From 428b5d6503a8a0b091eebe873475043b70f6948a Mon Sep 17 00:00:00 2001 From: Someone Date: Fri, 4 Oct 2024 13:42:44 +0200 Subject: [PATCH] [roles/service/mattermost] setup mattermost service --- roles/service/mattermost/defaults/main.yml | 23 +++ .../files/default/mattermost.service | 27 +++ roles/service/mattermost/tasks/main.yml | 184 ++++++++++++++++++ .../templates/default/config.json.j2 | 67 +++++++ .../vars/default/vars_nginx_vhost_custom.yml | 107 ++++++++++ 5 files changed, 408 insertions(+) create mode 100644 roles/service/mattermost/defaults/main.yml create mode 100644 roles/service/mattermost/files/default/mattermost.service create mode 100644 roles/service/mattermost/tasks/main.yml create mode 100644 roles/service/mattermost/templates/default/config.json.j2 create mode 100644 roles/service/mattermost/vars/default/vars_nginx_vhost_custom.yml diff --git a/roles/service/mattermost/defaults/main.yml b/roles/service/mattermost/defaults/main.yml new file mode 100644 index 0000000..fcc25ad --- /dev/null +++ b/roles/service/mattermost/defaults/main.yml @@ -0,0 +1,23 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +# If not overridden in inventory or as a parameter, this is the value that will be used +# +--- +mattermost_download_url: "https://releases.mattermost.com/9.11.1/mattermost-9.11.1-linux-amd64.tar.gz" +mattermost_download_checksum: "sha256:16045928a8828643228ec533fce998c5347f991679f551a42fe88dba5f240d96" + +mattermost_homedir: "/srv/mattermost" + +mattermost_domain: "mattermost.localhost" +mattermost_db_host_port: "127.0.0.1:5432" +mattermost_db_name: "mattermost" + +# must set. +#mattermost_db_pw: "" +#mattermost_admin_user: "admin" +#mattermost_admin_user_email: "" +#mattermost_admin_user_pw: "initial-Pw1" diff --git a/roles/service/mattermost/files/default/mattermost.service b/roles/service/mattermost/files/default/mattermost.service new file mode 100644 index 0000000..7f32102 --- /dev/null +++ b/roles/service/mattermost/files/default/mattermost.service @@ -0,0 +1,27 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +[Unit] +Description=Mattermost server +After=network.target +OnFailure=unit-status-mail@%n.service + +[Service] +Type=notify +ExecStart=/srv/mattermost/server/bin/mattermost +TimeoutStartSec=600 +TimeoutStopSec=15 +Restart=always +RestartSec=10 +WorkingDirectory=/srv/mattermost/server/ +User=mattermost +Group=mattermost +LimitNOFILE=49152 + +[Install] +WantedBy=multi-user.target diff --git a/roles/service/mattermost/tasks/main.yml b/roles/service/mattermost/tasks/main.yml new file mode 100644 index 0000000..b3cf7d7 --- /dev/null +++ b/roles/service/mattermost/tasks/main.yml @@ -0,0 +1,184 @@ +##################################### +### someone"s ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +# its not supported to run multiple mattestmost instances on one host. +# +--- +- name: create mattermost user + user: + name: "mattermost" + home: "{{mattermost_homedir}}" + shell: "/bin/zsh" + system: yes + state: present + + +- name: create mattermost homedir + file: + path: "{{mattermost_homedir}}" + state: directory + mode: 0710 + owner: "mattermost" + group: "mattermost" + + +- name: create mattermost data-dir + file: + path: "{{mattermost_homedir}}/data" + state: directory + mode: 0750 + owner: "mattermost" + group: "mattermost" + + +#- name: create postgres-db and user +# include_role: +# name: util/postgres-db-usr +# vars: +# pg_data: +# dbname: "{{mattermost_db_name}}" +# pw: "{{mattermost_db_pw}}" +# when: mattermost_db_create | default('True') | bool + + +- name: include vars_nginx_vhost_custom + include_vars: + file: "{{item}}" + name: vars_nginx_vhost_custom + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vars_nginx_vhost_custom.yml" + - "default/vars_nginx_vhost_custom.yml" + + +- name: configure mattermost vhost + include_role: + name: server/nginx/vhost-unified + vars: + vhost_type: "custom" + vhost_name: "{{mattermost_domain}}" + vhost_awstats_valid_http_codes: "200 304 101" + vhost_custom: + vhost_custom_pre_server: "{{vars_nginx_vhost_custom.vhost_custom_pre_server}}" + vhost_custom: "{{vars_nginx_vhost_custom.vhost_custom}}" + + +- name: copy mattermost.service to /etc/systemd/system/ + copy: + src: "{{item}}" + dest: "/etc/systemd/system/mattermost.service" + mode: 0644 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/mattermost.service" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/mattermost.service" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/mattermost.service" + - "default/mattermost.service" + + +- name: download mattermost release and check checksums + get_url: + url: "{{mattermost_download_url}}" + dest: "{{mattermost_homedir}}/server.tar.gz" + mode: 0640 + owner: "mattermost" + group: "mattermost" + checksum: "{{mattermost_download_checksum}}" + timeout: 30 + tags: "online" + register: download + + +- name: extract and update/install mattermost + block: + - name: stop mattermost.service + systemd: + name: mattermost.service + daemon_reload: yes + state: stopped + + + - name: remove old server files + file: + path: "{{mattermost_homedir}}/server.old" + state: absent + + + - name: limit access to current server files + file: + path: "{{mattermost_homedir}}/server" + state: directory + mode: 0700 + owner: "mattermost" + group: "mattermost" + + + - name: move current server files away + command: "mv {{mattermost_homedir}}/server {{mattermost_homedir}}/server.old" + + + - name: create new server files dir, because unarchive fails to do so + file: + path: "{{mattermost_homedir}}/server" + state: directory + mode: 0750 + owner: "mattermost" + group: "mattermost" + + + - name: extract mattermost files + unarchive: + src: "{{mattermost_homedir}}/server.tar.gz" + dest: "{{mattermost_homedir}}/server" + remote_src: yes + mode: "u=rwX,g=rX,o-rwx" + owner: "mattermost" + group: "mattermost" + extra_opts: + - '--strip-components=1' + - '--show-stored-names' + + + - name: reuse existing config file + command: "mv {{mattermost_homedir}}/server.old/config/config.json {{mattermost_homedir}}/server/config/config.json" + register: config_copy + ignore_errors: yes + + + - name: template new config.json + template: + src: "{{item}}" + dest: "{{mattermost_homedir}}/server/config/config.json" + mode: 0640 + owner: "mattermost" + group: "mattermost" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/config.json.j2" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/config.json.j2" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/config.json.j2" + - "default/config.json.j2" + when: config_copy.failed + + + - name: enable and restart mattermost.service + include_role: name="base/systemd/enable-and-start" + vars: + service_name: mattermost.service + service_state: restarted + + + - name: create mattermost admin user + become: true + become_user: "mattermost" + shell: "bin/mattermost user create --system_admin --username {{mattermost_admin_user | quote}} --email {{mattermost_admin_user_email | quote}} --password {{mattermost_admin_user_pw | quote}} || true" + args: + chdir: "{{mattermost_homedir}}/server" + register: script_res + changed_when: "'An account with that email already exists' not in script_res.stdout" + + when: download.changed diff --git a/roles/service/mattermost/templates/default/config.json.j2 b/roles/service/mattermost/templates/default/config.json.j2 new file mode 100644 index 0000000..923b23d --- /dev/null +++ b/roles/service/mattermost/templates/default/config.json.j2 @@ -0,0 +1,67 @@ +{ + "ServiceSettings": { + "SiteURL": "https://{{mattermost_domain}}", + "AllowedUntrustedInternalConnections": "localhost {{mattermost_domain}}", + "EnablePostIconOverride": true, + "EnableLinkPreviews": true, + "EnableSecurityFixAlert": false, + "EnableMultifactorAuthentication": true, + "EnableCustomEmoji": true, + "EnableLocalMode": true, + "LocalModeSocketLocation": "/var/tmp/mattermost_local.socket" + }, + "TeamSettings": { + "MaxUsersPerTeam": 5000, + "RestrictDirectMessage": "team", + "MaxChannelsPerTeam": 5000 + }, + "SqlSettings": { + "DriverName": "postgres", + "DataSource": "postgres://{{mattermost_db_name}}:{{mattermost_db_pw}}@{{mattermost_db_host_port}}/{{mattermost_db_name}}?connect_timeout=10", + "MaxIdleConns": 2, + "MaxOpenConns": 16 + }, + "LogSettings": { + "EnableConsole": true, + "ConsoleLevel": "INFO", + "ConsoleJson": false, + "EnableFile": false, + "FileLevel": "INFO", + "FileJson": false, + "FileLocation": "", + "EnableWebhookDebugging": false, + "EnableDiagnostics": false + }, + "FileSettings": { + "MaxFileSize": 524288000, + "Directory": "../data/" + }, + "EmailSettings": { + "UseChannelInEmailNotifications": true, + "RequireEmailVerification": true, + "SMTPPort": "25", + "SendPushNotifications": true, + "PushNotificationServer": "https://push-test.mattermost.com", + "EnableEmailBatching": true + }, + "PrivacySettings": { + "ShowEmailAddress": false + }, + "MetricsSettings": { + "Enable": false + }, + "DataRetentionSettings": { + "EnableMessageDeletion": false, + "EnableFileDeletion": false + }, + "JobSettings": { + "RunJobs": true, + "RunScheduler": true + }, + "PluginSettings": { + "Enable": false, + "EnableUploads": false, + "EnableMarketplace": false, + "EnableRemoteMarketplace": false + } +} diff --git a/roles/service/mattermost/vars/default/vars_nginx_vhost_custom.yml b/roles/service/mattermost/vars/default/vars_nginx_vhost_custom.yml new file mode 100644 index 0000000..115c83f --- /dev/null +++ b/roles/service/mattermost/vars/default/vars_nginx_vhost_custom.yml @@ -0,0 +1,107 @@ +##################################### +### someone"s ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +vhost_custom_pre_server: |- + upstream backend { + server localhost:8065; + keepalive 32; + } + +vhost_custom: |- + # MM-Hack: https://.../@user -> redirect to "default"-team and @user message + #location ~ ^/@(.*)$ { return 301 /somenet/messages/$request_uri; } + + + # websocket + location ~ ^/api/v[0-9]+/(users/)?websocket$ { + gzip on; + gzip_types "*"; + gzip_proxied any; + gzip_comp_level 5; + proxy_set_header Accept-Encoding ""; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_connect_timeout 90; + proxy_send_timeout 300; + proxy_read_timeout 90s; + proxy_http_version 1.1; + proxy_buffers 256 16k; + proxy_buffer_size 16k; + client_max_body_size 50M; + client_body_timeout 60; + send_timeout 300; + lingering_timeout 5; + proxy_pass http://backend; + } + + + # api + location ~ /api/ { + if (-f /var/www/maintenance.html) { + return 503; + } + + gzip on; + gzip_types "*"; + gzip_proxied any; + gzip_comp_level 5; + proxy_set_header Accept-Encoding ""; + + proxy_set_header Connection ""; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_read_timeout 600s; + proxy_buffers 256 16k; + proxy_buffer_size 16k; + client_max_body_size 1024M; + proxy_http_version 1.1; + proxy_pass http://backend; + } + + + # static files + everything else + location / { + if (-f /var/www/maintenance.html) { + return 503; + } + + gzip on; + gzip_types "*"; + gzip_proxied any; + gzip_comp_level 5; + proxy_set_header Accept-Encoding ""; + + proxy_set_header Connection ""; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Frame-Options SAMEORIGIN; + proxy_read_timeout 600s; + proxy_buffers 256 16k; + proxy_buffer_size 16k; + client_max_body_size 1024M; + proxy_http_version 1.1; + proxy_pass http://backend; + + # + sub_filter '' ''; + sub_filter 'Mattermost' 'SomeNet Mattermost Chat'; + sub_filter_last_modified on; + sub_filter_once off; + #sub_filter_types text/html; + # + } -- 2.43.0