Sanitized mirror from private repository - 2026-03-12 11:19:27 UTC

2026-03-12 11:19:27 +00:00
commit f2dd10ede0
1172 changed files with 299450 additions and 0 deletions
--- a/docs/services/mattermost/deploy-mattermost.sh
+++ b/docs/services/mattermost/deploy-mattermost.sh
@@ -0,0 +1,219 @@
+#!/bin/bash
+# Complete Mattermost Deployment Script
+
+set -e
+
+echo "=============================================="
+echo "Mattermost Production Deployment"
+echo "Domain: mm.crista.love"
+echo "=============================================="
+
+# Variables - UPDATE THESE WITH YOUR ACTUAL VALUES
+B2_KEY_ID="${B2_KEY_ID:-your-b2-key-id}"
+B2_APP_KEY="${B2_APP_KEY:REDACTED_APP_KEY}"
+B2_ENDPOINT="${B2_ENDPOINT:-s3.us-west-004.backblazeb2.com}"
+B2_BUCKET="${B2_BUCKET:-your-bucket-name}"
+SMTP_HOST="${SMTP_HOST:-smtp.gmail.com}"
+SMTP_PORT="${SMTP_PORT:-587}"
+SMTP_USER="${SMTP_USER:-your-email@gmail.com}"
+SMTP_PASS="REDACTED_PASSWORD"
+
+echo "=== Step 1: Install Docker Compose plugin ==="
+apt-get update
+apt-get install -y docker-compose-plugin unzip
+
+echo "=== Step 2: Install AWS CLI for B2 backups ==="
+if ! command -v aws &> /dev/null; then
+    curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip"
+    unzip -q /tmp/awscliv2.zip -d /tmp
+    /tmp/aws/install
+    rm -rf /tmp/aws /tmp/awscliv2.zip
+fi
+
+# Configure AWS CLI for Backblaze B2
+mkdir -p ~/.aws
+cat > ~/.aws/credentials << EOF
+[default]
+aws_access_key_id = ${B2_KEY_ID}
+aws_secret_access_key = ${B2_APP_KEY}
+EOF
+
+cat > ~/.aws/config << EOF
+[default]
+region = us-west-004
+EOF
+
+echo "=== Step 3: Create directory structure ==="
+mkdir -p /opt/mattermost/{config,data,logs,plugins,client/plugins,bleve-indexes,backups}
+mkdir -p /etc/nginx/ssl
+mkdir -p /var/cache/nginx/mattermost
+
+echo "=== Step 4: Generate PostgreSQL password ==="
+POSTGRES_PASSWORD="REDACTED_PASSWORD" rand -base64 32 | tr -dc 'a-zA-Z0-9' | head -c 32)
+echo "POSTGRES_PASSWORD="REDACTED_PASSWORD" > /opt/mattermost/.env
+chmod 600 /opt/mattermost/.env
+
+echo "=== Step 5: Create Docker Compose file ==="
+cat > /opt/mattermost/docker-compose.yml << EOF
+services:
+  postgres:
+    image: postgres:15-alpine
+    container_name: mattermost-postgres
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+    pids_limit: 100
+    read_only: true
+    tmpfs:
+      - /tmp
+      - /var/run/postgresql
+    volumes:
+      - postgres_data:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_USER=mmuser
+      - POSTGRES_PASSWORD="REDACTED_PASSWORD"
+      - POSTGRES_DB=mattermost
+    networks:
+      - mattermost-network
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U mmuser -d mattermost"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+
+  mattermost:
+    image: mattermost/mattermost-team-edition:latest
+    container_name: mattermost
+    restart: unless-stopped
+    depends_on:
+      postgres:
+        condition: service_healthy
+    security_opt:
+      - no-new-privileges:true
+    pids_limit: 200
+    tmpfs:
+      - /tmp
+    volumes:
+      - /opt/mattermost/config:/mattermost/config:rw
+      - /opt/mattermost/data:/mattermost/data:rw
+      - /opt/mattermost/logs:/mattermost/logs:rw
+      - /opt/mattermost/plugins:/mattermost/plugins:rw
+      - /opt/mattermost/client/plugins:/mattermost/client/plugins:rw
+      - /opt/mattermost/bleve-indexes:/mattermost/bleve-indexes:rw
+    environment:
+      - TZ=UTC
+      - MM_SQLSETTINGS_DRIVERNAME=postgres
+      - MM_SQLSETTINGS_DATASOURCE=postgres://mmuser:${POSTGRES_PASSWORD}@postgres:5432/mattermost?sslmode=disable&connect_timeout=10
+      - MM_BLEVESETTINGS_INDEXDIR=/mattermost/bleve-indexes
+      - MM_SERVICESETTINGS_SITEURL=https://mm.crista.love
+      - MM_SERVICESETTINGS_LISTENADDRESS=:8065
+      # Email Settings
