# code: language=ansible --- - hosts: all name: Mattermost server tasks: - name: Stop running containers become_user: containers become: true ansible.builtin.systemd: scope: user name: container-{{ item }}.service state: stopped loop: - mattermost - db_mattermost failed_when: false - name: Create podman volumes containers.podman.podman_volume: state: present name: "{{ item }}" become_user: containers become: true loop: - mattermost-config - mattermost-data - mattermost-logs - mattermost-plugins - mattermost-clientplugins - mattermost-bleveindexes - mattermost-db - name: Create podman networks containers.podman.podman_network: name: "{{ item }}" recreate: false state: "present" become_user: containers become: true loop: - traefik-mattermost - postgres-mattermost - name: Pull container images become_user: containers become: true containers.podman.podman_image: name: docker.io/{{ item }} loop: - mattermost/mattermost-team-edition:release-9 - postgres:13-alpine - name: Create postgres instance become_user: containers become: true containers.podman.podman_container: name: db_mattermost image: docker.io/postgres:13-alpine state: present volume: - mattermost-db:/var/lib/postgresql/data/pgdata:Z network: - postgres-mattermost env: POSTGRES_DB: "{{ vault_mattermost_db_database }}" POSTGRES_USER: "{{ vault_mattermost_db_user }}" POSTGRES_PASSWORD: "{{ vault_mattermost_db_password }}" PGDATA: /var/lib/postgresql/data/pgdata TZ: "{{ vault_timezone }}" security_opt: - no-new-privileges=true pids_limit: "100" read_only: true tmpfs: "/tmp": "rw" "/var/run/postgresql": "rw" generate_systemd: path: /home/containers/.config/systemd/user/ restart_policy: on-failure names: true new: true - name: Add a mattermost container become_user: containers become: true containers.podman.podman_container: name: mattermost image: docker.io/mattermost/mattermost-team-edition:release-9 state: present network: - traefik-mattermost - postgres-mattermost volume: - mattermost-config:/mattermost/config:Z - mattermost-data:/mattermost/data:Z - mattermost-logs:/mattermost/logs:Z - mattermost-plugins:/mattermost/plugins:Z - mattermost-clientplugins:/mattermost/client/plugins:Z - mattermost-bleveindexes:/mattermost/bleve-indexes:Z security_opt: - no-new-privileges=true pids_limit: "100" tmpfs: "/tmp": "rw" label: io.containers.autoupdate: "registry" traefik.enable: "true" traefik.http.routers.mattermost.entrypoints: "https" traefik.http.routers.mattermost.rule: "Host(`{{ vault_domain }}`) && (PathPrefix(`/mattermost/`) || Path(`/mattermost`))" traefik.http.routers.mattermost.tls: "true" traefik.http.routers.mattermost.tls.certresolver: "wildcard" traefik.http.routers.mattermost.service: "mattermost" traefik.http.routers.mattermost.middlewares: "http-compress@file" traefik.http.services.mattermost.loadbalancer.server.port: "8065" traefik.http.services.mattermost.loadbalancer.passhostheader: "true" traefik.udp.routers.mm-call-rtr.service: "mm-call-svc" traefik.udp.routers.mm-call-rtr.entrypoints: "mmcalls" traefik.udp.services.mm-call-svc.loadBalancer.server.port: "8443" traefik.docker.network: "traefik-mattermost" env: TZ: "{{ vault_timezone }}" # https://docs.mattermost.com/configure/environment-configuration-settings.html MM_SQLSETTINGS_DRIVERNAME: "postgres" MM_SQLSETTINGS_DATASOURCE: "postgres://{{ vault_mattermost_db_user }}:{{ vault_mattermost_db_password }}@db_mattermost:5432/{{ vault_mattermost_db_database }}?sslmode=disable&connect_timeout=10" MM_BLEVESETTINGS_INDEXDIR: "/mattermost/bleve-indexes" MM_SERVICESETTINGS_SITEURL: "https://{{ vault_domain }}/mattermost" MM_EMAILSETTINGS_SMTPSERVER: "{{ vault_smtp_host }}" MM_EMAILSETTINGS_SMTPPORT: "{{ vault_smtp_port }}" MM_EMAILSETTINGS_ENABLESMTPAUTH: "true" MM_EMAILSETTINGS_SMTPUSERNAME: "{{ vault_smtp_user }}" MM_EMAILSETTINGS_SMTPPASSWORD: "{{ vault_smtp_password }}" MM_EMAILSETTINGS_CONNECTIONSECURITY: "{{ vault_smtp_protocol }}" MM_SERVICESETTINGS_ENABLESECURITYFIXALERT: "true" generate_systemd: path: /home/containers/.config/systemd/user/ restart_policy: on-failure requires: [container-db_mattermost.service, container-traefik.service] names: true new: true - name: Change start and stop timeout limits become_user: containers become: true community.general.ini_file: path: /home/containers/.config/systemd/user/container-mattermost.service section: Service option: "{{ item }}" value: 3600 mode: "0664" state: "present" no_extra_spaces: true loop: - TimeoutStartSec - TimeoutStopSec - name: Change start and stop timeout limits become_user: containers become: true community.general.ini_file: path: /home/containers/.config/systemd/user/container-db_mattermost.service section: Service option: "{{ item }}" value: 3600 mode: "0664" state: "present" no_extra_spaces: true loop: - TimeoutStartSec - TimeoutStopSec - name: Start containers at boot become_user: containers become: true ansible.builtin.systemd: scope: user name: container-{{ item }}.service enabled: true state: started daemon_reload: true loop: - mattermost - db_mattermost