diff --git a/docs/ssh-hostkeys.txt b/docs/ssh-hostkeys.txt
index 6a45f5684d7a8bc45bbc7ce4ea61fe5166c98f98..6fede854c0bf9b02522499abb21df5d87dbe1076 100644
--- a/docs/ssh-hostkeys.txt
+++ b/docs/ssh-hostkeys.txt
@@ -97,6 +97,17 @@
256 MD5:7b:38:67:01:59:c8:a7:b3:66:ec:78:df:ec:dd:30:72 root@build.archlinux.org (ED25519)
3072 MD5:f2:6a:ba:b0:53:9b:d4:73:83:21:d6:76:0f:70:71:72 root@build.archlinux.org (RSA)
+# dashboards.archlinux.org
+1024 SHA256:+3thWVH8prQwcpDSmAUGuJugpHWWk5IGvHjnOsKaeZY root@archlinux-packer (DSA)
+256 SHA256:b9dVKP5g+tEvBDxSVeDy5st0K/3MrlHqoIZreusIag8 root@archlinux-packer (ECDSA)
+256 SHA256:DvYeApOHuG/tZDiWHwAoOkY5ayT0S32fbCyJEMMCJ0M root@archlinux-packer (ED25519)
+3072 SHA256:wqlRFmjOSlBuIbYMxCaSF0rmZ/dk322rS12rjXX+qqY root@archlinux-packer (RSA)
+
+1024 MD5:c5:d6:c1:4f:14:90:8e:74:cb:dd:d5:06:05:88:3c:6d root@archlinux-packer (DSA)
+256 MD5:da:b1:48:49:e4:78:e0:d4:88:01:be:20:cd:11:b9:1f root@archlinux-packer (ECDSA)
+256 MD5:5b:6b:10:c6:78:b3:ad:cf:0b:3f:84:e4:24:7b:92:5a root@archlinux-packer (ED25519)
+3072 MD5:2c:88:5f:24:07:2a:63:ef:86:27:1b:f1:18:2d:fe:dd root@archlinux-packer (RSA)
+
# europe.mirror.pkgbuild.com
1024 SHA256:Oq3eikchfo8Wt6AUzWAiU1mDR24rXudJR/zqKBFnrMo root@europe.mirror.pkgbuild.com (DSA)
256 SHA256:3S0HuO72jHUUrPM8BjfcjsB0FNXkubxovc7Sm5jZBjc root@europe.mirror.pkgbuild.com (ECDSA)
@@ -142,15 +153,15 @@
3072 MD5:50:c8:93:43:05:d5:73:a4:84:b1:07:66:a7:20:a5:79 root@archlinux-packer (RSA)
# lists.archlinux.org
-1024 SHA256:az7ZHreYtkvFBgA1goSjry0/e62JKhk4NRXXgT/+VFg root@archlinux-packer (DSA)
-256 SHA256:vt22ZCpoWg0/L5uFfNsbrZ5EkdBnOh5G3jENuBpQeGo root@archlinux-packer (ECDSA)
-256 SHA256:E0ivN9XqSi7U9GIPQ3JUvw6CP6uiS68M5No0DA/BFfI root@archlinux-packer (ED25519)
-3072 SHA256:5YZCzd1C0bVsaye5l/lNiqsn1/IdOGjTmHqwyjV8lc0 root@archlinux-packer (RSA)
+1024 SHA256:/o3BhNZ6MdfHXrqDzVxP5OgKcTmo1/e2v80Xb+Q2ypc root@archlinux-packer (DSA)
+256 SHA256:Xe+YrG+IfhtQkNft+SB7UsTQCIgbqNnqMl/Pqs6uzBE root@archlinux-packer (ECDSA)
+256 SHA256:fAKD+26rDZ74MOMWZI8L3k2c7RzTYd69+iwKp4zhw8c root@archlinux-packer (ED25519)
+3072 SHA256:NyspEiVRnuRtL854ErcdybtjoBia+miQkpuToYZEl78 root@archlinux-packer (RSA)
-1024 MD5:74:6b:bd:62:a9:52:52:e9:f7:78:fe:44:8a:fa:4f:d2 root@archlinux-packer (DSA)
-256 MD5:ed:60:7c:e3:d6:4d:5a:f5:b9:cd:9e:30:4a:6a:64:c0 root@archlinux-packer (ECDSA)
-256 MD5:a7:2e:f4:3a:3e:34:84:ca:6f:73:05:0e:2e:da:60:d0 root@archlinux-packer (ED25519)
-3072 MD5:ae:ad:58:b8:0a:12:a7:d1:86:f0:c6:ba:fa:9e:ea:9f root@archlinux-packer (RSA)
+1024 MD5:fb:bb:0e:a8:0c:5c:41:5a:b1:d9:61:4d:e5:c3:bf:b1 root@archlinux-packer (DSA)
+256 MD5:56:43:80:27:a7:4e:4c:1f:a4:14:dd:d1:eb:37:13:a9 root@archlinux-packer (ECDSA)
+256 MD5:3c:91:d8:b0:4b:5c:36:40:79:27:8a:c7:24:d6:26:af root@archlinux-packer (ED25519)
+3072 MD5:88:99:f2:47:b1:e3:3c:99:52:67:d5:d5:55:b0:af:2c root@archlinux-packer (RSA)
# luna.archlinux.org
1024 SHA256:9Nqu9y1LhT3L3Kd6J9CSyuOc1AdGWo0eLsPxoc5bpaw root@alderaan (DSA)
@@ -174,17 +185,6 @@
256 MD5:dd:20:c1:f1:f2:fa:70:86:3a:e2:39:86:b1:01:2f:61 root@archlinux-packer (ED25519)
3072 MD5:b6:14:30:bd:fe:43:46:6a:20:a2:8b:b0:aa:d4:35:19 root@archlinux-packer (RSA)
-# mailman3.archlinux.org
-1024 SHA256:Vs/PxyU74qe6uR5EUUMWhDLA+B8lBQO2PEbRSmZwzYA root@archlinux-packer (DSA)
-256 SHA256:ARXQTmcvjHISznthbjI04GBOUEuQAIT2v/fRdAg3Zqw root@archlinux-packer (ECDSA)
-256 SHA256:R6sapXFYhonwFNXA90p6OMy3vhKD9P9oPd00/BeuPTA root@archlinux-packer (ED25519)
-3072 SHA256:xIJSPj5r2b3WEwwyx1qG7cCysqFHQfELUGE3vaRlxsM root@archlinux-packer (RSA)
-
-1024 MD5:93:7b:7f:47:09:5b:b5:bf:a3:ad:f7:5f:a2:a1:e5:dd root@archlinux-packer (DSA)
-256 MD5:e5:30:24:b4:03:0a:8b:07:23:5b:8b:9e:68:f3:7e:45 root@archlinux-packer (ECDSA)
-256 MD5:91:95:e9:e2:1f:17:24:66:10:ae:29:ea:90:41:d9:fb root@archlinux-packer (ED25519)
-3072 MD5:97:9f:77:0e:f5:99:44:f3:ab:db:4b:f4:4a:98:cd:dc root@archlinux-packer (RSA)
-
# man.archlinux.org
1024 SHA256:11C7Qa1GSNBBspSlber3Sp+LEMRpfr/VWkypfu6OnhA root@archlinux-packer (DSA)
256 SHA256:fL79NVaEiwXGfUhTXWLkue/D1seSADYbui+jwQ2dvW0 root@archlinux-packer (ECDSA)
@@ -372,17 +372,6 @@
256 MD5:2b:7f:a8:75:ef:38:e3:c3:f7:2e:ea:9e:73:fd:3e:d5 root@archlinux-packer (ED25519)
2048 MD5:f8:a9:75:e2:99:4f:ae:2b:70:72:a2:ae:9e:fb:f1:a2 root@archlinux-packer (RSA)
-# svn2gittest.archlinux.org
-1024 SHA256:R5uXRsoC0CXMxAE+dV6Ola8K1amyK84VFknjM9QgonI root@archlinux-packer (DSA)
-256 SHA256:CVc0FXXE1DY1wmwoHCseGg5TnzYOgbf6adTbgstVWx0 root@archlinux-packer (ECDSA)
-256 SHA256:kcuaxYVB/oCraE0q+ZsnUeozpVJYYDZ24tW5MEObj1E root@archlinux-packer (ED25519)
-3072 SHA256:YMH0JwP+KqyNZ0JR1T0e4SrugZUGpwiUCHKwndHaAYw root@archlinux-packer (RSA)
-
-1024 MD5:be:c7:a8:0d:86:b6:08:b6:bc:3b:f5:ae:d6:9d:2d:55 root@archlinux-packer (DSA)
-256 MD5:62:eb:27:c4:a1:6f:a4:21:ed:50:6f:dd:bf:37:4e:ab root@archlinux-packer (ECDSA)
-256 MD5:9a:97:48:f7:11:b3:32:ba:fa:ab:9f:0c:41:41:da:e4 root@archlinux-packer (ED25519)
-3072 MD5:f3:11:d6:58:f9:32:d1:34:fa:4e:d9:e3:d7:c8:6b:f2 root@archlinux-packer (RSA)
-
# wiki.archlinux.org
1024 SHA256:MnCkxFpWB/mTDRHPVB4RLuSPMNfPQyotpFaWuc55DCk root@archlinux-packer (DSA)
256 SHA256:26K98Dg4laIWFt++vxGPiANR6w+AvxgQUTb1TzeLilY root@archlinux-packer (ECDSA)
diff --git a/docs/ssh-known_hosts.txt b/docs/ssh-known_hosts.txt
index 40f964d9444f20d1f8e091585fddccd3291d0178..dde4118e6aace5f0975bed150ca6629d98c622c5 100644
--- a/docs/ssh-known_hosts.txt
+++ b/docs/ssh-known_hosts.txt
@@ -43,6 +43,11 @@ build.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
build.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILmifn4KBLX24gBH4RwdBzYwLCSyVM1UbjGWxdtvoN1k
build.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9B5/QjC8I8co2r7HmqHLXFo1VdAsrGHxZkdqK5xcU2AMkkWE3orjza83em6+rX43NbHytOs/59h3wN8y5T0sfSD37gn/1WVkyP+/H+QvqNPSx7pgx4yu7tcVjAuxgm2UsObSymRJlxMZ4/k26JY/r8lbWAamYpzFI0aSJAvxkTvhyWU6O3VoVWm9TaUjXTATGBPanWaxAfrVnW4x3CplDPEi1QcwUuPfbJLgtYSyw8M7Brklftr1/stoViK6lVP6uRkAqThY9qsxgbfKhPVlsNMQ3YBHzEWGtrRghHTiDJh8JVTkVfpL7pB9hkFeJiutemwKs0b/4eeikLnUwCIX9cluJPPdJiZEhE2gWA1yB3nHFVp/qLN9nSO+UyKxfUSiOPgkfmp8tbEPkzDUW1H1xLwRZKKQ6OfiWk+IUmkbm2VqLv1SuMpVjgsHjKexMgZrejvh3YfE0PR4+JHpTjnaTL1Ywfr+YH/uJ1cwd2xQHXhIQtUicEpcvnRGPEeNAOyM=
+# dashboards.archlinux.org
+dashboards.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCAfVE0DIkafjiLvlCYuHqdqQSLpFHusNjF8DcXcpQjZxlxwBFpApqoPdNbN2Bry/k7lwonciJ2qE1uglrgKY6w=
+dashboards.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBlMtNCc3M9ZlCFCXVzdRscvJfB6DJpCEeOoraVD4/b
+dashboards.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfE077N+TtbUCXn4vau12+OhnrSM7GY3vyEDF5+GkVKAQA3M2Cvme8K0o64sAnEegpGDAysVVCg81vlHonqERFxCp0Reu0qvbIqMc4nsesGUyM8Mqps7BJtZOiYUv6cWZAEeTvRvU1717M+43Os/q/3YFOPSvC5y7Sud4JSmOKp1+zTbDZF+9kL0EjlS452FaCcAA5PG74LsZzqmOwbw+TyFwE73Dt1D7CifFoTwejDFhY5mQoGHuopwO3BA+cqfM2v3LNq0j2AuJebq5PajK9YzdNPEMqEoxw6U3VWpQAU9QNkxLrxsIT8Vu18YAFg84520ie3GQ49F8Lj6dw9qBhUzSMHoLdsMFKwUfHJrYeXNsRpQNiPOlqXX7QCw62joF211Er5cGf19rFGC7y1F2iG8MWrSEW6x9rgrgisBT05ecGtyEx0LXH/vINAhA5/zvWjDuefn/wCSy7IR0I9n7nSTXMXm0/qr4brtsFA0V+O7mmAA9ErclGE6lIBHpWfd0=
+
# europe.mirror.pkgbuild.com
europe.mirror.pkgbuild.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBASkHNbJZvfME9OAFLZpxoVMt7JfKhN8/VpH6JPRD8eRXfXc2Wt0YOZQGzJsrUNoFchEUUGeNxs7vmj8nwtfqGI=
europe.mirror.pkgbuild.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6sVYSrTIVj+xwyC5uJdFVU+X50tAIDEndsnGta75C7
