Add mattermost service

containers/mattermost/tasks.yml

@@ -0,0 +1,175 @@
+# code: language=ansible
+
+---
+- hosts: all
+  name: Mattermost server
+  tasks:
+    - name: Stop running containers
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        state: stopped
+      loop:
+        - mattermost
+        - db_mattermost
+      failed_when: false
+
+    - name: Create podman volumes
+      containers.podman.podman_volume:
+        state: present
+        name: "{{ item }}"
+      become_user: containers
+      become: true
+      loop:
+        - mattermost-config
+        - mattermost-data
+        - mattermost-logs
+        - mattermost-plugins
+        - mattermost-clientplugins
+        - mattermost-bleveindexes
+        - mattermost-db
+
+    - name: Create podman networks
+      containers.podman.podman_network:
+        name: "{{ item }}"
+        recreate: false
+        state: "present"
+      become_user: containers
+      become: true
+      loop:
+        - traefik-mattermost
+        - postgres-mattermost
+
+    - name: Pull container images
+      become_user: containers
+      become: true
+      containers.podman.podman_image:
+        name: docker.io/{{ item }}
+      loop:
+        - mattermost/mattermost-team-edition:release-10
+        - postgres:13-alpine
+
+    - name: Create postgres instance
+      become_user: containers
+      become: true
+      containers.podman.podman_container:
+        name: db_mattermost
+        image: docker.io/postgres:13-alpine
+        state: present
+        volume:
+          - mattermost-db:/var/lib/postgresql/data/pgdata:Z
+        network:
+          - postgres-mattermost
+        env:
+          POSTGRES_DB: "{{ vault_mattermost_db_database }}"
+          POSTGRES_USER: "{{ vault_mattermost_db_user }}"
+          POSTGRES_PASSWORD: "{{ vault_mattermost_db_password }}"
+          PGDATA: /var/lib/postgresql/data/pgdata
+          TZ: "{{ vault_timezone }}"
+        security_opt:
+          - no-new-privileges=true
+        pids_limit: "100"
+        read_only: true
+        tmpfs:
+          "/tmp": "rw"
+          "/var/run/postgresql": "rw"
+        generate_systemd:
+          path: /home/containers/.config/systemd/user/
+          restart_policy: on-failure
+          names: true
+          new: true
+
+    - name: Add a mattermost container
+      become_user: containers
+      become: true
+      containers.podman.podman_container:
+        name: mattermost
+        image: docker.io/mattermost/mattermost-team-edition:release-10
+        state: present
+        network:
+          - traefik-mattermost
+          - postgres-mattermost
+        volume:
+          - mattermost-config:/mattermost/config:Z
+          - mattermost-data:/mattermost/data:Z
+          - mattermost-logs:/mattermost/logs:Z
+          - mattermost-plugins:/mattermost/plugins:Z
+          - mattermost-clientplugins:/mattermost/client/plugins:Z
+          - mattermost-bleveindexes:/mattermost/bleve-indexes:Z
+        security_opt:
+          - no-new-privileges=true
+        pids_limit: "100"
+        tmpfs:
+          "/tmp": "rw"
+        label:
+          io.containers.autoupdate: "registry"
+          traefik.enable: "true"
+          traefik.http.routers.mattermost.entrypoints: "https"
+          traefik.http.routers.mattermost.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/mattermost/`) || Path(`/mattermost`))"
+          traefik.http.routers.mattermost.tls: "true"
+          traefik.http.routers.mattermost.tls.certresolver: "wildcard"
+          traefik.http.routers.mattermost.service: "mattermost"
+          traefik.http.routers.mattermost.middlewares: "http-compress@file"
+          traefik.http.services.mattermost.loadbalancer.server.port: "8065"
+          traefik.http.services.mattermost.loadbalancer.passhostheader: "true"
+          traefik.udp.routers.mm-call-rtr.service: "mm-call-svc"
+          traefik.udp.routers.mm-call-rtr.entrypoints: "mmcalls"
+          traefik.udp.services.mm-call-svc.loadBalancer.server.port: "8443"
+          traefik.docker.network: "traefik-mattermost"
+        env:
+          TZ: "{{ vault_timezone }}"
+          MM_SQLSETTINGS_DRIVERNAME: "postgres"
+          MM_SQLSETTINGS_DATASOURCE: "postgres://{{ vault_mattermost_db_user }}:{{ vault_mattermost_db_password }}@db_mattermost:5432/{{ vault_mattermost_db_database }}?sslmode=disable&connect_timeout=10"
+          MM_BLEVESETTINGS_INDEXDIR: "/mattermost/bleve-indexes"
+          MM_SERVICESETTINGS_SITEURL: https://{{ vault_domain }}/mattermost
+        generate_systemd:
+          path: /home/containers/.config/systemd/user/
+          restart_policy: on-failure
+          requires: [container-db_mattermost.service, container-traefik.service]
+          names: true
+          new: true
+
+    - name: Change start and stop timeout limits
+      become_user: containers
+      become: true
+      community.general.ini_file:
+        path: /home/containers/.config/systemd/user/container-mattermost.service
+        section: Service
+        option: "{{ item }}"
+        value: 3600
+        mode: "0664"
+        state: "present"
+        no_extra_spaces: true
+      loop:
+        - TimeoutStartSec
+        - TimeoutStopSec
+
+    - name: Change start and stop timeout limits
+      become_user: containers
+      become: true
+      community.general.ini_file:
+        path: /home/containers/.config/systemd/user/container-db_mattermost.service
+        section: Service
+        option: "{{ item }}"
+        value: 3600
+        mode: "0664"
+        state: "present"
+        no_extra_spaces: true
+      loop:
+        - TimeoutStartSec
+        - TimeoutStopSec
+
+    - name: Start containers at boot
+      become_user: containers
+      become: true
+      ansible.builtin.systemd:
+        scope: user
+        name: container-{{ item }}.service
+        enabled: true
+        state: started
+        daemon_reload: true
+      loop:
+        - mattermost
+        - db_mattermost