+      - MM_EMAILSETTINGS_ENABLESMTPAUTH=true
+      - MM_EMAILSETTINGS_SMTPUSERNAME=${SMTP_USER}
+      - MM_EMAILSETTINGS_SMTPPASSWORD="REDACTED_PASSWORD"
+      - MM_EMAILSETTINGS_SMTPSERVER=${SMTP_HOST}
+      - MM_EMAILSETTINGS_SMTPPORT=${SMTP_PORT}
+      - MM_EMAILSETTINGS_CONNECTIONSECURITY=STARTTLS
+      - MM_EMAILSETTINGS_FEEDBACKEMAIL=${SMTP_USER}
+      - MM_EMAILSETTINGS_REPLYTOADDRESS=${SMTP_USER}
+      - MM_EMAILSETTINGS_SENDEMAILNOTIFICATIONS=true
+      # File Storage - Backblaze B2
+      - MM_FILESETTINGS_DRIVERNAME=amazons3
+      - MM_FILESETTINGS_AMAZONS3ACCESSKEYID=${B2_KEY_ID}
+      - MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY=${B2_APP_KEY}
+      - MM_FILESETTINGS_AMAZONS3BUCKET=${B2_BUCKET}
+      - MM_FILESETTINGS_AMAZONS3ENDPOINT=${B2_ENDPOINT}
+      - MM_FILESETTINGS_AMAZONS3SSL=true
+      - MM_FILESETTINGS_AMAZONS3SIGNV2=false
+      - MM_FILESETTINGS_AMAZONS3REGION=us-west-004
+      # Security
+      - MM_SERVICESETTINGS_ENABLESECURITYFIXALERT=true
+      - MM_PASSWORDSETTINGS_MINIMUMLENGTH=10
+    ports:
+      - "127.0.0.1:8065:8065"
+    networks:
+      - mattermost-network
+
+networks:
+  mattermost-network:
+    driver: bridge
+
+volumes:
+  postgres_data:
+EOF
+
+echo "=== Step 6: Set directory permissions ==="
+chown -R 2000:2000 /opt/mattermost/config /opt/mattermost/data /opt/mattermost/logs /opt/mattermost/plugins /opt/mattermost/client/plugins /opt/mattermost/bleve-indexes
+
+echo "=== Step 7: Start Mattermost containers ==="
+cd /opt/mattermost
+docker compose pull
+docker compose up -d
+
+echo "=== Step 8: Wait for Mattermost to be healthy ==="
+echo "Waiting for services to start..."
+sleep 15
+
+# Wait for Mattermost to be ready
+MAX_ATTEMPTS=30
+ATTEMPT=0
+until curl -sf http://127.0.0.1:8065/api/v4/system/ping > /dev/null 2>&1; do
+    ATTEMPT=$((ATTEMPT + 1))
+    if [ $ATTEMPT -ge $MAX_ATTEMPTS ]; then
+        echo "Mattermost did not become healthy in time. Checking logs..."
+        docker compose logs --tail=100
+        exit 1
+    fi
+    echo "Waiting for Mattermost to be ready... (attempt $ATTEMPT/$MAX_ATTEMPTS)"
+    sleep 5
+done
+echo "Mattermost is healthy!"
+
+echo "=== Step 9: Configure Nginx ==="
+# Nginx config should already be copied
+
+# Create cache directory
+mkdir -p /var/cache/nginx/mattermost
+chown www-data:www-data /var/cache/nginx/mattermost
+
+# Enable the site
+ln -sf /etc/nginx/sites-available/mattermost /etc/nginx/sites-enabled/mattermost
+
+# Test nginx config
+nginx -t
+
+# Reload nginx
+systemctl reload nginx
+
+echo "=== Step 10: Set up automated backups ==="
+chmod +x /opt/mattermost/backup.sh
+
+# Add cron job for daily backups at 3 AM
+(crontab -l 2>/dev/null | grep -v "mattermost/backup.sh"; echo "0 3 * * * /opt/mattermost/backup.sh >> /var/log/mattermost-backup.log 2>&1") | crontab -
+
+echo "=== Step 11: Enable open signups ==="
+docker exec mattermost /mattermost/bin/mmctl config set TeamSettings.REDACTED_APP_PASSWORD true --local
+docker restart mattermost
+sleep 15
+
+echo "=============================================="
+echo "Mattermost Deployment Complete!"
+echo "=============================================="
+echo ""
+echo "Access Mattermost at: https://mm.crista.love"
+echo ""
+echo "Next steps:"
+echo "1. Visit https://mm.crista.love to create your admin account"
+echo "2. The first user to sign up becomes the system admin"
+echo ""
+echo "Backup schedule: Daily at 3 AM UTC"
+echo "Backups stored in: Backblaze B2 (${B2_BUCKET}/backups/)"
+echo ""
+echo "Useful commands:"
+echo "  View logs:    docker compose -f /opt/mattermost/docker-compose.yml logs -f"
+echo "  Restart:      docker compose -f /opt/mattermost/docker-compose.yml restart"
+echo "  Manual backup: /opt/mattermost/backup.sh"
+echo ""
+
+# Show container status
+docker compose ps