@@ -64,9 +69,9 @@ homedir.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPxEHvFCXujU6s4eW0U79o
homedir.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDuQbGoCSIPisaZeqtJhM369ugQWc8pHE8404AZu0yUgDxMl6AP5BUfdynlR6VGt4edSaEyp9BkT15YaKh5vph/9MUtZ2zbQ7WPRuvfLNG+RI458q4CYdykVMmTs1DEeAxaVMIAL3225pqh7QMcME0edX9f4PLLkQk8+AAAy24rvgwxLE0BnSLB3zp7wCJw5rm2iZAcqsKkIZw2FJKMlRuEovdvgc7A0FfkSc8muvvHET1FK/Uqv5i9R2Xk3NPFkt/bzcwOVBXCeqUrjLmD0UhRWX8J8GMmrEVPVQLBT6mn/OtlXpOiDcr9HkSLS1mqo59N9wyI4tCKjYQZMEWU36PYjXlDzqOGmdAR6Ly8vDo3BC+ByQqLf/ixkoFD/I5inGejPnAv9eXuiP8o0KoPDOALD8gqwqCoPjElE9ZVObp+NJbuQeXRZt70VKxZEWrUKxKxHM3RoYvgd3h/GHaYEGWdbvTMTVK+xnrczL+Eme4Y81zA8KTwY5qbyc5QCHvksKM=
# lists.archlinux.org
-lists.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMaKy4TZsOKC5tAJvfEXdIeLU+TMVHiwlJAWxSl9MKikkyf1Qmh0NAMFv0tYd+sJSwwaW+AqEuVnsO+JponGIqc=
-lists.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIWh0NnauWbG40MJHmMisPPGrMkY+jumTBajLllb9CBQ
-lists.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9A62LNNGbjqdpEBbinEHJMH/RhjcDIH0SU5BbJB/WONNkhcNWZ6h6AnyEhOhspHLNBxFroQf3voQ8Pfu6gBf9YeWe60j2aSMQBwnWIug8TB+HuPrOWTWdjEudagZjdZ3jdVRX2Fjt8/C2QL2JfRFZWEpWKOa79qaBOTF3qbvNUJi8iggC4zSAwJMmJ2JwCnFBz69sqFWKTgPCE/SzRZodHAiDuO7XSCn+zPaG7re8P6YZz3eQSizcJMUs+t9L17ipqgUVDwUj9+1+q6YSxxNE4t43xYcUEQMIn48XzAQo1ZBhkzPGkV2ezttDkpAJgdKI0ssOoG2EA+1zLF7rKgBufLP3Fi03X7r77ppFrtKyBcxFYoChs0Twz0lV8JM0qcKWXldmu0s2+1o5PFzx+qfsa+EQiczydgZg0Lg2hOhx8jfGI8HQCbYqw4CirItVYF80/HA9jxt8ZQiKsJCYiZ4/4J/pd0eQlpmyy73Zf49CMwxty2HzNMFmRTx7ksqrbu8=
+lists.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKBHMlX50Jr2HiVJ/qDSH3mAjobpbBrGvBRXTKB/xXFBiVXCbJQCQ9HKXQZunLALaIm+jAgpskbXqLQMEpWzST8=
+lists.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVKwNsXUXpgNhlwPVlBRNlpvOt0U9deANS/n//nxbe1
+lists.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuKQnkGRdXyu74f92lzJcQMMDjTzVXkne/mLHiMYKQWlboIBIry3FkzyUGDLbNlZOe4PNR43D9FI0/1EjAuVV72HVQ9sidCbJR/azw3+JF8zwU1HDMOhtCNaWYNqk0DHDvHuWhL6N0duFASf+ZTKRB5Rgk3+p0FisKMCep2vJy5kHY0829INk6ORgPxYzCHCZOLEfZX0aydwscTnubKq1t9blWUdqKSm5Xq5+NEJNPKlo6TgdcBihkdAyaGnZ9KWrXycV6j0UaT/VJNuumZ9KlsvI7Xi/TVDWcLcsU/UqeEvnzUi3oRrvkADzIcoFa5/QrSRQJppKAUgjuhOuk+Px38IIvRdrwDxDoChei+qU8S2O24PP7Cu4oYZ/ecGb8wJleEWVVaYrD5JTEugg0iTe2t0LJiP6rTC1faxErZ9wru18nGNWYR2b+b1MfBzppAoikZUoqygKYYLAerHj3B9wFmw2RJG8JFZ95lMukJmDG8kCYz7eq753PYAAmpFZbdZU=
# luna.archlinux.org
luna.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOZAVWmj2k+dHTfyum7FyIivGcVUkDFHaXmPNxDwF7l8TvkAN8VDQJHEEGJhALMYtNsQ+kt0gksSh4HZqj9n5hI=
@@ -78,11 +83,6 @@ mail.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzd
mail.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTOoGxsf23f6AjIHcQQuvbTOaeIt48Y0PiBj9qlJi1H
mail.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPrURadxte8UJiteGa6+Q+OjTAjhvGAQFkNSXj1pr4k03uxkU6l2v2LuTygk+4SZSCyUsKvNx/ljJeHBnuecQ8rRv19ZFqy/GQKB3oEmiNYMo2dYYlJWwTVBHatmghhB1j2y40yqdKWH2xQuXC3HtnS7fHG0g1Rc4R9KB4MQlcXkwnSEMpwpWBoO7sr0M4YTdwE+nSG9aNfyPbPGp3mX4ATz5X5hPJOlSFVDV6NuKrA+5qyt4jSKdeG5IuWeEnEJesYJEvShYdY9DvMCXnZykB0emzzk+5+Cp2lTPf9LOO3wNsTgHV/CwkoAoMgr9+ASefhBr3nxmmrs9T7nwuobGCGFUqQ2D8IKCmsWGVKXYERViz3x/gYUIlHgVJpoIXCFFqbdpWwxKR1aDMug2fFe699/FzuPdqrWPFdQMF2mPQ0w3AH/62KGp+PULE2HxrlCiY/gF2m8iJLgunxVKmi/c0ufgK9QilnKcPO+W4tcISa5MYt7MSTTLV9eVsgVjGhOU=
-# mailman3.archlinux.org
-mailman3.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE6mE3BtsReBFLagZwLn1Mo3N7RIqILAzFMOMUINFi41EEmGBNinjwOfX0qNx8AHo41g+M6Yu3CiDcC/BimCWto=
-mailman3.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIxf1nIo36jwbX9nkuYIcbE6t/jVxY7Fnlf99u9MWSvt
-mailman3.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaAmU1BnGf8S9QJUch42cpsQ671gMa7SS6+7L4XwJPd5Dv7rlBgKsCCpssa7NNCEUSTZyFr3Wo8RVXsZwjvisYmqS3AR6GeZ94zMMnOK4QlwsvMQEUwdR96PF+ANK16tJ94KENIQLDUB5gnz/RitRV4k8hVTKuqKGDUFlzzlVl8X9evwgOPyWImPVdLiCDIi/8lWz3qNeEfaFkCqLwr4nZi+b9K3qJVrR3DdKmGutEg4m7O1DR9RNBtzq1oTW49Uhv2W/7t/1MTYzmHA4yIZQ25cbi+k7Q6hY0j1oXAJ4NWOqcPM2arNUJWN4m0NlispvdJ81l7AIhXzuX4XGHGtWzhFsfweVgTnDYAsq/Hra/LB5w/43fKTqC8Lqty7JyllB1/9J6JoSGvx/e7JjXdJS8lvwMN3LivAfUbWnGz+Qs9lfKNT+dDRLryO086+DKCJ1jL7MqovRB0CZHHfUvXZ6YKQciyCWD0RM8pFa0DUJbG9b5XRKDI9KTvHRbL2xb0n0=
-
# man.archlinux.org
man.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPhnsStoFw6rbVpE1S1vsXNk8de1SyMag1C+v0DWVSuNYzTylYg4322WbYzw45z2XhxrF6XmCSDMvgxvFwnfLQA=
man.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzjkN+igIxSIv5N9+ANNoo6knPa51Tj5TAXs4EQ8lY2
@@ -168,11 +168,6 @@ state.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
state.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbZyVxaIdyd5f/dhPN7qGBnOSpLCYzoEqAKuakhi5ou
state.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoH0lD8Je2KUktA0RWREiN9v2oIpl/kTZfXZw7LhBaJLdZorqGLI/Nu0Kzb+7Wp0RvcNi5eOpLtFctAwIEs2nEvkPHmKH70KoMBiNNzMWHK6IwTH0EdyYQzjOm4E7qWtbIdK6vSUqtLwgkfaUJ+EokJu51632hmTE2Bk0I12K93hjODmZnM7GhGmSx6h+3KrYfkCz4a2PXVpTptvTTl5t4SkFQMdioQ6k+1m2itjhhEujkewl4N6rar6jB6b4yGHlPZN5Y3lmYaQhraZwen6kuPHfjuMjtkf6lR0cqoK7FvwwrkiXcuGqS8xcVYmRsqRQdXZzLORcMSW4wjlizwQCd
-# svn2gittest.archlinux.org
-svn2gittest.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPUurgjvGKpn7RCQwlSicMzwLowQ4M0Gtf60GE0Rl5nN2XUGe5lDl/A0bUi16dHCPEUbQWlmBxNBNoa0r4bwo6k=
-svn2gittest.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgvu1kXUUucO0ss+A+cDR1dsn71N77T9U/wWtcf+1w5
-svn2gittest.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/2iOTxrCAXRfpzLfJzvwlnISD+G7wxH5aONHybVga3O1p/KQv8TiTK/+dqnH9ZW6KBPnQjtsIEmzx/ZIr/aAMeZX8OwZAl1wbKdFSpeCAhJtK7zKGr/f8qlYttHgttiGq9PJMQ8bwldaAWEllgFhr/hveKPckfACrgADTJStaWW7eeqAe28BjqHm7BpT/jO3DAeVaHrcY8CVtHsCFUXCoHSFf5ER3QOH4LTfqM7Imz0cK8i29x1H5RruM+pzIMaHthabWHERwE/V/j0Xt0gEyfXZOWK5K+3ueZjVl5yUsvpSxoYSQzpQg+rvsnN7L7qRYjA04bI6NWopFdpMKzk0NcVF64tR4wfPfaaTjYdH2HU3uO/JRtN4IZmFdI2vL1UtycM9w44humZyNUGjeMUBFbBwwPGTAkcTWjPW8HLtVYjgS6Zl5/cBjLSG90qpg7hPo0V80ybRRRJbOH14txlX4z2btxCiurHCi+nxzYBABGINsZgd9s+7AORWtvfBGo0U=
-
# wiki.archlinux.org
wiki.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFtDdXEOfPTQfdsZGHIHRtYZaXZLV6lFddU0LkzyxlsYhHf84sWDSMKrQcJn6ywBInh00K8BE90N6H+mOgiLaeY=
wiki.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILFxxvRi7khrt6mUQGiXX35O1MBrrDeEmvaAnWo9ql/7
diff --git a/group_vars/all/vault_mailman.yml b/group_vars/all/vault_mailman.yml
new file mode 100644
index 0000000000000000000000000000000000000000..98cc49e1647bc5b06715c3243a8e28a5c396c44d
--- /dev/null
+++ b/group_vars/all/vault_mailman.yml
@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+33663534393934353761333131636338343835616465386562393436663463343566376536303962
+3463363464623530653630383464326232303565333039320a386364623664613931636531336233
+34366536623139613733626539306462366139356562393166346234343261306631333763396462
+3735643430396562650a646463303232633039313037346238636239616461373337656563393239
+62386464396237303634336661363135333464363135343234626234336432333963666136346633
+66636633633237383937393431326639623938356133323566663562653964613564343231323939
+38336537656532353163366439393366373264366363303730663139383436356335613462653234
+64313365643833333739
diff --git a/host_vars/lists.archlinux.org b/host_vars/lists.archlinux.org
new file mode 100644
index 0000000000000000000000000000000000000000..c162214f42b7163cfa681b52347443df3fb6fc3e
--- /dev/null
+++ b/host_vars/lists.archlinux.org
@@ -0,0 +1,3 @@
+---
+filesystem: btrfs
+ipv4_address: 95.217.236.249
diff --git a/hosts b/hosts