containers/traefik/tasks.yml

@@ -38,6 +38,15 @@
         to_port: 443
         rule: allow
 
+    - name: Permit traffic from any IP to mattermost port
+      become: true
+      community.general.ufw:
+        direction: in
+        from_ip: any
+        proto: udp
+        to_port: 8443
+        rule: allow
+
     - name: Pull traefik image
       become_user: containers
       become: true
@@ -88,6 +97,7 @@
         - traefik-gitea
         - traefik-collabora
         - traefik-heimdall
+        - traefik-mattermost
 
     - name: Create traefik instance
       become_user: containers
@@ -99,6 +109,7 @@
         publish:
           - "80:80"
           - "443:443"
+          - "8443:8443"
         security_opt:
           - label=type:container_runtime_t
         volume:
@@ -111,6 +122,7 @@
           - traefik-gitea
           - traefik-collabora
           - traefik-heimdall
+          - traefik-mattermost
         cap_add:
           - NET_ADMIN
         label:
@@ -118,7 +130,7 @@
           traefik.enable: "true"
           traefik.http.middlewares.traefik-auth.basicauth.users: "{{ vault_traefik_basic_auth }}"
           traefik.http.routers.traefik.entrypoints: "https"
-          traefik.http.routers.traefik.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/api`) || Path(`/dashboard`))"
+          traefik.http.routers.traefik.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/api/`) || Path(`/api`) || PathPrefix(`/dashboard/`) || Path(`/dashboard`))"
           traefik.http.routers.traefik.middlewares: "traefik-auth@docker"
           traefik.http.routers.traefik.tls: "true"
           traefik.http.routers.traefik.tls.certresolver: "wildcard"

containers/traefik/templates/traefik.yml.j2

@@ -21,6 +21,8 @@ entryPoints:
           permanent: true
   https:
     address: ":443"
+  mmcalls:
+    address: ":8443/udp"
 
 providers:
   docker:

