pyrox.dev / nixpkgs
lol
fork atom

nixos/mattermost: correct file upload directory (#400221)

Tristan Ross 9ddf5cb6 c6afedcc

options
unified split
Changed files
+36 -15
nixos
doc
manual
release-notes
rl-2505.section.md
modules
services
web-apps
mattermost.nix
tests
mattermost
default.nix
-1
nixos/doc/manual/release-notes/rl-2505.section.md 
···

       
34

       
 

       
  - `services.mattermost.listenAddress` has been split into {option}`services.mattermost.host` and {option}`services.mattermost.port`. If your `listenAddress` contained a port, you will need to edit your configuration.


     

       
35

       
 

       
  - Mattermost now supports peer authentication on both MySQL and Postgres database backends. Updating {option}`system.stateVersion` to 25.05 or later will result in peer authentication being used by default if the Mattermost server would otherwise be connecting to localhost. This is the recommended configuration.


     

       
36

       
 

       
  - The Mattermost module will produce eval warnings if a database password would end up in the Nix store, and recommend alternatives such as peer authentication or using the environment file.


     

       
37

       
-

       
  - Mattermost's entire test suite is now enabled by default, which will extend build time from sources by up to an hour. A `withoutTests` passthru has been added in case you want to skip it.


     

       
38

       
 

       
  - We now support `mmctl` for Mattermost administration if both {option}`services.mattermost.socket.enable` and {option}`services.mattermost.socket.export` are set, which export the Mattermost control socket path into the system environment.


     

       
39

       
 

       
  - A new `pkgs.mattermost.buildPlugin` function has been added, which allows plugins to be built from source, including webapp frontends with a supported package-lock.json. See the Mattermost NixOS test and [manual](https://nixos.org/manual/nixpkgs/unstable/#sec-mattermost-plugins-build) for an example.


     

       
40

       
 

       
  - Note that the Mattermost module will create an account _without_ a well-known UID if the username differs from the default (`mattermost`). If you used Mattermost with a nonstandard username, you may want to review the module changes before upgrading.


     
···

       
34

       
 

       
  - `services.mattermost.listenAddress` has been split into {option}`services.mattermost.host` and {option}`services.mattermost.port`. If your `listenAddress` contained a port, you will need to edit your configuration.


     

       
35

       
 

       
  - Mattermost now supports peer authentication on both MySQL and Postgres database backends. Updating {option}`system.stateVersion` to 25.05 or later will result in peer authentication being used by default if the Mattermost server would otherwise be connecting to localhost. This is the recommended configuration.


     

       
36

       
 

       
  - The Mattermost module will produce eval warnings if a database password would end up in the Nix store, and recommend alternatives such as peer authentication or using the environment file.


     

       

       

       
     

       
37

       
 

       
  - We now support `mmctl` for Mattermost administration if both {option}`services.mattermost.socket.enable` and {option}`services.mattermost.socket.export` are set, which export the Mattermost control socket path into the system environment.


     

       
38

       
 

       
  - A new `pkgs.mattermost.buildPlugin` function has been added, which allows plugins to be built from source, including webapp frontends with a supported package-lock.json. See the Mattermost NixOS test and [manual](https://nixos.org/manual/nixpkgs/unstable/#sec-mattermost-plugins-build) for an example.


     

       
39

       
 

       
  - Note that the Mattermost module will create an account _without_ a well-known UID if the username differs from the default (`mattermost`). If you used Mattermost with a nonstandard username, you may want to review the module changes before upgrading.
+21 -11
nixos/modules/services/web-apps/mattermost.nix 
···

       
41

       
 

       
  # The directory to store mutable data within dataDir.


     

       
42

       
 

       
  mutableDataDir = "${cfg.dataDir}/data";


     

       
43

       
 

       



     

       
44

       
-

       
  # The plugin directory. Note that this is the *post-unpack* plugin directory,


     

       
45

       
-

       
  # since Mattermost unpacks plugins to put them there. (Hence, mutable data.)


     

       
46

       
-

       
  pluginDir = "${mutableDataDir}/plugins";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
47

       
 

       



     

       
48

       
 

       
  # Mattermost uses this as a staging directory to unpack plugins, among possibly other things.


     

       
49

       
 

