mattermost/compose.yaml

services:
  mattermost:
    image: ${MATTERMOST_IMAGE:-mattermost/mattermost-team-edition:latest}
    container_name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_app
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    pids_limit: 200
    read_only: false
    tmpfs:
      - /tmp
    volumes:
      - mattermost_config:/mattermost/config:rw
      - mattermost_data:/mattermost/data:rw
      - mattermost_logs:/mattermost/logs:rw
      - mattermost_plugins:/mattermost/plugins:rw
      - mattermost_client_plugins:/mattermost/client/plugins:rw
      - mattermost_bleve:/mattermost/bleve-indexes:rw
    environment:
      TZ: ${TIMEZONE:-Europe/Berlin}
      MM_SQLSETTINGS_DRIVERNAME: postgres
      MM_SQLSETTINGS_DATASOURCE: postgres://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}:${CORE_DB_PORT}/${MATTERMOST_DB_NAME}?sslmode=disable&connect_timeout=10
      MM_BLEVESETTINGS_INDEXDIR: /mattermost/bleve-indexes
      MM_SERVICESETTINGS_SITEURL: https://${MATTERMOST_TRAEFIK_HOST}
      MM_SERVICESETTINGS_ENABLELOCALMODE: "true"
      # Email settings
      MM_EMAILSETTINGS_ENABLESMTPAUTH: "true"
      MM_EMAILSETTINGS_SMTPUSERNAME: ${EMAIL_SMTP_USER}
      MM_EMAILSETTINGS_SMTPPASSWORD: ${EMAIL_SMTP_PASSWORD}
      MM_EMAILSETTINGS_SMTPSERVER: ${EMAIL_SMTP_HOST}
      MM_EMAILSETTINGS_SMTPPORT: ${EMAIL_SMTP_PORT}
      MM_EMAILSETTINGS_CONNECTIONSECURITY: TLS
      MM_EMAILSETTINGS_FEEDBACKNAME: Mattermost
      MM_EMAILSETTINGS_FEEDBACKEMAIL: ${EMAIL_FROM}
      MM_EMAILSETTINGS_REPLYTOADDRESS: ${EMAIL_FROM}
    networks:
      - compose_network
    labels:
      - 'traefik.enable=${MATTERMOST_TRAEFIK_ENABLED}'
      # HTTP to HTTPS redirect
      - 'traefik.http.middlewares.${MATTERMOST_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.middlewares=${MATTERMOST_COMPOSE_PROJECT_NAME}-redirect-web-secure'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.rule=Host(`${MATTERMOST_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.entrypoints=web'
      # HTTPS router
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${MATTERMOST_TRAEFIK_HOST}`)'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'
      - 'traefik.http.middlewares.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true'
      - 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure-compress,security-headers@file'
      # Service
      - 'traefik.http.services.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=8065'
      - 'traefik.docker.network=${NETWORK_NAME}'
      # Watchtower
      - 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'

volumes:
  mattermost_config:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_config
  mattermost_data:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_data
  mattermost_logs:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_logs
  mattermost_plugins:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_plugins
  mattermost_client_plugins:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_client_plugins
  mattermost_bleve:
    name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_bleve