host_vars/chef.heaplab.deib.polimi.it.yml

@@ -1,97 +1,106 @@
 $ANSIBLE_VAULT;1.1;AES256
-65383561326539386434636536643561356462633332636236303131313233353336336337336261
-3733373262373562666663306131303436373163356238330a313334626637663935333265633434
-37343839333835633136383632626131316138353431323764666566303261353562356565613063
-6535346132376635630a343266383365636536653331356130373639363033663262623330633532
-66313462623161643066663731386366306632303062623366313734396263373237653239356239
-31323333386234333038323637316537613765656633663732633732343635366563626331633535
-63313162646237396563633966373636653837363162393131386263626336393637666561306533
-63633863346337343439633662303638393162366530643230646462356134346362643633633635
-61306131373239323464363436306165373630306230643031646134373238643834353338643233
-64316663356537333261396430633834343434326363323137663062626364666338356263333834
-36666163613562343332313035313464376266633566653133343933326166623634323731396361
-31373861363966363261633730656133366634666639346338396435353066613965623766323666
-37373338326633333038663836313438323030333436616365323261363532333431643539396564
-30343630616431353565613433663433326338336366363733356564373039326262376334316335
-61636262353061303430373832643463353361653837316336616637333463376561333565363032
-39313533346138623965663830346664646361396664363666373138383065363338313938623436
-31656663346164656439616639643565613737646431643666346364643862383732313937316336
-37623762386362303832393663333266623635643831326665633134393065346466633233636366
-61346333303031646337366462636539346436376565376135363337306330613963643462333862
-39613634613832373432643834353737356562653637626163386565353237643535313834353362
-62396436353435363263316664393531663763613236363638663139633864666132343765303836
-64396361396233663261343264383732393463343638386438356665383237376330316266373163
-35373238356234316231633737336262343237393865646630306436663533396137666264323561
-63393739333432343233343935393130613433363966636262323366653134626462326532383836
-36623865623739333231373464643134383239613734323832626239373466313461343034636631
-36663132643737643337626664623033396532333636353761376366346366356166333164663732
-64623234623733366661373363366362303838323239636233363837636530656337623336633164
-36633435313935323636623165663262646238363265363664653265316438323835396231396463
-34643633343833366333663064383335303263626338316132313730616437303861366631353339
-34353164646364636533616435316231383836363065383039663835303763613966646237643162
-38656166663937616264383331616639646662366632363665323566343434633063333361303639
-65613131323137653663616331626432333562303236663261623664353964313330373461333138
-39636638643731323036386237393339623835333337396563653938636261373536373464306162
-35376534316638343166356639313937393739336662396536386530613831343430383234316334
-39396666623463623261313663376530343030383334383430323639346135383937646562383038
-30636266326531363836333331313136343631646134343065356162316231626132626362616431
-36313062623365376665663433613236386331383339613736323866633138346539376437363665
-34346430646463613031653835383934623863653637653266613035303162386466643835306165
-35616436373230636633326536306635333333656164313835663239636432666332363738343631
-34363735633336303164333065346563643832333735653066363639613238653735656535333362
-35346231363938356662363838643563336231306366663966626162303563666564326564376164
-38643066353963666433313031323930656366663465626430356631376566646438383161306262
-36316537316566343665633863306535376162663932353036383233393463386339383764313935
-30626163366262343635343463643964333164313637613533663937636633313262393161333934
-65376365323932393365303231646563613237353736663236666465323435386464386165636633
-37343233373837643432333434643232623762316163363333623433346535663238653263646130
-39343966383262386534313531336633353031353438353733613433616631373863623931623130
-33613565656435646330386162356633343966323165613466646236356265643535313339333462
-39303638633664346334376432316537306561336564363766656238653634373063353037666666
-61663031376530366362383734373838616165346163653764336134343234313538653039613934
-39663033376537643166633936663838626462343064386461646365356530363966613830333338
-37323863613864646130633862343761636563303566653137623863353363373735613137366132
-34353830333565303931343630396634356561656461316232633630643966343965646261396462
-32636637633333393831646361316439313661653963333939333564383865323165383264313538
-64623535363964373636303233343534633235613938336261613132656161333161373265303831
-34633764373837666330623236376263306334313861333037653831616566333965346339353564
-61343132376539363036383431353931626235363930626462663535383765646237643461353565
-65383435386263376635383232323565633139323934653235376435633264353637656137316536
-32653563666539386239376265383937656434353338373733303934616233383937313065306631
-36373635323362656462393364303034396136623764316138616537653862356364303331333465
-64616631613437346232633962303036383864343130306263633534383266316430653136333231
-30373632333738643565626365356665653535373061323666386264396265343531356433326166
-35313065636564353861393438643161653465313833313830313631643063343766646666346236
-64643137306562353730636439636565346236353832626563343433393366343165616664356465
-33396537326434313535383737643033373533313939323331326665396637646434646137376262
-39303536636635313565613862393335306330633666383138663133366663613032633265313138