       
  # Ensure that it's inside mutableDataDir since it can get rather large.


     
···

       
232

       
 

       
          services.mattermost.environmentFile = "<your environment file>";


     

       
233

       
 

       
          services.mattermost.database.fromEnvironment = true;


     

       
234

       
 

       
        '' database;


     

       
235

       
-

       
    FileSettings.Directory = cfg.dataDir;


     

       
236

       
-

       
    PluginSettings.Directory = "${pluginDir}/server";


     

       
237

       
-

       
    PluginSettings.ClientDirectory = "${pluginDir}/client";


     

       

       

       
     

       

       

       
     

       

       

       
     

       
238

       
 

       
    LogSettings = {


     

       
239

       
 

       
      FileLocation = cfg.logDir;


     

       
240

       
 

       



     
···

       
800

       
 

       
          "R- ${tempDir} - - - - -"


     

       
801

       
 

       
          "d= ${tempDir} 0750 ${cfg.user} ${cfg.group} - -"


     

       
802

       
 

       



     

       
803

       
-

       
          # Ensure that pluginDir is a directory, as it could be a symlink on prior versions.


     

       
804

       
 

       
          # Don't remove or clean it out since it should be persistent, as this is where plugins are unpacked.


     

       
805

       
-

       
          "d= ${pluginDir} 0750 ${cfg.user} ${cfg.group} - -"


     

       
806

       
 

       



     

       
807

       
 

       
          # Ensure that the plugin directories exist.


     

       
808

       
 

       
          "d= ${mattermostConf.PluginSettings.Directory} 0750 ${cfg.user} ${cfg.group} - -"


     
···

       
819

       
 

       
          if cfg.pluginsBundle == null then


     

       
820

       
 

       
            # Create the plugin tarball directory to allow plugin uploads.


     

       
821

       
 

       
            [


     

       
822

       
-

       
              "d= ${cfg.dataDir}/plugins 0750 ${cfg.user} ${cfg.group} - -"


     

       
823

       
 

       
            ]


     

       
824

       
 

       
          else


     

       
825

       
 

       
            # Symlink the plugin tarball directory, removing anything existing, since it's managed by Nix.


     

       
826

       
-

       
            [ "L+ ${cfg.dataDir}/plugins - - - - ${cfg.pluginsBundle}" ]


     

       
827

       
 

       
        );


     

       
828

       
 

       



     

       
829

       
 

       
      systemd.services.mattermost = rec {


     
···

       
867

       
 

       
            # Logs too.


     

       
868

       
 

       
            oldLogs="$dataDir/logs"


     

       
869

       
 

       
            newLogs="$logDir"


     

       
870

       
-

       
            if [ "$oldLogs" != "$newLogs" ] && [ -d "$oldLogs" ]; then


     

       
871

       
 

       
              # Migrate the legacy log location to the new log location.


     

       
872

       
 

       
              # Allow this to fail if there aren't any logs to move.


     

       
873

       
 

       
              echo "Moving legacy logs at $oldLogs to $newLogs" >&2


     

       
874

       
 

       
              mkdir -p "$newLogs"


     

       
875

       
 

       
              mv "$oldLogs"/* "$newLogs" || true


     

       

       

       
     

       
876

       
 

       
            fi


     

       
877

       
 

       
          ''


     

       
878

       
 

       
          + optionalString (!cfg.mutableConfig) ''


     
···

       
41

       
 

       
  # The directory to store mutable data within dataDir.


     

       
42

       
 

       
  mutableDataDir = "${cfg.dataDir}/data";


     

       
43

       
 

       



     

       
44

       
+

       
  # The plugin directory. Note that this is the *pre-unpack* plugin directory,


     

       
45

       
+

       
  # since Mattermost looks in mutableDataDir for a directory called "plugins".


     

       
46

       
+

       
  # If Mattermost is installed with plugins defined in a Nix configuration, the plugins


     

       
47

       
+

       
  # are symlinked here. Otherwise, this is a real directory and the tarballs are uploaded here.


     

       
48

       
+

       
  pluginTarballDir = "${mutableDataDir}/plugins";


     

       
49

       
+

       



     

       
50

       
+

       
  # We need a different unpack directory for Mattermost to sync things to at launch,


     

       
51

       
+

       
  # since the above may be a symlink to the store.


     