networks:
  compose_network:
    name: ${NETWORK_NAME}
    external: true
feat: add Mattermost team chat platform to replace Gotify Added Mattermost stack to the docker-compose infrastructure: - Mattermost stack (mattermost.pivoine.art): - Team collaboration and chat platform - PostgreSQL backend for message persistence - Email notifications via IONOS SMTP - Support for channels, direct messages, and integrations - Mobile and desktop app support - Full Traefik integration with SSL termination Infrastructure updates: - Updated PostgreSQL init script to create mattermost database - Added environment variables to arty.yml for Mattermost configuration - Updated compose.yaml include list - Configured email settings for notifications and invitations This will replace Gotify as the primary notification and messaging platform. All services integrated with Traefik for SSL termination and include Watchtower auto-update labels. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2025-11-08 19:43:11 +01:00			`services:`
			`mattermost:`
			`image: ${MATTERMOST_IMAGE:-mattermost/mattermost-team-edition:latest}`
			`container_name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_app`
			`restart: unless-stopped`
			`security_opt:`
			`- no-new-privileges:true`
			`pids_limit: 200`
			`read_only: false`
			`tmpfs:`
			`- /tmp`
			`volumes:`
			`- mattermost_config:/mattermost/config:rw`
			`- mattermost_data:/mattermost/data:rw`
			`- mattermost_logs:/mattermost/logs:rw`
			`- mattermost_plugins:/mattermost/plugins:rw`
			`- mattermost_client_plugins:/mattermost/client/plugins:rw`
			`- mattermost_bleve:/mattermost/bleve-indexes:rw`
			`environment:`
			`TZ: ${TIMEZONE:-Europe/Berlin}`
			`MM_SQLSETTINGS_DRIVERNAME: postgres`
			`MM_SQLSETTINGS_DATASOURCE: postgres://${DB_USER}:${DB_PASSWORD}@${CORE_DB_HOST}:${CORE_DB_PORT}/${MATTERMOST_DB_NAME}?sslmode=disable&connect_timeout=10`
			`MM_BLEVESETTINGS_INDEXDIR: /mattermost/bleve-indexes`
			`MM_SERVICESETTINGS_SITEURL: https://${MATTERMOST_TRAEFIK_HOST}`
			`MM_SERVICESETTINGS_ENABLELOCALMODE: "true"`
			`# Email settings`
			`MM_EMAILSETTINGS_ENABLESMTPAUTH: "true"`
			`MM_EMAILSETTINGS_SMTPUSERNAME: ${EMAIL_SMTP_USER}`
			`MM_EMAILSETTINGS_SMTPPASSWORD: ${EMAIL_SMTP_PASSWORD}`
			`MM_EMAILSETTINGS_SMTPSERVER: ${EMAIL_SMTP_HOST}`
			`MM_EMAILSETTINGS_SMTPPORT: ${EMAIL_SMTP_PORT}`
			`MM_EMAILSETTINGS_CONNECTIONSECURITY: TLS`
			`MM_EMAILSETTINGS_FEEDBACKNAME: Mattermost`
			`MM_EMAILSETTINGS_FEEDBACKEMAIL: ${EMAIL_FROM}`
			`MM_EMAILSETTINGS_REPLYTOADDRESS: ${EMAIL_FROM}`
			`networks:`
			`- compose_network`
			`labels:`
			`- 'traefik.enable=${MATTERMOST_TRAEFIK_ENABLED}'`
			`# HTTP to HTTPS redirect`
			`- 'traefik.http.middlewares.${MATTERMOST_COMPOSE_PROJECT_NAME}-redirect-web-secure.redirectscheme.scheme=https'`
			`- 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.middlewares=${MATTERMOST_COMPOSE_PROJECT_NAME}-redirect-web-secure'`
			- 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.rule=Host(`${MATTERMOST_TRAEFIK_HOST}`)'
			`- 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web.entrypoints=web'`
			`# HTTPS router`
			- 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.rule=Host(`${MATTERMOST_TRAEFIK_HOST}`)'
			`- 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.tls.certresolver=resolver'`
			`- 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.entrypoints=web-secure'`
			`- 'traefik.http.middlewares.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure-compress.compress=true'`
			`- 'traefik.http.routers.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.middlewares=${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure-compress,security-headers@file'`
			`# Service`
			`- 'traefik.http.services.${MATTERMOST_COMPOSE_PROJECT_NAME}-web-secure.loadbalancer.server.port=8065'`
			`- 'traefik.docker.network=${NETWORK_NAME}'`
			`# Watchtower`
			`- 'com.centurylinklabs.watchtower.enable=${WATCHTOWER_LABEL_ENABLE}'`

			`volumes:`
			`mattermost_config:`
			`name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_config`
			`mattermost_data:`
			`name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_data`
			`mattermost_logs:`
			`name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_logs`
			`mattermost_plugins:`
			`name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_plugins`
			`mattermost_client_plugins:`
			`name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_client_plugins`
			`mattermost_bleve:`
			`name: ${MATTERMOST_COMPOSE_PROJECT_NAME}_bleve`

			`networks:`
			`compose_network:`
			`name: ${NETWORK_NAME}`
			`external: true`