PUID and GUID

README.md

@@ -42,6 +42,8 @@ Within Mistborn is a panel to enable and manage these free extra services (off b
 - [Jellyfin](https://jellyfin.org): The Free Media Software System.
 - [Tor](https://www.torproject.org): The Onion Router. One tool in the arsenal of online security and privacy.
 - [Jitsi](https://jitsi.org): Multi-platform open-source video conferencing
+- [Mattermost](https://mattermost.com/): A flexible, open source messaging platform that enables secure team collaboration
+
 
 # Quickstart
 Tested Operating Systems (in order of thoroughness):
@@ -260,6 +262,7 @@ Mistborn uses the following domains (that can be reached by all Wireguard client
 | Syncthing | syncthing.mistborn | Off |
 | OnlyOffice | onlyoffice.mistborn | Off |
 | Jitsi | jitsi.mistborn | Off |
+| Mattermost | mattermost.mistborn | Off |
 
 # Default Credentials
 These are the default credentials to use in the services you choose to use:
@@ -317,6 +320,7 @@ But wait, there's more! You can:
 | Jellyfin       | [Jellyfin](https://play.google.com/store/apps/details?id=org.jellyfin.mobile)                      | [Jellyfin](https://apps.apple.com/us/app/jellyfin-mobile/id1480192618)             |
 | Home Assistant | [Home Assistant](https://play.google.com/store/apps/details?id=io.homeassistant.companion.android) |                                                                                    |
 | Rocket.Chat    | [Rocket.Chat](https://play.google.com/store/apps/details?id=chat.rocket.android)                   | [Rocket.Chat](https://apps.apple.com/us/app/rocket-chat/id1148741252)              |
+| Mattermost     | [Mattermost](https://play.google.com/store/apps/details?id=com.mattermost.rn)                      | [Mattermost](https://apps.apple.com/us/app/mattermost/id1257222717)                |
 
 ## TLS Certificate
 Some apps require TLS (HTTPS). All traffic to Mistborn domains already occurs over Wireguard but to keep apps running, a TLS certificate exists for Mistborn and can be imported into your device's trusted credentials in the security settings. This certificate is checked every day and will be re-generated when expiration is less than 30 days away.

extra/mattermost.yml

@@ -0,0 +1,88 @@
+version: "3"
+
+services:
+
+  db:
+    #build:
+    #  context: ../compose/production/mattermost/db
+    image: mattermost/mattermost-prod-db
+    read_only: true
+    restart: unless-stopped
+    volumes:
+      - ../../mistborn_volumes/extra/mattermost/db/var/lib/postgresql/data:/var/lib/postgresql/data
+      - /etc/localtime:/etc/localtime:ro
+    #environment:
+    #  - POSTGRES_USER=mmuser
+    #  - POSTGRES_PASSWORD=mmuser_password
+    #  - POSTGRES_DB=mattermost
+    # uncomment the following to enable backup
+    #  - AWS_ACCESS_KEY_ID=XXXX
+    #  - AWS_SECRET_ACCESS_KEY=XXXX
+    #  - WALE_S3_PREFIX=s3://BUCKET_NAME/PATH
+    #  - AWS_REGION=us-east-1
+
+  app:
+    #build:
+    #  context: ../compose/production/mattermost/app
+    #  # uncomment following lines for team edition or change UID/GID
+    #  args:
+    #    - edition=team
+    #    - PUID=1000
+    #    - PGID=1000
+    image: mattermost/mattermost-team-edition
+    restart: unless-stopped
+    volumes:
+      - ../../mistborn_volumes/extra/mattermost/app/mattermost/config:/mattermost/config:rw
+      - ../../mistborn_volumes/extra/mattermost/app/mattermost/data:/mattermost/data:rw
+      - ../../mistborn_volumes/extra/mattermost/app/mattermost/logs:/mattermost/logs:rw
+      - ../../mistborn_volumes/extra/mattermost/app/mattermost/plugins:/mattermost/plugins:rw
+      - ../../mistborn_volumes/extra/mattermost/app/mattermost/client-plugins:/mattermost/client/plugins:rw
+      - /etc/localtime:/etc/localtime:ro
+      # When you want to use SSO with GitLab, you have to add the cert pki chain of GitLab inside Alpine
+      # to avoid Token request failed: certificate signed by unknown authority (link: https://github.com/mattermost/mattermost-server/issues/13059)
+      # - <path_to_your_gitlab_pki>/pki_chain.pem:/etc/ssl/certs/pki_chain.pem:ro
+    environment:
+    #  # set same as db credentials and dbname
+    #  #- MM_USERNAME=mmuser
+    #  #- MM_PASSWORD=mmuser_password
+    #  #- MM_DBNAME=mattermost
+
+    #  # use the credentials you've set above, in the format:
+    #  # MM_SQLSETTINGS_DATASOURCE=postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10
+    #  #- MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:mmuser_password@db:5432/mattermost?sslmode=disable&connect_timeout=10
+      - MM_SQLSETTINGS_DATASOURCE=postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10
+      - PUID=2000
+      - GUID=2000
+
+    #  # in case your config is not in default location
+    #  #- MM_CONFIG=/mattermost/config/config.json
+
+  web:
+    #build:
+    #  context: ../compose/production/mattermost/web
+    image: mattermost/mattermost-prod-web
+    #ports:
+    #  - "80:80"
+    #  - "443:443"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.mattermost-http.rule=Host(`mattermost.mistborn`)"
+      - "traefik.http.routers.mattermost-http.entrypoints=web"
+      - "traefik.http.routers.mattermost-http.middlewares=mistborn_auth@file"
+      - "traefik.http.routers.mattermost-https.rule=Host(`mattermost.mistborn`)"
+      - "traefik.http.routers.mattermost-https.entrypoints=websecure"
+      - "traefik.http.routers.mattermost-https.middlewares=mistborn_auth@file"
+      - "traefik.http.routers.mattermost-https.tls.certresolver=basic"
+      - "traefik.http.services.mattermost-service.loadbalancer.server.port=80"
+    read_only: true
+    restart: unless-stopped
+    volumes:
+      # This directory must have cert files if you want to enable SSL
+      #- ./volumes/web/cert:/cert:ro
+      - /etc/localtime:/etc/localtime:ro
+
+networks:
+  default:
+    external:
+      name: mistborn_default
+  