-36336238623231326362306234306636666631646262383231666237323735323132363664643763
-33643561623964396565303163363334396364613934336330663633626366323534656531366665
-62663132663834663032356138383032633135373634303463313662363736656435663932326463
-61396333643831633937383531313239353565346465313030313831393766346662383435666633
-30636164663238313335653766626637373835333936363361333539646634363066313662636562
-36373737383235633961666439323130646338323637623531633764323531303362333433386632
-37663665333666373465336533633466666131626363646633623466383366313730386131346632
-37343761356432303462613732633062656265616339373638373837646463636666336361616338
-38363962313866646333363335323937653035303066663239313233313762313963323138633835
-33313563303463323330666431343632326130616630373132333135393731333437646531643833
-32666566366466323935616663616665373166336665613238666364656164373534663039663135
-36306230326536393066323663336266396637373234333435306666313137356262303266333333
-39356161663239656164633835636563313436393337663762303435636132393161383230656434
-64303066636361356665396638333735643461343962313935303730643163363239616462373934
-32653762616635633838376631323838356664626236363134373163656139386365616363653835
-62366465643861396461643364303763653437333938373965656434653531333336303037353965
-32643735623464363932653238623136393738636631386335366163333461333765356139643662
-37316164633966373433353631373066306565623832313034353866373933663730363330646538
-66393630633366633730666463393263356335393037653065346564363164616363346566336238
-61643963363633633866616139346536653461303538346337316436326431363561386531616537
-38343634373630333036353465363632363334363630323531653339636163636332316335623162
-63653834663536393938356232333833356137656434343363633339353539313662363535303266
-38623735323638336533373561346338396535326336383638386337316539313831393537353462
-34636563646439616433373338383666303539336263653335356366353634613330383965356132
-31633639613335623062333064306430363034646439386636663136666333663861623230383333
-64326334363636346465376561653161343531323966386133623365636534323338386238383139
-38316533396566613233656638356330366461666630303932363965613965326532633034373332
-39383864376233356466636236666436636662396564663334363663343231356434303938396238
-65336337616638353433613830313532643665623863323266666261643134613636346562303563
-39373338636635383161
+63626565393066343966323064646661383330623937613233616534313331363530613062643964
+3831383231313564376432303465376532623531643539610a663134386361353330626637626162
+64373334373639663762343362646636303837376138393338643533363438616535623064323061
+6436343866336234350a313733383930366635646437383464353363643964346437323535333866
+39636163666637326531336136653461636135363230663762613637666230353135616435393962
+32383132313963623131313831326333656232656538336433633735633939636661383266396663
+30653763333761623734383862326438626631643965376137663662643362663165306265633363
+63636238336438643733633665613232306437396130663432366364613737653431653361653965
+32373931633536656335396134313065666437666634343466653136343362343165366233383964
+66663263316162626466646234623363616135663039393761373734663566623235343263323261
+37646434373863303033386464343766323462643338396466363863356430616431343463326432
+66376630663337386461663934393566393138353363376235343764363431323636653361343839
+33353864653031633831383639633565616332373033333436636362393565306233326632373639
+38316265303135366436643262653733663333383863386536343035366362643762646437306135
+65663065366335656436633137316266643361643336613235613562633537313366343163376164
+63663661383032343962666363393834626339333437313032303134643036646636333464353931
+66356664623938333230616365316666653832393730616332376434336339363430366239656636
+31323236666165623736376133393063323537326164386536633631313466653162663739376639
+35376364653066396635396539316234313037356339363833396430353134356136666537363337
+63343435363235386538636361343138363263663035653666656637333036666331343139373463
+61666266636134366233633766623430633164636337653839663365343062616464323861363836
+64613638626338353335633164613931363537356232373066323035393435373932633932663838
+62303232643835303636323638653435343836383432313161306363303565356239663430376331
+62323038616332663032366133656632663363623837333537366432643439353934346165623039
+63306436653235646535333134643438656133323131333266656337396337353833313230653438
+66313834656430323962653263643231396330313561613935336132646238366637633230323134
+35346564383166636563366637643738353838636530303235616265306133336431393064646434
+32363065633136326364336637656235316330323137633364383739633032366437373233376334
+38663762643832373264383064333662376634633738383239343932353162343466393637343439
+31353936366137623538393737316661666161633464343466306139323030653935343564396132
+66653934326230326563643837333562333438303334623138623362323737313461373930666162
+34656162313730663365373835366231383638623834653238326261616332333665393732383864
+31646163346431373434323961633966623564363432306562663031626562353036613632666130
+31656466333934663265656336313161643135346235663838383563333535623163396636613738
+34376534386635393062306363343137336666656330343863623439316131353066353337383734
+35306137353434333435313033636565653537306264636332646464306633666635616435663034
+38653635383861343237616339306662663634653937663730376232306161306435333432343235