index 771bbb395562b2017bbd2e7f4769c34bf5b135d7..dc7f3a56155ded90a8935fcabf76eb5776da5f02 100644
--- a/hosts
+++ b/hosts
@@ -46,6 +46,7 @@ wiki.archlinux.org
patchwork.archlinux.org
security.archlinux.org
md.archlinux.org
+lists.archlinux.org
[borg_hosts]
prio.ch-s012.rsync.net
@@ -144,6 +145,7 @@ runner1.archlinux.org
md.archlinux.org
man.archlinux.org
dashboards.archlinux.org
+lists.archlinux.org
[kape_servers]
asia.mirror.pkgbuild.com
diff --git a/playbooks/lists.archlinux.org.yml b/playbooks/lists.archlinux.org.yml
new file mode 100644
index 0000000000000000000000000000000000000000..a20dea7ac0b693f11cba23590231bfe4683dcd48
--- /dev/null
+++ b/playbooks/lists.archlinux.org.yml
@@ -0,0 +1,20 @@
+- name: setup mailman server
+ hosts: lists.archlinux.org
+ remote_user: root
+ roles:
+ - { role: common }
+ - { role: firewalld }
+ - { role: tools }
+ - { role: sshd }
+ - { role: root_ssh }
+ - { role: hardening }
+ - { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" }
+ - { role: prometheus_exporters }
+ - { role: promtail }
+ - { role: certbot }
+ - { role: nginx }
+ - { role: fail2ban }
+ - { role: rspamd, rspamd_dkim_domain: lists.archlinux.org, rspamd_dkim_use_esld: false, tags: ["mail"] }
+ - { role: unbound, unbound_port: 5353, tags: ["mail"] }
+ - { role: uwsgi }
+ - { role: mailman }
diff --git a/playbooks/luna.yml b/playbooks/luna.yml
index 81b5f4084f3f0dc0798df6ec757e508efe437cbd..c4e50e06c0dc70a97d0e418bb961d1b917e07939 100644
--- a/playbooks/luna.yml
+++ b/playbooks/luna.yml
@@ -30,6 +30,3 @@
- { role: mariadb, mariadb_query_cache_type: '0', mariadb_innodb_file_per_table: true }
- { role: prometheus_exporters }
- { role: promtail }
-# luna is hosting mailman lists; this postfix role does not cater to this yet
-# TODO: make postfix role handle mailman config?
-# - { role: postfix, tags: ["postfix"], postfix_relayhost: "mail.archlinux.org" }
diff --git a/playbooks/mail.archlinux.org.yml b/playbooks/mail.archlinux.org.yml
index b7fa476c91be604f689d41675b78193a4ecd41a4..de383c3aa52407619c1f57eaad91e29f48eeef5e 100644
--- a/playbooks/mail.archlinux.org.yml
+++ b/playbooks/mail.archlinux.org.yml
@@ -12,7 +12,7 @@
- { role: mta_sts }
- { role: postfix, postfix_server: true, postfix_smtpd_public: true, tags: ['mail'] }
- { role: dovecot }
- - { role: rspamd, tags: ["mail"] }
+ - { role: rspamd, rspamd_dkim_domain: archlinux.org, tags: ["mail"] }
- { role: unbound, unbound_port: 5353, tags: ["mail"] }
- { role: postfwd, tags: ['mail'] }
- { role: archusers }
diff --git a/roles/mailman/defaults/main.yml b/roles/mailman/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b2d2b3fd97fea0e40382ddc367ac056d789ad2af
--- /dev/null
+++ b/roles/mailman/defaults/main.yml
@@ -0,0 +1 @@
+lists_domain: lists.archlinux.org
diff --git a/roles/mailman/files/mailman.ini b/roles/mailman/files/mailman.ini
new file mode 100644
index 0000000000000000000000000000000000000000..fe6d040f429a53f1be93ab35c3501f5a3ba26299
--- /dev/null
+++ b/roles/mailman/files/mailman.ini
@@ -0,0 +1,10 @@
+[uwsgi]
+plugins = cgi
+socket = /run/uwsgi/%n.sock
+chmod-socket = 770
+threads = 2
+
+cgi = /=/usr/lib/mailman/cgi-bin/
+cgi-index = listinfo
+uid = mailman
+gid = http
diff --git a/roles/mailman/files/milter_header_checks b/roles/mailman/files/milter_header_checks
new file mode 100644
index 0000000000000000000000000000000000000000..0a31b0229849ad7400fe0b70a7060753df943381
--- /dev/null
+++ b/roles/mailman/files/milter_header_checks
@@ -0,0 +1,2 @@
+# We don't have a Junk folder for mailman so reject mails which are probably spam
+/^X-Spam: Yes$/ REJECT Your message has been rejected by Rspamd
diff --git a/roles/mailman/handlers/main.yml b/roles/mailman/handlers/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..b48bca38207f015f2eff329e552b6dfe8908210e
--- /dev/null
+++ b/roles/mailman/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: reload mailman
+ service: name=mailman state=reloaded
+
+- name: reload postfix
+ service: name=postfix state=reloaded
diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..473a670c14ae5a34c81bd087769c82736e1d7666
--- /dev/null
+++ b/roles/mailman/tasks/main.yml
@@ -0,0 +1,59 @@
+---
+- name: create ssl cert
+ include_role:
+ name: certificate
+ vars:
+ domains: ["{{ lists_domain }}"]
+
+- name: install mailman, uwsgi-plugin-cgi and postfx
+ pacman: name=mailman,uwsgi-plugin-cgi,postfix,postfix-pcre state=present
+
+- name: install mailman configuration
+ template: src=mm_cfg.py.j2 dest=/etc/mailman/mm_cfg.py follow=yes owner=root group=root mode=0644
+ notify: reload mailman
+
+- name: install postfix configuration
+ template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0644
+ notify: reload postfix
+
+- name: install postfix maps
+ copy: src={{ item }} dest=/etc/postfix/ owner=root group=root mode=0644
+ loop:
+ - milter_header_checks
+
+- name: open firewall holes for postfix
+ ansible.posix.firewalld: service=smtp permanent=true state=enabled immediate=yes
+ when: configure_firewall
+ tags:
+ - firewall
+
+- name: create mailman list
+ command: /usr/lib/mailman/bin/newlist -a mailman root@{{ lists_domain }} meG0n5Wq6dEWCA6s
+ args:
+ creates: /var/lib/mailman/lists/mailman
+
+- name: configure mailman uwsgi service
+ copy: src=mailman.ini dest=/etc/uwsgi/vassals/ owner=mailman group=http mode=0644
+
+- name: make nginx log dir
+ file: path=/var/log/nginx/{{ lists_domain }} state=directory owner=root group=root mode=0755
+
+- name: set up nginx
+ template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/mailman.conf" owner=root group=root mode=644
+ notify: reload nginx
+ tags: ['nginx']
+
+- name: start and enable postfix
+ systemd: name=postfix.service enabled=yes daemon_reload=yes state=started
+
+- name: start and enable mailman{.service,-*.timer}
+ systemd: name={{ item }} enabled=yes daemon_reload=yes state=started
+ loop:
+ - mailman.service
+ - mailman-senddigests.timer
+ - mailman-nightlygzip.timer
+ - mailman-mailpasswds.timer
+ - mailman-gatenews.timer
+ - mailman-disabled.timer
+ - mailman-cullbadshunt.timer
+ - mailman-checkdbs.timer
diff --git a/roles/mailman/templates/main.cf.j2 b/roles/mailman/templates/main.cf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..f14357e607f584a8df514f103db1310c7975dae3
--- /dev/null
+++ b/roles/mailman/templates/main.cf.j2
@@ -0,0 +1,50 @@
+#
+# {{ansible_managed}}
+#
+
+compatibility_level = 3.6
+
+biff = no
+smtputf8_enable = no
+
+smtpd_tls_cert_file = /etc/letsencrypt/live/{{ lists_domain }}/fullchain.pem
+smtpd_tls_key_file = /etc/letsencrypt/live/{{ lists_domain }}/privkey.pem
+smtpd_tls_loglevel = 1
+smtpd_tls_security_level = may
+
+smtp_tls_loglevel = 1
+smtp_tls_security_level = may
+
+mydomain = {{ lists_domain }}
+myorigin = {{ lists_domain }}
+mydestination = {{ lists_domain }}
+
+# fatal: configuration error: mailbox_size_limit is smaller than message_size_limit
+message_size_limit = 104857600
+mailbox_size_limit = $message_size_limit
+recipient_delimiter = +
+disable_vrfy_command = yes
+strict_rfc821_envelopes = yes
+
+# enable for testing new config
+soft_bounce = no
+debug_peer_list =
+
+smtpd_relay_restrictions =
+ permit_mynetworks
+ permit_sasl_authenticated
+ reject_unauth_destination
+
+smtpd_reject_footer = For assistance contact <postmaster@archlinux.org>. Please provide the following information in your problem report: time ($localtime) and client ($client_address).