       
52

       
+

       
  pluginUnpackDir = "${mutableDataDir}/.plugins";


     

       
53

       
 

       



     

       
54

       
 

       
  # Mattermost uses this as a staging directory to unpack plugins, among possibly other things.


     

       
55

       
 

       
  # Ensure that it's inside mutableDataDir since it can get rather large.


     
···

       
238

       
 

       
          services.mattermost.environmentFile = "<your environment file>";


     

       
239

       
 

       
          services.mattermost.database.fromEnvironment = true;


     

       
240

       
 

       
        '' database;


     

       
241

       
+

       



     

       
242

       
+

       
    # Note that the plugin tarball directory is not configurable, and is expected to be in FileSettings.Directory/plugins.


     

       
243

       
+

       
    FileSettings.Directory = mutableDataDir;


     

       
244

       
+

       
    PluginSettings.Directory = "${pluginUnpackDir}/server";


     

       
245

       
+

       
    PluginSettings.ClientDirectory = "${pluginUnpackDir}/client";


     

       
246

       
+

       



     

       
247

       
 

       
    LogSettings = {


     

       
248

       
 

       
      FileLocation = cfg.logDir;


     

       
249

       
 

       



     
···

       
809

       
 

       
          "R- ${tempDir} - - - - -"


     

       
810

       
 

       
          "d= ${tempDir} 0750 ${cfg.user} ${cfg.group} - -"


     

       
811

       
 

       



     

       
812

       
+

       
          # Ensure that pluginUnpackDir is a directory.


     

       
813

       
 

       
          # Don't remove or clean it out since it should be persistent, as this is where plugins are unpacked.


     

       
814

       
+

       
          "d= ${pluginUnpackDir} 0750 ${cfg.user} ${cfg.group} - -"


     

       
815

       
 

       



     

       
816

       
 

       
          # Ensure that the plugin directories exist.


     

       
817

       
 

       
          "d= ${mattermostConf.PluginSettings.Directory} 0750 ${cfg.user} ${cfg.group} - -"


     
···

       
828

       
 

       
          if cfg.pluginsBundle == null then


     

       
829

       
 

       
            # Create the plugin tarball directory to allow plugin uploads.


     

       
830

       
 

       
            [


     

       
831

       
+

       
              "d= ${pluginTarballDir} 0750 ${cfg.user} ${cfg.group} - -"


     

       
832

       
 

       
            ]


     

       
833

       
 

       
          else


     

       
834

       
 

       
            # Symlink the plugin tarball directory, removing anything existing, since it's managed by Nix.


     

       
835

       
+

       
            [ "L+ ${pluginTarballDir} - - - - ${cfg.pluginsBundle}" ]


     

       
836

       
 

       
        );


     

       
837

       
 

       



     

       
838

       
 

       
      systemd.services.mattermost = rec {


     
···

       
876

       
 

       
            # Logs too.


     

       
877

       
 

       
            oldLogs="$dataDir/logs"


     

       
878

       
 

       
            newLogs="$logDir"


     

       
879

       
+

       
            if [ "$oldLogs" != "$newLogs" ] && [ -d "$oldLogs" ] && [ ! -f "$newLogs/.initial-created" ]; then


     

       
880

       
 

       
              # Migrate the legacy log location to the new log location.


     

       
881

       
 

       
              # Allow this to fail if there aren't any logs to move.


     

       
882

       
 

       
              echo "Moving legacy logs at $oldLogs to $newLogs" >&2


     

       
883

       
 

       
              mkdir -p "$newLogs"


     

       
884

       
 

       
              mv "$oldLogs"/* "$newLogs" || true


     

       
885

       
+

       
              touch "$newLogs/.initial-created"


     

       
886

       
 

       
            fi


     

       
887

       
 

       
          ''


     

       
888

       
 

       
          + optionalString (!cfg.mutableConfig) ''
+15 -3
nixos/tests/mattermost/default.nix 
···

       
335

       
 

       
            if [ "$actualPostAttachmentHash" != "$postAttachmentHash" ]; then


     

       
336

       
 

       
              echo "Post attachment hash mismatched!" >&2


     

       
337

       
 

       
              exit 1


     

       
338

       
-

       
            else


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
339

       
 

       
              echo "Post attachment hash was OK!" >&2


     

       
340

       
 

       
              exit 0


     