+38626232613939623166623465353837663064396264643966383634343736353161346232373135
+66303338376338663431373131653462343766376235653762343564383965333131353431356565
+66313163343537343931306131373738383965356433323139333262363331663438316364343539
+32373362613433633638306235383638313334633130326637613734393965633164646539396465
+30356135666464353531643061346635386663366438656638646237366431366237616632363330
+38646661396561643039336631333037313638653334666361383132323264323037633132353464
+61306261353765386136313331623264633532363833343336313465333332663837303934313332
+63633330313434353666616533663939383431303334616434303037643763383935633061643737
+37376139656565633466633638303838623238363030363734323739643339633130633030346431
+39373863376137376430313532623662633738666539663566316366356536613963323437636236
+36396461646439326164623230303362636664303131326561383536653436316239643161313932
+36393638666630383761303965666461326433393635306230333136343064633161373034656635
+35386362316465366134386566656366616236326133366665366437616630346565353261613464
+31633338623163626138663034346137356131333335333536386365373237333737653163333533
+39373430633534636632356432313161636433393931303361366565353665633662313832646565
+35633237663161313832613065326638356130306439643437613735643264373331653331373232
+33383966363833376439333431303664323465383664383566656531663366383735383364663461
+66623161623738343365356365303730656337373636333361376534356363366134333338366464
+34366139636162613031313265306635663435396533633031316139356163613532363737313031
+37393438653465323963343139383766373062666632343939316166646265393730343331386630
+64616231386330386339656434346236376432376432383639363431666233336437623263663763
+31363964313766386535646561656261633938656238303762633465373565633962626663336266
+66313965613730643631376264343461633038616430326637633330313861363233363162623232
+66363861383530373933326436373165383930316138633665663336663266626362386365653264
+33376230376336393962313036393134316233316539393037323065643265633964306530656462
+30383562653333323263613661393861643332656330633635333135616463336566353630666562
+31646139326630343738653539373337356139653338306663353932623535626232636634393334
+66323230393633646165633835653834373261353031356365643933303737313534383533663762
+32643739646639656430663562393166626539353533656563393862353562336432373234656136
+35343266356330306432346435363035336432636135663464393033353733393732356364613132
+65353464616231653137373734323761396430363664643464353430646134656665633933623666
+62363535303265353533333335653061616230613163373361363336373337623131383563323938
+66643830363863616134343564343132346639323030396166383965336265396138636431666462
+62306333363136653462386633643637663262623638373833663030316539623566323461393536
+36656465353436336363623536376164373264643863666631353865643462663636636130376266
+32623435643631303836653262643031353630396261343666663237663436366664356639366532
+34353839373863646366366236623265346631343561666263346136326534353634613638336339
+36356131633464343565626539653738396334653564303563306131316539343438636265663736
+30306134333431366530666131616265336637396237626436326462363062313861633565346264
+34613432343938636232316466396565323038613931616361643561613862333638636163623532
+65393137636636303830376535396238336433626266313136616135323937303033396230303265
+34666461356339373061626434613366303664636337373362326237633834366263393938663963
+35363565643330313839653935393336663338316635636333353963333334616661393065373935
+36366265653835343363636237356433366164636664346633393239316539383565663561316136
+39623162363961623239346132623933303864373664343333393466343564393762646365346562
+65646563343865323261366335663765373364336266376431373536656366343539656466363939
+33303732383034346465633838623864623130653334666436623837636234356361663562306666
+31316166656638613137636435383733363365346230626130633564386433623931396264383265
+62396435376634383863663136343731386536326461643932303263656636656139316661613134
+33663666636664306539313537616261363933653037616364643637396234646431356262653566
+34336534306632373034623534363765376538323333386137626638363430633538353030343137
+66353235353731646333623562363065333533323734373765383562633337323962306430353635
+37333664643636643037393638316537386164613136393732653061616134316534383365303839
+33383731616365613031646534343733363037366235383131643564366239626563633132306163
+31306335323664303634333432666230626462393261393761646434616233666436326432373466
+32306164373936363937316530313564313262343164366539396135353639666138616364636239
+34306432653335653837383134623665663062663339633263366131633836326137333932313730
+38336638626262636535306235383437316333646362383265623931616235363034666231656239
+39396337633932356335386365313066363863376166303335396364376638303430336436323038
+63666361636630393562316465346334393963356130353564633437663731656234643264386137
+37386237646261656364643031326166313539663938363532643131633332306331623538353036
+35356136356234616330613636356137393665303065653763386563303938373162656438373333
+65393262613338363661646532306435343334343035363034636131366264373436633436333366
+33303531326433643866653961643839336464613036623961353661313534396334313533633963
+30386337653237386466383531623936306666326633393239353533396663393032626331323365
+33353433663663303331353633353634333164393065336231633930656335666538663464353837
+35353262623637303731303932356432313337643139383264336230383331323966393261376539
+3133