+
+# rspamd
+smtpd_milters = inet:localhost:11332
+non_smtpd_milters = $smtpd_milters
+
+alias_maps = hash:/var/lib/mailman/data/aliases
+alias_database = $alias_maps
+virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman
+
+milter_header_checks = pcre:/etc/postfix/milter_header_checks
+
+delay_warning_time = 4h
diff --git a/roles/mailman/templates/mm_cfg.py.j2 b/roles/mailman/templates/mm_cfg.py.j2
new file mode 100644
index 0000000000000000000000000000000000000000..abe99fe3098dbe0cb18f20f8c34b7ac23ba402c5
--- /dev/null
+++ b/roles/mailman/templates/mm_cfg.py.j2
@@ -0,0 +1,79 @@
+# -*- python -*-
+
+# Copyright (C) 1998-2018 by the Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+"""This module contains your site-specific settings.
+
+From a brand new distribution it should be copied to mm_cfg.py. If you
+already have an mm_cfg.py, be careful to add in only the new settings you
+want. Mailman's installation procedure will never overwrite your mm_cfg.py
+file.
+
+The complete set of distributed defaults, with documentation, are in the file
+Defaults.py. In mm_cfg.py, override only those you want to change, after the
+
+ from Defaults import *
+
+line (see below).
+
+Note that these are just default settings; many can be overridden via the
+administrator and user interfaces on a per-list or per-user basis.
+
+Also note that many of these settings will not be effective until Mailman
+is restarted. Thus, you should always restart Mailman after changing this
+file.
+
+Further, settings which relate to a list's host_name and web_page_url only
+affect lists created after the change. For existing lists, see the FAQ at
+<http://wiki.list.org/x/mIA9>.
+
+"""
+
+###############################################
+# Here's where we get the distributed defaults.
+
+from Defaults import *
+
+##################################################
+# Put YOUR site-specific settings below this line.
+
+# Please see: http://wiki.list.org/x/mIA9 if you change this
+DEFAULT_URL_HOST = '{{ lists_domain }}'
+DEFAULT_EMAIL_HOST = '{{ lists_domain }}'
+MTA = 'Postfix'
+
+VIRTUAL_HOSTS.clear()
+add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
+
+POSTFIX_STYLE_VIRTUAL_DOMAINS = ['{{ lists_domain }}']
+
+DEFAULT_URL_PATTERN = 'https://%s/'
+PUBLIC_ARCHIVE_URL = 'https://%(hostname)s/pipermail/%(listname)s'
+
+# bot protection
+SUBSCRIBE_FORM_SECRET = '{{ vault_mailman_subscribe_form_secret }}'
+
+VIRTUAL_HOST_OVERVIEW = Off
+
+DEFAULT_SEND_REMINDERS = 0
+
+PUBLIC_MBOX = Yes
+
+DEFAULT_MSG_HEADER = ""
+DEFAULT_MSG_FOOTER = ""
+#DEFAULT_DMARC_MODERATION_ACTION = 1
+REMOVE_DKIM_HEADERS = 1
diff --git a/roles/mailman/templates/nginx.d.conf.j2 b/roles/mailman/templates/nginx.d.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..accb7e83bc3d64123526798f4e0629458f98dcc2
--- /dev/null
+++ b/roles/mailman/templates/nginx.d.conf.j2
@@ -0,0 +1,53 @@
+server {
+ listen 80;
+ listen [::]:80;
+ server_name {{ lists_domain }};
+
+ access_log /var/log/nginx/{{ lists_domain }}/access.log main;
+ access_log /var/log/nginx/{{ lists_domain }}/access.log.json json_main;
+ error_log /var/log/nginx/{{ lists_domain }}/error.log;
+
+ include snippets/letsencrypt.conf;
+
+ location / {
+ access_log off;
+ return 301 https://$server_name$request_uri;
+ }
+}
+
+server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name {{ lists_domain }};
+
+ access_log /var/log/nginx/{{ lists_domain }}/access.log main;
+ access_log /var/log/nginx/{{ lists_domain }}/access.log.json json_main;
+ error_log /var/log/nginx/{{ lists_domain }}/error.log;
+
+ ssl_certificate /etc/letsencrypt/live/{{ lists_domain }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ lists_domain }}/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/{{ lists_domain }}/chain.pem;
+
+ # redirect old urls
+ location /mailman {
+ rewrite ^/mailman/(.*) /$1 permanent;
+ }
+
+ location /icons {
+ alias /usr/lib/mailman/icons;
+ }
+
+ location /pipermail {
+ alias /var/lib/mailman/archives/public;
+ autoindex on;
+ }
+
+ location / {
+ root /usr/lib/mailman/cgi-bin/;
+ index listinfo;
+ include uwsgi_params;
+ uwsgi_modifier1 9;
+ uwsgi_pass unix:/run/uwsgi/mailman.sock;
+ }
+
+}
diff --git a/roles/mta_sts/defaults/main.yml b/roles/mta_sts/defaults/main.yml
index 23f424313599968c084725558ebcf60149bb1821..20b70983d96fb28e9a0d79e8f8070033f484f016 100644
--- a/roles/mta_sts/defaults/main.yml
+++ b/roles/mta_sts/defaults/main.yml
@@ -6,6 +6,6 @@ mta_sts:
- aur.archlinux.org
- master-key.archlinux.org
- mx:
- - luna.archlinux.org
+ - lists.archlinux.org
domains:
- lists.archlinux.org
diff --git a/roles/postfix/files/mailman_compat b/roles/postfix/files/mailman_compat
deleted file mode 100644
index 714aea9b68677ebed745474d4ca964fb23cf7355..0000000000000000000000000000000000000000
--- a/roles/postfix/files/mailman_compat
+++ /dev/null
@@ -1,253 +0,0 @@
-
-#mailman@archlinux.org #mailman@lists.archlinux.org
-#mailman-admin@archlinux.org #mailman-admin@lists.archlinux.org
-#mailman-bounces@archlinux.org #mailman-bounces@lists.archlinux.org
-#mailman-confirm@archlinux.org #mailman-confirm@lists.archlinux.org
-#mailman-join@archlinux.org #mailman-join@lists.archlinux.org
-#mailman-leave@archlinux.org #mailman-leave@lists.archlinux.org
-#mailman-owner@archlinux.org #mailman-owner@lists.archlinux.org
-#mailman-request@archlinux.org #mailman-request@lists.archlinux.org
-#mailman-subscribe@archlinux.org #mailman-subscribe@lists.archlinux.org
-#mailman-unsubscribe@archlinux.org #mailman-unsubscribe@lists.archlinux.org
-
-arch-events@archlinux.org arch-events@lists.archlinux.org
-arch-events-admin@archlinux.org arch-events-admin@lists.archlinux.org
-arch-events-bounces@archlinux.org arch-events-bounces@lists.archlinux.org
-arch-events-confirm@archlinux.org arch-events-confirm@lists.archlinux.org
-arch-events-join@archlinux.org arch-events-join@lists.archlinux.org
-arch-events-leave@archlinux.org arch-events-leave@lists.archlinux.org
-arch-events-owner@archlinux.org arch-events-owner@lists.archlinux.org
-arch-events-request@archlinux.org arch-events-request@lists.archlinux.org
-arch-events-subscribe@archlinux.org arch-events-subscribe@lists.archlinux.org
-arch-events-unsubscribe@archlinux.org arch-events-unsubscribe@lists.archlinux.org
-
-arch-general@archlinux.org arch-general@lists.archlinux.org
-arch-general-admin@archlinux.org arch-general-admin@lists.archlinux.org
-arch-general-bounces@archlinux.org arch-general-bounces@lists.archlinux.org
-arch-general-confirm@archlinux.org arch-general-confirm@lists.archlinux.org
-arch-general-join@archlinux.org arch-general-join@lists.archlinux.org
-arch-general-leave@archlinux.org arch-general-leave@lists.archlinux.org
-arch-general-owner@archlinux.org arch-general-owner@lists.archlinux.org
-arch-general-request@archlinux.org arch-general-request@lists.archlinux.org
-arch-general-subscribe@archlinux.org arch-general-subscribe@lists.archlinux.org
-arch-general-unsubscribe@archlinux.org arch-general-unsubscribe@lists.archlinux.org
-
-aur-dev@archlinux.org aur-dev@lists.archlinux.org
-aur-dev-admin@archlinux.org aur-dev-admin@lists.archlinux.org
-aur-dev-bounces@archlinux.org aur-dev-bounces@lists.archlinux.org
-aur-dev-confirm@archlinux.org aur-dev-confirm@lists.archlinux.org
-aur-dev-join@archlinux.org aur-dev-join@lists.archlinux.org
-aur-dev-leave@archlinux.org aur-dev-leave@lists.archlinux.org
-aur-dev-owner@archlinux.org aur-dev-owner@lists.archlinux.org
-aur-dev-request@archlinux.org aur-dev-request@lists.archlinux.org
-aur-dev-subscribe@archlinux.org aur-dev-subscribe@lists.archlinux.org
-aur-dev-unsubscribe@archlinux.org aur-dev-unsubscribe@lists.archlinux.org
-
-aur-general@archlinux.org aur-general@lists.archlinux.org
-aur-general-admin@archlinux.org aur-general-admin@lists.archlinux.org
-aur-general-bounces@archlinux.org aur-general-bounces@lists.archlinux.org
-aur-general-confirm@archlinux.org aur-general-confirm@lists.archlinux.org
-aur-general-join@archlinux.org aur-general-join@lists.archlinux.org
-aur-general-leave@archlinux.org aur-general-leave@lists.archlinux.org
-aur-general-owner@archlinux.org aur-general-owner@lists.archlinux.org
-aur-general-request@archlinux.org aur-general-request@lists.archlinux.org
-aur-general-subscribe@archlinux.org aur-general-subscribe@lists.archlinux.org
-aur-general-unsubscribe@archlinux.org aur-general-unsubscribe@lists.archlinux.org
-
-pacman-dev@archlinux.org pacman-dev@lists.archlinux.org
-pacman-dev-admin@archlinux.org pacman-dev-admin@lists.archlinux.org
-pacman-dev-bounces@archlinux.org pacman-dev-bounces@lists.archlinux.org
-pacman-dev-confirm@archlinux.org pacman-dev-confirm@lists.archlinux.org
-pacman-dev-join@archlinux.org pacman-dev-join@lists.archlinux.org
-pacman-dev-leave@archlinux.org pacman-dev-leave@lists.archlinux.org
-pacman-dev-owner@archlinux.org pacman-dev-owner@lists.archlinux.org
-pacman-dev-request@archlinux.org pacman-dev-request@lists.archlinux.org
-pacman-dev-subscribe@archlinux.org pacman-dev-subscribe@lists.archlinux.org
-pacman-dev-unsubscribe@archlinux.org pacman-dev-unsubscribe@lists.archlinux.org
-
-arch-releng@archlinux.org arch-releng@lists.archlinux.org
-arch-releng-admin@archlinux.org arch-releng-admin@lists.archlinux.org
