cfg { + bindMounts = { + "/var/lib/mattermost" = { + hostPath = "${cfg.storage}/data"; + isReadOnly = false; + }; + }; + + config = + { ... }: + container.mkContainerConfig cfg { + services.mattermost = { + enable = true; + listenAddress = ":${toString cfg.port}"; + localDatabaseCreate = false; + mutableConfig = false; + package = pkgs.mattermost; + siteName = "Chat"; + siteUrl = "https://${cfg.domain}"; + statePath = "/var/lib/mattermost"; + plugins = + let + calls = + let + version = "1.2.0"; + in + pkgs.fetchurl { + url = "https://github.com/mattermost/mattermost-plugin-calls/releases/download/v${version}/mattermost-plugin-calls-v${version}.tar.gz"; + hash = "sha256-yQGBpBPgXxC+Pm6dHlbwlNEdvn6wg9neSpNNTC4YYAA="; + }; + in + [ calls ]; + extraConfig = { + SqlSettings = { + DataSource = "postgres://mattermost:any@${db.address}:${toString db.port}/mattermost?sslmode=disable&connect_timeout=10"; + DriverName = "postgres"; + }; + }; + }; + }; + }; + }; +} diff --git a/container/Postgres.nix b/container/Postgres.nix index 6939e17..afd5c06 100644 --- a/container/Postgres.nix +++ b/container/Postgres.nix @@ -48,6 +48,7 @@ in configurations = with config.container.module; { forgejo = git; invidious = yt; + mattermost = chat; nextcloud = cloud; onlyoffice = office; paperless = paper; diff --git a/container/proxy/host/Chat.nix b/container/proxy/host/Chat.nix new file mode 100644 index 0000000..eccbe2c --- /dev/null +++ b/container/proxy/host/Chat.nix @@ -0,0 +1,28 @@ +{ config, container, ... }: +let + cfg = config.container.module.chat; + name = "chat"; +in +{ + ${cfg.domain} = container.mkServer { + extraConfig = '' + listen 443 ssl; + set ''$${name} ${cfg.address}:${toString cfg.port}; + + location / { + allow ${config.container.localAccess}; + allow ${config.container.module.status.address}; + allow ${config.container.module.vpn.address}; + allow ${config.container.module.frkn.address}; + deny all; + + proxy_pass http://''$${name}$request_uri; + } + + ssl_certificate /etc/letsencrypt/live/${config.container.domain}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/${config.container.domain}/privkey.pem; + include /etc/letsencrypt/conf/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; + ''; + }; +} diff --git a/host/x86_64-linux/home/Container.nix b/host/x86_64-linux/home/Container.nix index 3499d6f..7a6c61c 100644 --- a/host/x86_64-linux/home/Container.nix +++ b/host/x86_64-linux/home/Container.nix @@ -7,6 +7,7 @@ module = { # ISSUE: hdd.enable = true; change.enable = true; + chat.enable = true; cloud.enable = true; ddns.enable = true; dns.enable = true;