       

       

       
     

       

       

       
     

       

       

       
     

       
341

       
 

       
            fi


     

       
342

       
 

       
          else


     

       
343

       
 

       
            echo "Post didn't exist when it should have!" >&2


     
···

       
454

       
 

       
          # Switch to the newer config and make sure the plugins directory is replaced with a directory,


     

       
455

       
 

       
          # since it could have been a symlink on previous versions.


     

       
456

       
 

       
          mostlyMutable.systemctl("stop mattermost.service")


     

       
457

       
-

       
          mostlyMutable.succeed(f"[ ! -L /var/lib/mattermost/data/plugins ] && rm -rf /var/lib/mattermost/data/plugins && ln -s {mostlyMutablePlugins} /var/lib/mattermost/data/plugins || true")


     

       
458

       
 

       
          mostlyMutable.succeed('[ -L /var/lib/mattermost/data/plugins ] && [ -d /var/lib/mattermost/data/plugins ]')


     

       
459

       
 

       
          switch_to_specialisation(mostlyMutable, mostlyMutableToplevel, "upgrade")


     

       
460

       
 

       
          wait_mattermost_up(mostlyMutable)


     

       
461

       
-

       
          mostlyMutable.succeed('[ ! -L /var/lib/mattermost/data/plugins ] && [ -d /var/lib/mattermost/data/plugins ]')


     

       
462

       
 

       



     

       
463

       
 

       
          # HelpLink should be changed, still, and the post should still exist


     

       
464

       
 

       
          expect_config(mostlyMutable, esr, '.AboutLink == "https://nixos.org" and .HelpLink == "https://nixos.org/nixos/manual"')


     
···

       
335

       
 

       
            if [ "$actualPostAttachmentHash" != "$postAttachmentHash" ]; then


     

       
336

       
 

       
              echo "Post attachment hash mismatched!" >&2


     

       
337

       
 

       
              exit 1


     

       
338

       
+

       
            fi


     

       
339

       
+

       



     

       
340

       
+

       
            # Make sure it's on the filesystem in the expected place


     

       
341

       
+

       
            fsPath="$(find /var/lib/mattermost/data -name "$(basename -- "$postAttachment")" -print -quit)"


     

       
342

       
+

       
            if [ -z "$fsPath" ] || [ ! -f "$fsPath" ]; then


     

       
343

       
+

       
              echo "Attachment didn't exist on the filesystem!" >&2


     

       
344

       
+

       
              exit 1


     

       
345

       
+

       
            fi


     

       
346

       
+

       



     

       
347

       
+

       
            # And that the hash matches.


     

       
348

       
+

       
            actualFsAttachmentHash="$(sha256sum "$fsPath" | awk '{print $1}')"


     

       
349

       
+

       
            if [ "$actualFsAttachmentHash" == "$postAttachmentHash" ]; then


     

       
350

       
 

       
              echo "Post attachment hash was OK!" >&2


     

       
351

       
 

       
              exit 0


     

       
352

       
+

       
            else


     

       
353

       
+

       
              echo "Attachment hash mismatched on disk!" >&2


     

       
354

       
+

       
              exit 1


     

       
355

       
 

       
            fi


     

       
356

       
 

       
          else


     

       
357

       
 

       
            echo "Post didn't exist when it should have!" >&2


     
···

       
468

       
 

       
          # Switch to the newer config and make sure the plugins directory is replaced with a directory,


     

       
469

       
 

       
          # since it could have been a symlink on previous versions.


     

       
470

       
 

       
          mostlyMutable.systemctl("stop mattermost.service")


     

       

       

       
     

       
471

       
 

       
          mostlyMutable.succeed('[ -L /var/lib/mattermost/data/plugins ] && [ -d /var/lib/mattermost/data/plugins ]')


     

       
472

       
 

       
          switch_to_specialisation(mostlyMutable, mostlyMutableToplevel, "upgrade")


     

       
473

       
 

       
          wait_mattermost_up(mostlyMutable)


     

       

       

       
     

       
474

       
 

       



     

       
475

       
 

       
          # HelpLink should be changed, still, and the post should still exist


     

       
476

       
 

       
          expect_config(mostlyMutable, esr, '.AboutLink == "https://nixos.org" and .HelpLink == "https://nixos.org/nixos/manual"')