-arch-releng-bounces@archlinux.org arch-releng-bounces@lists.archlinux.org
-arch-releng-confirm@archlinux.org arch-releng-confirm@lists.archlinux.org
-arch-releng-join@archlinux.org arch-releng-join@lists.archlinux.org
-arch-releng-leave@archlinux.org arch-releng-leave@lists.archlinux.org
-arch-releng-owner@archlinux.org arch-releng-owner@lists.archlinux.org
-arch-releng-request@archlinux.org arch-releng-request@lists.archlinux.org
-arch-releng-subscribe@archlinux.org arch-releng-subscribe@lists.archlinux.org
-arch-releng-unsubscribe@archlinux.org arch-releng-unsubscribe@lists.archlinux.org
-
-arch-announce@archlinux.org arch-announce@lists.archlinux.org
-arch-announce-admin@archlinux.org arch-announce-admin@lists.archlinux.org
-arch-announce-bounces@archlinux.org arch-announce-bounces@lists.archlinux.org
-arch-announce-confirm@archlinux.org arch-announce-confirm@lists.archlinux.org
-arch-announce-join@archlinux.org arch-announce-join@lists.archlinux.org
-arch-announce-leave@archlinux.org arch-announce-leave@lists.archlinux.org
-arch-announce-owner@archlinux.org arch-announce-owner@lists.archlinux.org
-arch-announce-request@archlinux.org arch-announce-request@lists.archlinux.org
-arch-announce-subscribe@archlinux.org arch-announce-subscribe@lists.archlinux.org
-arch-announce-unsubscribe@archlinux.org arch-announce-unsubscribe@lists.archlinux.org
-
-arch-dev-public@archlinux.org arch-dev-public@lists.archlinux.org
-arch-dev-public-admin@archlinux.org arch-dev-public-admin@lists.archlinux.org
-arch-dev-public-bounces@archlinux.org arch-dev-public-bounces@lists.archlinux.org
-arch-dev-public-confirm@archlinux.org arch-dev-public-confirm@lists.archlinux.org
-arch-dev-public-join@archlinux.org arch-dev-public-join@lists.archlinux.org
-arch-dev-public-leave@archlinux.org arch-dev-public-leave@lists.archlinux.org
-arch-dev-public-owner@archlinux.org arch-dev-public-owner@lists.archlinux.org
-arch-dev-public-request@archlinux.org arch-dev-public-request@lists.archlinux.org
-arch-dev-public-subscribe@archlinux.org arch-dev-public-subscribe@lists.archlinux.org
-arch-dev-public-unsubscribe@archlinux.org arch-dev-public-unsubscribe@lists.archlinux.org
-
-arch-ports@archlinux.org arch-ports@lists.archlinux.org
-arch-ports-admin@archlinux.org arch-ports-admin@lists.archlinux.org
-arch-ports-bounces@archlinux.org arch-ports-bounces@lists.archlinux.org
-arch-ports-confirm@archlinux.org arch-ports-confirm@lists.archlinux.org
-arch-ports-join@archlinux.org arch-ports-join@lists.archlinux.org
-arch-ports-leave@archlinux.org arch-ports-leave@lists.archlinux.org
-arch-ports-owner@archlinux.org arch-ports-owner@lists.archlinux.org
-arch-ports-request@archlinux.org arch-ports-request@lists.archlinux.org
-arch-ports-subscribe@archlinux.org arch-ports-subscribe@lists.archlinux.org
-arch-ports-unsubscribe@archlinux.org arch-ports-unsubscribe@lists.archlinux.org
-
-arch-commits@archlinux.org arch-commits@lists.archlinux.org
-arch-commits-admin@archlinux.org arch-commits-admin@lists.archlinux.org
-arch-commits-bounces@archlinux.org arch-commits-bounces@lists.archlinux.org
-arch-commits-confirm@archlinux.org arch-commits-confirm@lists.archlinux.org
-arch-commits-join@archlinux.org arch-commits-join@lists.archlinux.org
-arch-commits-leave@archlinux.org arch-commits-leave@lists.archlinux.org
-arch-commits-owner@archlinux.org arch-commits-owner@lists.archlinux.org
-arch-commits-request@archlinux.org arch-commits-request@lists.archlinux.org
-arch-commits-subscribe@archlinux.org arch-commits-subscribe@lists.archlinux.org
-arch-commits-unsubscribe@archlinux.org arch-commits-unsubscribe@lists.archlinux.org
-
-arch-dev@archlinux.org arch-dev@lists.archlinux.org
-arch-dev-admin@archlinux.org arch-dev-admin@lists.archlinux.org
-arch-dev-bounces@archlinux.org arch-dev-bounces@lists.archlinux.org
-arch-dev-confirm@archlinux.org arch-dev-confirm@lists.archlinux.org
-arch-dev-join@archlinux.org arch-dev-join@lists.archlinux.org
-arch-dev-leave@archlinux.org arch-dev-leave@lists.archlinux.org
-arch-dev-owner@archlinux.org arch-dev-owner@lists.archlinux.org
-arch-dev-request@archlinux.org arch-dev-request@lists.archlinux.org
-arch-dev-subscribe@archlinux.org arch-dev-subscribe@lists.archlinux.org
-arch-dev-unsubscribe@archlinux.org arch-dev-unsubscribe@lists.archlinux.org
-
-arch-tu@archlinux.org arch-tu@lists.archlinux.org
-arch-tu-admin@archlinux.org arch-tu-admin@lists.archlinux.org
-arch-tu-bounces@archlinux.org arch-tu-bounces@lists.archlinux.org
-arch-tu-confirm@archlinux.org arch-tu-confirm@lists.archlinux.org
-arch-tu-join@archlinux.org arch-tu-join@lists.archlinux.org
-arch-tu-leave@archlinux.org arch-tu-leave@lists.archlinux.org
-arch-tu-owner@archlinux.org arch-tu-owner@lists.archlinux.org
-arch-tu-request@archlinux.org arch-tu-request@lists.archlinux.org
-arch-tu-subscribe@archlinux.org arch-tu-subscribe@lists.archlinux.org
-arch-tu-unsubscribe@archlinux.org arch-tu-unsubscribe@lists.archlinux.org
-
-repoman@archlinux.org repoman@lists.archlinux.org
-repoman-admin@archlinux.org repoman-admin@lists.archlinux.org
-repoman-bounces@archlinux.org repoman-bounces@lists.archlinux.org
-repoman-confirm@archlinux.org repoman-confirm@lists.archlinux.org
-repoman-join@archlinux.org repoman-join@lists.archlinux.org
-repoman-leave@archlinux.org repoman-leave@lists.archlinux.org
-repoman-owner@archlinux.org repoman-owner@lists.archlinux.org
-repoman-request@archlinux.org repoman-request@lists.archlinux.org
-repoman-subscribe@archlinux.org repoman-subscribe@lists.archlinux.org
-repoman-unsubscribe@archlinux.org repoman-unsubscribe@lists.archlinux.org
-
-arch-notifications@archlinux.org arch-notifications@lists.archlinux.org
-arch-notifications-admin@archlinux.org arch-notifications-admin@lists.archlinux.org
-arch-notifications-bounces@archlinux.org arch-notifications-bounces@lists.archlinux.org
-arch-notifications-confirm@archlinux.org arch-notifications-confirm@lists.archlinux.org
-arch-notifications-join@archlinux.org arch-notifications-join@lists.archlinux.org
-arch-notifications-leave@archlinux.org arch-notifications-leave@lists.archlinux.org
-arch-notifications-owner@archlinux.org arch-notifications-owner@lists.archlinux.org
-arch-notifications-request@archlinux.org arch-notifications-request@lists.archlinux.org
-arch-notifications-subscribe@archlinux.org arch-notifications-subscribe@lists.archlinux.org
-arch-notifications-unsubscribe@archlinux.org arch-notifications-unsubscribe@lists.archlinux.org
-
-arch-magazine@archlinux.org arch-magazine@lists.archlinux.org
-arch-magazine-admin@archlinux.org arch-magazine-admin@lists.archlinux.org
-arch-magazine-bounces@archlinux.org arch-magazine-bounces@lists.archlinux.org
-arch-magazine-confirm@archlinux.org arch-magazine-confirm@lists.archlinux.org
-arch-magazine-join@archlinux.org arch-magazine-join@lists.archlinux.org
-arch-magazine-leave@archlinux.org arch-magazine-leave@lists.archlinux.org
-arch-magazine-owner@archlinux.org arch-magazine-owner@lists.archlinux.org
-arch-magazine-request@archlinux.org arch-magazine-request@lists.archlinux.org
-arch-magazine-subscribe@archlinux.org arch-magazine-subscribe@lists.archlinux.org
-arch-magazine-unsubscribe@archlinux.org arch-magazine-unsubscribe@lists.archlinux.org
-
-arch-mirrors@archlinux.org arch-mirrors@lists.archlinux.org
-arch-mirrors-admin@archlinux.org arch-mirrors-admin@lists.archlinux.org
-arch-mirrors-bounces@archlinux.org arch-mirrors-bounces@lists.archlinux.org
-arch-mirrors-confirm@archlinux.org arch-mirrors-confirm@lists.archlinux.org
-arch-mirrors-join@archlinux.org arch-mirrors-join@lists.archlinux.org
-arch-mirrors-leave@archlinux.org arch-mirrors-leave@lists.archlinux.org
-arch-mirrors-owner@archlinux.org arch-mirrors-owner@lists.archlinux.org
-arch-mirrors-request@archlinux.org arch-mirrors-request@lists.archlinux.org
-arch-mirrors-subscribe@archlinux.org arch-mirrors-subscribe@lists.archlinux.org
-arch-mirrors-unsubscribe@archlinux.org arch-mirrors-unsubscribe@lists.archlinux.org
-
-arch-multilib@archlinux.org arch-multilib@lists.archlinux.org
-arch-multilib-admin@archlinux.org arch-multilib-admin@lists.archlinux.org
-arch-multilib-bounces@archlinux.org arch-multilib-bounces@lists.archlinux.org
-arch-multilib-confirm@archlinux.org arch-multilib-confirm@lists.archlinux.org
-arch-multilib-join@archlinux.org arch-multilib-join@lists.archlinux.org
-arch-multilib-leave@archlinux.org arch-multilib-leave@lists.archlinux.org
-arch-multilib-owner@archlinux.org arch-multilib-owner@lists.archlinux.org
-arch-multilib-request@archlinux.org arch-multilib-request@lists.archlinux.org
-arch-multilib-subscribe@archlinux.org arch-multilib-subscribe@lists.archlinux.org
-arch-multilib-unsubscribe@archlinux.org arch-multilib-unsubscribe@lists.archlinux.org
-
-arch-projects@archlinux.org arch-projects@lists.archlinux.org
-arch-projects-admin@archlinux.org arch-projects-admin@lists.archlinux.org
-arch-projects-bounces@archlinux.org arch-projects-bounces@lists.archlinux.org
-arch-projects-confirm@archlinux.org arch-projects-confirm@lists.archlinux.org
-arch-projects-join@archlinux.org arch-projects-join@lists.archlinux.org
