# Mattermost - Team collaboration
# Port: 8065
# Self-hosted Slack alternative
# DB: host postgres (172.17.0.1:5432) — not containerized
# Compose file lives on host at: /opt/mattermost/docker-compose.yml

services:
  mattermost:
    image: mattermost/mattermost-team-edition:11.4
    container_name: mattermost
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pids_limit: 200
    read_only: false
    tmpfs:
      - /tmp
    ports:
      - "8065:8065"
    environment:
      TZ: UTC
      MM_SQLSETTINGS_DRIVERNAME: postgres
      MM_SQLSETTINGS_DATASOURCE: "postgres://mmuser:${MM_DB_PASSWORD}@172.17.0.1:5432/mattermost?sslmode=disable&connect_timeout=10"  # pragma: allowlist secret
      MM_SERVICESETTINGS_SITEURL: https://mm.crista.love
      MM_SERVICESETTINGS_LISTENADDRESS: ":8065"
      MM_FILESETTINGS_DRIVERNAME: local
      MM_FILESETTINGS_DIRECTORY: /mattermost/data
      MM_LOGSETTINGS_CONSOLELEVEL: INFO
      MM_LOGSETTINGS_FILELEVEL: INFO
      MM_EMAILSETTINGS_ENABLESMTPAUTH: "true"
      MM_EMAILSETTINGS_SMTPSERVER: smtp.gmail.com
      MM_EMAILSETTINGS_SMTPPORT: "587"
      MM_EMAILSETTINGS_CONNECTIONSECURITY: STARTTLS
      MM_EMAILSETTINGS_SMTPUSERNAME: ${MM_SMTP_USERNAME}  # set in .env
      MM_EMAILSETTINGS_FEEDBACKEMAIL: ${MM_FEEDBACK_EMAIL}  # set in .env
      MM_EMAILSETTINGS_FEEDBACKNAME: Mattermost
      MM_EMAILSETTINGS_SENDEMAILNOTIFICATIONS: "true"
      MM_TEAMSETTINGS_ENABLEOPENSERVER: "true"
      MM_TEAMSETTINGS_MAXUSERSPERTEAM: "50"
      # Authentik OAuth2 via GitLab-compatible provider (works with Team Edition)
      MM_GITLABSETTINGS_ENABLE: "true"
      MM_GITLABSETTINGS_ID: ${MM_OAUTH_CLIENT_ID}          # set in .env
      MM_GITLABSETTINGS_SECRET: ${MM_OAUTH_CLIENT_SECRET}       # set in .env  # pragma: allowlist secret
      MM_GITLABSETTINGS_SCOPE: "openid profile email"
      MM_GITLABSETTINGS_AUTHENDPOINT: "https://sso.vish.gg/application/o/authorize/"
      MM_GITLABSETTINGS_TOKENENDPOINT: "https://sso.vish.gg/application/o/token/"
      MM_GITLABSETTINGS_USERAPIENDPOINT: "https://sso.vish.gg/application/o/userinfo/"
      MM_GITLABSETTINGS_BUTTONTEXTCOLOR: "#FFFFFF"
      MM_GITLABSETTINGS_BUTTONCOLOR: "#fd4b2d"
    env_file:
      - .env
    volumes:
      - /opt/mattermost/config:/mattermost/config:rw
      - /opt/mattermost/data:/mattermost/data:rw
      - /opt/mattermost/logs:/mattermost/logs:rw
      - /opt/mattermost/plugins:/mattermost/plugins:rw
      - /opt/mattermost/client-plugins:/mattermost/client/plugins:rw
    # No custom healthcheck needed — the image provides one via:
    # CMD /mattermost/bin/mmctl system status --local
    extra_hosts:
      - "host.docker.internal:host-gateway"