scripts/services/Mistborn-base.service

@@ -12,7 +12,7 @@ PermissionsStartOnly=true
 EnvironmentFile=/opt/mistborn/.env
 ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml down
 
-ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build
+#ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/base.yml build
 ExecStartPre=-/sbin/ip address add 10.2.3.1/30 dev DIFACE
 ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p udp --dport 53 -j MISTBORN_LOG_DROP
 ExecStartPre=/sbin/iptables -w -I DOCKER-USER -i DIFACE -p tcp --dport 53 -j MISTBORN_LOG_DROP

scripts/services/Mistborn-mattermost.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=Mistborn Mattermost Service
+Requires=Mistborn-base.service
+After=Mistborn-base.service
+
+[Service]
+Restart=always
+User=root
+Group=docker
+PermissionsStartOnly=true
+# Shutdown container (if running) when unit is stopped
+ExecStartPre=/usr/local/bin/docker-compose -f /opt/mistborn/extra/mattermost.yml down
+
+# Start container when unit is started
+ExecStart=/usr/local/bin/docker-compose --env-file /opt/mistborn/.envs/.production/.mattermost -f /opt/mistborn/extra/mattermost.yml up --build
+# Stop container when unit is stopped
+ExecStop=/usr/local/bin/docker-compose -f /opt/mistborn/extra/mattermost.yml down
+# Post stop
+
+[Install]
+WantedBy=multi-user.target

scripts/subinstallers/gen_prod_env.sh

@@ -78,3 +78,11 @@ sed -i "s/JVB_AUTH_PASSWORD.*/JVB_AUTH_PASSWORD=$(python3 -c "import secrets; im
 sed -i "s/JIGASI_XMPP_PASSWORD.*/JIGASI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
 sed -i "s/JIBRI_RECORDER_PASSWORD.*/JIBRI_RECORDER_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
 sed -i "s/JIBRI_XMPP_PASSWORD.*/JIBRI_XMPP_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")/" "$JITSI_PROD_FILE"
+
+# Mattermost
+MATTERMOST_PROD_FILE="./.envs/.production/.mattermost"
+echo "MM_USERNAME=mmuser" > $MATTERMOST_PROD_FILE
+echo "MM_PASSWORD=$1" >> $MATTERMOST_PROD_FILE
+echo "MM_DBNAME=mattermost" >> $MATTERMOST_PROD_FILE
+POSTGRES_PASSWORD=$(python3 -c "import secrets; import string; print(f''.join([secrets.choice(string.ascii_letters+string.digits) for x in range(32)]))")
+echo "POSTGRES_PASSWORD=$POSTGRES_PASSWORD" >> $MATTERMOST_PROD_FILE