-arch-projects-leave@archlinux.org arch-projects-leave@lists.archlinux.org
-arch-projects-owner@archlinux.org arch-projects-owner@lists.archlinux.org
-arch-projects-request@archlinux.org arch-projects-request@lists.archlinux.org
-arch-projects-subscribe@archlinux.org arch-projects-subscribe@lists.archlinux.org
-arch-projects-unsubscribe@archlinux.org arch-projects-unsubscribe@lists.archlinux.org
-
-arch-security@archlinux.org arch-security@lists.archlinux.org
-arch-security-admin@archlinux.org arch-security-admin@lists.archlinux.org
-arch-security-bounces@archlinux.org arch-security-bounces@lists.archlinux.org
-arch-security-confirm@archlinux.org arch-security-confirm@lists.archlinux.org
-arch-security-join@archlinux.org arch-security-join@lists.archlinux.org
-arch-security-leave@archlinux.org arch-security-leave@lists.archlinux.org
-arch-security-owner@archlinux.org arch-security-owner@lists.archlinux.org
-arch-security-request@archlinux.org arch-security-request@lists.archlinux.org
-arch-security-subscribe@archlinux.org arch-security-subscribe@lists.archlinux.org
-arch-security-unsubscribe@archlinux.org arch-security-unsubscribe@lists.archlinux.org
-
-aur-requests@archlinux.org aur-requests@lists.archlinux.org
-aur-requests-admin@archlinux.org aur-requests-admin@lists.archlinux.org
-aur-requests-bounces@archlinux.org aur-requests-bounces@lists.archlinux.org
-aur-requests-confirm@archlinux.org aur-requests-confirm@lists.archlinux.org
-aur-requests-join@archlinux.org aur-requests-join@lists.archlinux.org
-aur-requests-leave@archlinux.org aur-requests-leave@lists.archlinux.org
-aur-requests-owner@archlinux.org aur-requests-owner@lists.archlinux.org
-aur-requests-request@archlinux.org aur-requests-request@lists.archlinux.org
-aur-requests-subscribe@archlinux.org aur-requests-subscribe@lists.archlinux.org
-aur-requests-unsubscribe@archlinux.org aur-requests-unsubscribe@lists.archlinux.org
-
-arch-test@archlinux.org arch-test@lists.archlinux.org
-arch-test-admin@archlinux.org arch-test-admin@lists.archlinux.org
-arch-test-bounces@archlinux.org arch-test-bounces@lists.archlinux.org
-arch-test-confirm@archlinux.org arch-test-confirm@lists.archlinux.org
-arch-test-join@archlinux.org arch-test-join@lists.archlinux.org
-arch-test-leave@archlinux.org arch-test-leave@lists.archlinux.org
-arch-test-owner@archlinux.org arch-test-owner@lists.archlinux.org
-arch-test-request@archlinux.org arch-test-request@lists.archlinux.org
-arch-test-subscribe@archlinux.org arch-test-subscribe@lists.archlinux.org
-arch-test-unsubscribe@archlinux.org arch-test-unsubscribe@lists.archlinux.org
-
-arch-devops@archlinux.org arch-devops@lists.archlinux.org
-arch-devops-admin@archlinux.org arch-devops-admin@lists.archlinux.org
-arch-devops-bounces@archlinux.org arch-devops-bounces@lists.archlinux.org
-arch-devops-confirm@archlinux.org arch-devops-confirm@lists.archlinux.org
-arch-devops-join@archlinux.org arch-devops-join@lists.archlinux.org
-arch-devops-leave@archlinux.org arch-devops-leave@lists.archlinux.org
-arch-devops-owner@archlinux.org arch-devops-owner@lists.archlinux.org
-arch-devops-request@archlinux.org arch-devops-request@lists.archlinux.org
-arch-devops-subscribe@archlinux.org arch-devops-subscribe@lists.archlinux.org
-arch-devops-unsubscribe@archlinux.org arch-devops-unsubscribe@lists.archlinux.org
diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml
index d601f354d1dc9df0153843be02354ca8232b1ae2..ea8be353a62edc47b4cf227a58ed41239265f4e8 100644
--- a/roles/postfix/handlers/main.yml
+++ b/roles/postfix/handlers/main.yml
@@ -19,7 +19,6 @@
- transport
- relocated
- domains
- - mailman_compat
- msa_header_checks
- name: update aliases db
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
index 091b0449adad860544137abcc393afc9aeba76bd..5e91c325f3a658b694f700e2dbaed55679c340d8 100644
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -29,7 +29,6 @@
- header_checks
- relocated
- domains
- - mailman_compat
- msa_header_checks
notify:
- postmap additional files
diff --git a/roles/postfix/templates/main.cf.j2 b/roles/postfix/templates/main.cf.j2
index 4427c3aaee4f4500a696d528bb01dcde85177ce8..3a0ed08762abd64f51d8bbd8300a02032193e493 100644
--- a/roles/postfix/templates/main.cf.j2
+++ b/roles/postfix/templates/main.cf.j2
@@ -188,7 +188,6 @@ alias_database = ${indexed}/aliases
{% if postfix_server %}
virtual_alias_maps =
${indexed}/users
- ${indexed}/mailman_compat
pcre:${config_directory}/users.pcre
virtual_alias_domains = ${indexed}/domains
@@ -196,7 +195,6 @@ virtual_alias_domains = ${indexed}/domains
local_recipient_maps =
${indexed}/users
$alias_maps
- ${indexed}/mailman_compat
pcre:${config_directory}/transport.pcre
relocated_maps = ${indexed}/relocated
{% endif %}
@@ -209,7 +207,6 @@ relay_domains =
transport_maps =
${indexed}/transport
pcre:${config_directory}/transport.pcre
- #${indexed}/temporary_mailman_maps
{% if postfix_patchwork_enabled %}
patchwork_destination_recipient_limit = 1
diff --git a/roles/prometheus/defaults/main.yml b/roles/prometheus/defaults/main.yml
index 370cdf45648ba8af95030383a0d6a5c80bed80e7..308b2401ff958cd48d2951fd7bb26602fae8a4d1 100644
--- a/roles/prometheus/defaults/main.yml
+++ b/roles/prometheus/defaults/main.yml
@@ -64,3 +64,4 @@ blackbox_targets:
smtp_starttls:
- mail.archlinux.org:25
- mail.archlinux.org:587
+ - lists.archlinux.org:25
diff --git a/roles/rspamd/defaults/main.yml b/roles/rspamd/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..d339570d28e888f7404a5f0efd9335fb9efcd010
--- /dev/null
+++ b/roles/rspamd/defaults/main.yml
@@ -0,0 +1 @@
+rspamd_dkim_use_esld: true
diff --git a/roles/rspamd/files/lists.archlinux.org.dkim-ed25519.key b/roles/rspamd/files/lists.archlinux.org.dkim-ed25519.key
new file mode 100644
index 0000000000000000000000000000000000000000..5827291b0921c55d7d86751576baaeb224357149
--- /dev/null
+++ b/roles/rspamd/files/lists.archlinux.org.dkim-ed25519.key
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+32643030336361333038616163383438386231643663316431643636363464303539353638376335
+3163626433353836356262333164346466383331613566640a613037623732353665613536316666
+30306166616463643363616437366535363039376536323335336539333061366430356138613336
+3762623135336466320a343866353630353264643964613737653866306634303938313633653530
+62373336653566346333383139376334623562613166333537366230376566643832393937633537
+61303262343864316232306666316562356663326264383634646639373865386262613165363839
+39313531373034646339356139303261376466633965666439396133333164663031646135616534
+62666533613364363537646166656531653964373333313432616338386338633366343862623936
+3263
diff --git a/roles/rspamd/files/lists.archlinux.org.dkim-rsa.key b/roles/rspamd/files/lists.archlinux.org.dkim-rsa.key
new file mode 100644
index 0000000000000000000000000000000000000000..dcae3c7ae5bd08d3325b230ce79771f1412b36fd
--- /dev/null
+++ b/roles/rspamd/files/lists.archlinux.org.dkim-rsa.key
@@ -0,0 +1,169 @@
+$ANSIBLE_VAULT;1.1;AES256
+35313134333837626139363833656361626361623239616539396131313434663662363330306234
+3063313365333233626662303865396236633235393432350a396236663430343362353933333062
+32303633653561303634653636363664333933636631373563303863356663663133313661633630
+6365326439343132340a633763303830326263393566623463356665386562363934643065616434
+66353334383738643063336638353439656263343330316339613364326162373763373265373161
+37623835383737326639613564396535633165663730313762316135363832656331376234376133
+37363663383139626665353965616538343039323235336234616531303536393335613630633139
+36646361376532636634313062366465393766636264663333613032316533626561656465623864
+39633131636234633266616139313664336566623863663130633831643965346538623665646432
+32326561636265353639326236323138396562333237346366383638346337366161356335633238
+66303338613035343863383934373231356534393632643032306663323532646334326134643236
+32336665613834303935343330393239613565333564633464616364366636373337346464393136
+64366237623933633134643031336164366435623934656436343661373964366136366138323132
+62366465356232386566653338613465373766383030313935363263643138366438343130643439
+65376437646266396165353937316434303238356537636632316638383539613666636634396436
+62636461626263616164616330666633663537666262313430633731316462626361343037323638
+36326534396364633330623934353932646564306561306633636566353062396332386537306361
+37643766336133373836346334303935303030626138656436363036356530343935366434396432
+39333237623434623363333261316362303632373466313538666139613132383331306165356436
+62663561326232633563323462653066383063613938316337633338653764313134343634643465
+35653535653666383666396637666364363631373362373262666661383164636535616365666564
+39353864383766653231633035356531316436353939316265386431393463666432336331653739
+37363066396661636331343134333462306231343366326539363733633031393532336430346239
+61303866393731333237373031346565366236616135373435396234366136333236636263313832
+66366130623435333665303030336231326166303132386461623732663761393361303338386334
+64626439343263653432646339303565356438336132393436666363316430646164343632366539
+36353937656638666264343930373133366336313364363339666161363534633139643539366164
+34393430656262396461343232303239306666313862363236666436383331623839343534313863
+65646437316165623830356464363931386631353033373465613961616132376238616530323566
+64366638356531316431313931636336613537616336326539353039323130356430623761386536
+64343732643835613832343165646230323865616365636235316537666335363230666632313363
+38623032366437653866383166373964363962386231353166653262393638313430616164323765
+65316665353162303663653863343962656661643739666564343130653131636337653437623363
+61633465346638663732336336373535313031303635613763376661656464373033623233343437
+34656564306463356433633366323339326465303734656633383663303561646231363864663165
+63623130363935613837353036306537333531326133626134643461666566616365633963396366
+65313561326231626330613637356166376330353461393866376466616635343235373461626635
+36643636623538303863636366306665653034633637356266393236333839356461663164663066
+65646539643863613762383966356262656234353733656661343762353237363934643739393434
+63303561376135366666666630333338363831343133326137323432306666353466613232656334
+39623066343535333665646130363462646539313038656230313461373535383862356131613033
+62373338373066306137613531383338303330636365363932333238346639663961613364633739
+37353133396364386232373861313236316130313038623233623238366230626266373461613736
+36643139363237626339656633373763366335663264613832373565663335353033633339393465
+31353932636133636134663437323664623237333561366434653565326338363236653262363366
+37333738663531373231613532626433326232343062373061326631373864643763643138306238
+66636465373335383061663263316462326130336438613462636461313466663838616565663235
+30613730383766353365336661616234376435376336663861306439343965343537643461353364
+32653135646130323534383938383466653934616437366566366639646161663230386662636332
+61313461373564313464623864316365373764643661663163373262383563613432613037653537
+37323930323730623562343233656139376431366661643231373463396136643463663738383063
+64663862316161343632316132643065393437626639326335303764393835646162633736656461
+35633865616365363135316132643635316633643866383834333032353933656565303362366362
+39383739363937373438636531366138663363326264623036653632616336386132386533363466
+37343461383532373766616337363163646632383662316538326631333530356166383437316435
+63643131376564636336313766666463363039646361666265633562343131336661326135346265
+32363863396665616264393738323137316636623932376533343263373362386661666562616362
+38396632656132626635366562333130353662373433303539333836363338616161373366613663
+33653031393532323364363163353065653731306234626265656535656231633961663434353864
+30613932383263383164376164353464663135613931626665386437353865376133386333353535
+61396362333731393633616165313934376561326235663937643838633362663831316261656338
+37646230316561323934316465343263303564623330613733396263313463626138303535613262
+65643332616232376337656138313662616130653566646265666438303538343830356664376637
+37646230363666316235346539326662636638643365353665613666623261333961323564316535
+63373533323730326266336635623232363565323530653834393766373935356430666365616531
+61323331316130633664343261653765303731336234636137373333373737356430353365316566
+35626535643964633839636634343233313461356163633261656362376331306238383736623631
+62333236383163346130303565653538393932346661363563653462393262336662333233373861
+66623536333835616162393462363462386562633034373334653962623137613562633638646437
+61316230383538343839333931646264306134313266656536623537383930613561656536393238
+38303731366638393936633565383530623561313061376666333139643663646462656463376137
+62323138663035373331386166323638356534313937616338646331376635346566343230326563
+62396162343962626637373938643962653430613062356537303966656132653662626331613333
+36626332383435326236663166353133633133346364663866663564366630356234623862373866
+35376337343066623465323562303262623164306133616133323232313939373337326230313630
+33613366666632373366663836623339386531623863393336376333393937386434303430343230
+34393037343032393034396132323531323066373265316332366232643863653531396561383664
+65383137383832613332626264363562363134306362643732316430663734323331313538353938
+34313036353332313832313435666139396332623434616230346361323532323536363862303033
+36316361323465333838653663646435643164396365653561333130393636366438303961303032
+66316463366463313736383834626532313266633466323030306261336332396564303964366266
+30636366333032616566336433373637373330383637303865353066636539303934616461653431
+31363031613863353534653366633133626230646136353036663436643239626335343138313634
+33613762323439393137366262393230616636373735623432616537363663356566323164313336
+35323036663765353562636335666337616333633865643637396632663531363432306239383931
+35303364333035306336623038626330353834626162346434623131313638343462346335623032
+64623165333466623134326438343735663330633933646239393065663762623139383338393563
+61303766376463663365643461663265383433363232623438323132356432396662626465653535
+33346330646133393436396236363163336533656632376139633232613832633938623937376534
+35336264323064333939383365346537613566373539653862323139303161653362353235366638
+30633832353433386630303836346636326662376365626435366633306263666437393431303634
+65333039323331343237383131363363633364623330653666663766643963363562393564363632
+62356332653730343532363461393831396636373263353830653864653638363065313065393533
+34636336303830636666356464393164636363653866323733323265306133613165323136366136
+30356336316363633439303064316132343333653966616530666636333066323261613836663261
+39373235656636643931393636623261306237626166666135396231653935356434653066323563
+63396665333232633339373964623035303762363132636334666337326631653661626431316665
+34643831346161643963396463353663313632666663303232383630376430323138363161636236
+64363962333337336530613730643934653438626533386265653236613162613438306430303164
+35623737393131623661616638323266653462303866613636383536333434613638393432636364
+30326636616266643062643135653238623061653561396439316636363037383761653138353166
+64313331663236396532326139383564326430633236366638646637623736336332636464393738
+39346162313839616133336166356165346231346538346530666362663733323964646438303137
+30306638396264333034313132346137653433376638313830313261343534613136643234336435
+64393236373365663963646566643366306563333665306538663162343262653865366130633538
+61383163646166633835376435623939666338366463313363326638306430353639663332373665
+66653536636464653032656433356137333734393363303962343562646636636532303562663834
+63623430623163373865663339393361616530373162356365613264336631333866313661366630
+38343731353335316632323463646431633566383532356638383435323133393030633462623863
+61316633366365343833383238356636626164393630613463643838386537653039333435353139
+65633436326266393961326163353630666237313962346362353063303465353332376663346238
+35333766356331643261643661383763336334396131396365656563643031316565326636393639
+33373864346363393331373535363935363033656165613762333761613165383863316264353361
+32373035373264646433666563306661336534363462376638633937336664326335393864643565
+30626533316436313237373661636636396134643864616364633065363238643061643064633633
+62363335356536356566303935323038383332376433323536643761353966633032343361643335
+63323432643833643635346165326534643936623862303837363736323133653464623963343730
+65383564653566393865346662626435633466323032326236353433356131653034336634333663
+32393831623139386431343466643731383166343230336266353563656630333730616563356565
+31613436303434373134633133633538646138393563653938306436653262386432663537613432
+63663333353735383638666637656438303564363838303932656632333935353531373662323936
+62303864626334323464323865636464613566303930613537643732633537623734373930626537
+32386434663566623465636564666139663031303439383666356236346531343832333235386533
+63313062656161636464616131393736313534363138303562616436373134356238623232356163
+65353130633461656464316238346363376438313966366538323034653835363734663835633830
+38623962303266386131373364363366346565303237643932363031653466656531343834393639
+32616233343637383733613235333939313130333765643762616230626533663437663136356233
+65353031616432303137363166336438333934633434633034363931613532636531643039643539
+64343835333533393236343237373466313662643336363833643830656466376562643434353132
+63663736356632333563623532323761333830316166313162613361363430373238666566376661
+34623836306231666564303634333936303534313539613939613831636438653266323262613731
+63333361616536353733353664356164633735383536383163316337333539393461643933383334
+37636664303833363634626164373937643231343833373031383264373231626535306365363164
+61316338306265343631636663613138373063353837313136363331313537343065613530323137
+31303961366333323836656561323136633139643233623530323263333561353362313833373666
+61326634653035383234373032303834383165373562653761613431343335386236323831326466
+38616539386538336535653637663932353338383231656634613238616436666565353231336437
+33633838386230366162643331623265373037313530353165623638626433383765643731643338
+39356564316135653032303736646135636531393339313239616263633838643730363765656465
+63326163316661663632666136316436356239316266373966346266326431393335333961383137
+37396537373139396665396438336165383832353332396632343134313564336231313035643536
+65373436663634316534383337356435626162366137643837396337636530373730623535363434
+64363332386430613530383131653635363233663732306331393439376666356363326438343366
+65313030383235386563626536653162393737633537343862323833363565663136643830343562
+37353066636531303530303866316262666339616635306363333934303561363761316431363734
+34343936376264666661373066316163356239373763663836383930656265383361653931386538
+35613266666130303835383335383034316438346630303736316438313830663864643261333033
+36616330623361643331616335373437616561326165346333353836623337383738643963626662
+30636234323938393461656138646234323062396364366433373062356536323566353035386664
+30366533663331633465356563313766646134343164353230626663396233343265643231393531
+65333962653339666638653832613835323936396532393562326530633039663337306239306234
+30336262663630663262353233653063396333336430663637623361373336303532656332346530
+34396463333263636137636639363236353864646134316265333761636566343161656335316535
+61393266313366343637626466653436303063636634623236353430663734306337383634663734
+39356435623565656131646164323366653961613438383961336562313033373261313765613964
+34613336663561643835653534633838373830636336313562386138363434636239323030616464
+63333738616537366235323334633738643062613130386339323031653038363166616261663861
+34373963386436376239373739653866363530383633633031376631396334396661613063326233
+33656438343732393332313763336534393465353333323631313339313965393165303965393338
+39353639356232386563663331633439396361306239343633323538356639346663656261306538
+38623834306365653937393735623030366666643264323632643064386135646365353635666533
+64386464323264393161373461333834323263366536633830323733353664373065353833616632
+33326133643938663962626635363839306136633165306538356233666533313865363864643766
+34613634666531323566663032336662616232346137383163343330633665666338316438393834
+35636662613664373434663961643662343439303133363966303730666333383636373638613634
+64396338666233316330393934333536616539656630393064646130366265356236326530653463
+63353131333666626239653833363935306238393962303138356466626436343664326538346364
+63613532333538633338
diff --git a/roles/rspamd/tasks/main.yml b/roles/rspamd/tasks/main.yml
index 15a30932ae48ecb1f5cec1c96a0791cba797eebc..897a8860c3b674e5506a445eadf64c786e17eb88 100644
--- a/roles/rspamd/tasks/main.yml
+++ b/roles/rspamd/tasks/main.yml
@@ -7,6 +7,11 @@
notify:
- reload rspamd
+- name: install dkim_signing.conf
+ template: src=dkim_signing.conf.j2 dest=/etc/rspamd/local.d/dkim_signing.conf owner=root group=root mode=0644
+ notify:
+ - reload rspamd
+
- name: create rspamd dkim directory
file: path=/var/lib/rspamd/dkim state=directory owner=rspamd group=rspamd mode=0750
@@ -24,8 +29,8 @@
- name: install DKIM keys
copy: src={{ item }} dest=/var/lib/rspamd/dkim/ owner=rspamd group=rspamd mode=0600
loop:
- - archlinux.org.dkim-ed25519.key
- - archlinux.org.dkim-rsa.key
+ - "{{ rspamd_dkim_domain }}.dkim-ed25519.key"
+ - "{{ rspamd_dkim_domain }}.dkim-rsa.key"
notify:
- reload rspamd
diff --git a/roles/rspamd/files/local.d/dkim_signing.conf b/roles/rspamd/templates/dkim_signing.conf.j2
similarity index 58%
rename from roles/rspamd/files/local.d/dkim_signing.conf
rename to roles/rspamd/templates/dkim_signing.conf.j2
index e5c764895c314cf94009776c976bc8d059d3be6d..25c58c9004c26db01ed37d7393ac5acc5ff761ee 100644
--- a/roles/rspamd/files/local.d/dkim_signing.conf
+++ b/roles/rspamd/templates/dkim_signing.conf.j2
@@ -1,13 +1,13 @@
domain {
- archlinux.org {
+ {{ rspamd_dkim_domain }} {
selectors [
{
selector = "dkim-ed25519";
- path = "/var/lib/rspamd/dkim/archlinux.org.dkim-ed25519.key";
+ path = "/var/lib/rspamd/dkim/{{ rspamd_dkim_domain }}.dkim-ed25519.key";
},
{
selector = "dkim-rsa";
- path = "/var/lib/rspamd/dkim/archlinux.org.dkim-rsa.key";
+ path = "/var/lib/rspamd/dkim/{{ rspamd_dkim_domain }}.dkim-rsa.key";
}
]
}
@@ -20,4 +20,4 @@ allow_hdrfrom_mismatch_sign_networks = true;
allow_username_mismatch = true;
use_domain = "header";
sign_authenticated = true;
-use_esld = true;
+use_esld = {{ 'true' if rspamd_dkim_use_esld else 'false' }};
diff --git a/tf-stage1/archlinux.tf b/tf-stage1/archlinux.tf
index dc3135711b63901f7633d1257b67720303fbcc64..8dca5997dedbc422eb53318af8a3114da0be7eea 100644
--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@@ -81,6 +81,7 @@ locals {
}
"lists.archlinux.org" = {
server_type = "cx11"
+ domain = "lists"
}
"mail.archlinux.org" = {
server_type = "cx11"
@@ -167,9 +168,11 @@ locals {
# Example:
# "_github-challenge-archlinux" = { ttl = 600, value = "824af4446e" }
archlinux_org_txt = {
- "luna._domainkey.lists" = { ttl = 600, value = "v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==" }
- "dkim-ed25519._domainkey" = { ttl = 600, value = "v=DKIM1; k=ed25519; p=XOHB7b7V1puX+FryNIhsjXHYIFqk+q6JRu4XQ7Jc8MQ=" }
- "dkim-rsa._domainkey" = { ttl = 600, value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1GjGrEczq7iHZbvT7wa4ltJz2jwSndUGdRHgfEPnGBeevOXEAlEFr4zsdkfZEaNaQLIhZNpvKAt/A+kkyalkj4u9AnxqeNsNmZflFl6TKgvh0tWNEP3+XNxfdQ7zfml4WggL/YdAjXngg42oZEUsnS/6iozOFn7bNvzqBx5PFJ21pgyuR8DWyLaeOt+p55dVed7DCKnKi11Xjiu7k\" \"H68W8rose7g8Fv9fecBatEE4jwloOXsjh+tH0iab1NSSSpIq6EdgcPrpmrllN3/n2J/kCGK6ztISB6vR7xWgvgHSMjmEL0GPWzohGPrw2UQhZhrNV8dJpiLRYmfK+rXaKF0Kqag/F0e4C4jCKFX7NYFcYXYRlN5QlDFjZvUmOILlgnZ8w/SdZUKzpLObGuwnANLG+WSOjw42p9mXVGN6AfOQPu8OjRjS1MyhcdDIbUvZiQjbmiVJ5frpYZ39BTg\" \"CIzYLJJ5932+3gnwROu1OeljWkpBkfHZXPzADus80l3Vxsk91XZVB36rN8tyuMownR/M4HNC7ZE/EBwOnn1mGH7bLd6pva8u5Qy8Y6LrDdYea5Kk7aZ2WJSSRTV+nkPvOEIx+DfsIWNfmkVWzmuVky96fRvwOCuh38w8zpmlqzhDuGSQrBaLFXwAC7LYQ6kPDHzrjQhs99ScR0ix6YclrmpimMcCAwEAAQ==" }
+ "dkim-ed25519._domainkey.lists" = { ttl = 600, value = "v=DKIM1; k=ed25519;p=ongbdFgt5Vimg/VRRbbSVRU4lBCkcYNaPA4K3JS/DnY=" }
+ "dkim-rsa._domainkey.lists" = { ttl = 600, value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA4M+y3ZeB9eI3GVgcrvMcI1SYOveH7P5TTRstaCHTlE/aRTiCzu5h6zKwwxEiK6NR5ugbHpBtfFnfnsl1eoaXVFBQfNdDNglHllJOZGVxTnyrFjRJUk9zN+PV/Haz73nAe1hOAENgV8NKnTok1ntaOYSH1AEj4yTswfQkuN23NPrQc1eyy3+hGC+lYpud3xAAl+oT4QE76PaLgk6Hz\" \"HOvZmAPGD3azJZRbobninZZXTAEvZFuPkfpWeUreDU9Hk9VX3zOmnqTN+YjIS5CdV6+Ghem3dCkmR9j3gOZBeBUYD7b+cinTYe/PZO2OG/LWCwN11EYyf1LSBGhBJCF9HPGiGIdhy5T62nKvwDQS0bj1HL+y6pXZdv2C7KgH+lAZ0idpOQ2TtV5e0tlVdryY4QXY9m7mSQ84WsoEdGDsetOhiTEKuqyGnDoYa0wYbM5477LL6EOzS0x3ZC/mbOg\" \"B+FSdzmLWCH/WjuzMNpw9WU+u4BucwVbYcnZ1vAxQQOEnA/Ku9drRHMFixBwodQuMA78j8ICCMJKlUiXmbbL7OFoXBArYJ7lgVs7mlaoEaqzDPCyqs1lJ9kOxdNoZj5zdxERcQhLm+Yo/948i6Js/nkWT0eAjNlHxZuCg3B4z7L4lRZpaGt+vHdcGUIeDKW34O0dWxPwIUmQA4CwmhUB0HWL9UcCAwEAAQ==" }
+ "dkim-ed25519._domainkey" = { ttl = 600, value = "v=DKIM1; k=ed25519; p=XOHB7b7V1puX+FryNIhsjXHYIFqk+q6JRu4XQ7Jc8MQ=" }
+ "dkim-rsa._domainkey" = { ttl = 600, value = "v=DKIM1; k=rsa; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1GjGrEczq7iHZbvT7wa4ltJz2jwSndUGdRHgfEPnGBeevOXEAlEFr4zsdkfZEaNaQLIhZNpvKAt/A+kkyalkj4u9AnxqeNsNmZflFl6TKgvh0tWNEP3+XNxfdQ7zfml4WggL/YdAjXngg42oZEUsnS/6iozOFn7bNvzqBx5PFJ21pgyuR8DWyLaeOt+p55dVed7DCKnKi11Xjiu7k\" \"H68W8rose7g8Fv9fecBatEE4jwloOXsjh+tH0iab1NSSSpIq6EdgcPrpmrllN3/n2J/kCGK6ztISB6vR7xWgvgHSMjmEL0GPWzohGPrw2UQhZhrNV8dJpiLRYmfK+rXaKF0Kqag/F0e4C4jCKFX7NYFcYXYRlN5QlDFjZvUmOILlgnZ8w/SdZUKzpLObGuwnANLG+WSOjw42p9mXVGN6AfOQPu8OjRjS1MyhcdDIbUvZiQjbmiVJ5frpYZ39BTg\" \"CIzYLJJ5932+3gnwROu1OeljWkpBkfHZXPzADus80l3Vxsk91XZVB36rN8tyuMownR/M4HNC7ZE/EBwOnn1mGH7bLd6pva8u5Qy8Y6LrDdYea5Kk7aZ2WJSSRTV+nkPvOEIx+DfsIWNfmkVWzmuVky96fRvwOCuh38w8zpmlqzhDuGSQrBaLFXwAC7LYQ6kPDHzrjQhs99ScR0ix6YclrmpimMcCAwEAAQ==" }
+
"_dmarc" = { value = "v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;" }
"_github-challenge-archlinux" = { value = "824af4446e" }
"_github-challenge-archlinux.www" = { value = "b53f311f86" }
@@ -185,8 +188,7 @@ locals {
"mail" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all", ttl = 600 }
"aur" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all", ttl = 600 }
"master-key" = { value = "v=spf1 ip4:${hcloud_server.machine["mail.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["mail.archlinux.org"].ipv6_address} ~all", ttl = 600 }
- lists = { ttl = 600, value = "v=spf1 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ~all" }
- luna = { ttl = 600, value = "v=spf1 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ~all" }
+ lists = { value = "v=spf1 ip4:${hcloud_server.machine["lists.archlinux.org"].ipv4_address} ip6:${hcloud_server.machine["lists.archlinux.org"].ipv6_address} ~all", ttl = 600 }
}
# This creates archlinux.org MX DNS entries
@@ -200,7 +202,7 @@ locals {
"@" = { mx = "mail", ttl = 600 }
aur = { mx = "mail", ttl = 600 }
master-key = { mx = "mail", ttl = 600 }
- lists = { mx = "luna", ttl = 600 }
+ lists = { mx = "lists", ttl = 600 }
}
# This creates archlinux.org A/AAAA DNS entries in addition to those already specified by the VPSes.
@@ -233,11 +235,6 @@ locals {
ipv4_address = "49.12.124.107"
ipv6_address = "2a01:4f8:242:5614::2"
}
- lists = {
- ipv4_address = "5.9.250.164"
- ipv6_address = "2a01:4f8:160:3033::2"
- ttl = 600
- }
luna = {
ipv4_address = "5.9.250.164"
ipv6_address = "2a01:4f8:160:3033::2"