Skip to content
Snippets Groups Projects
Verified Commit 893a95f3 authored by Kristian Klausen's avatar Kristian Klausen :tada:
Browse files

Kill the mailman2 server and put the mailman3 server in its place

With the final lists migrated to mailman3[1], the mailman2 server can
finally be killed.

When the mailman3 server was initially setup[2], it was done on a
separate server because the mailman and mailman3 packages conflicted,
and the traffic was routed over wireguard (HTTP, LMTP and SMTP).

Instead of installing mailman3 on the original lists.al.org server and
transferring the data, it was easier just to install the missing pieces
(basically Postfix and adjusting the Nginx configuration) on the ml3
server and move the IPs (to keep the IP mail reputation).

So basically the following was done:
- The IPs for the original lists.al.org was moved to the mailman3.al.org
  server
- The mailman2 datadir was transferred to mailman3.al.org server, so we
  can keep the pipermail links alive, and import missing mails if needed
- The original lists.al.org server was decommissioned
- The mailman3.al.org server was renamed to lists.al.org
- The missing pieces was added to the mailman3 role (basically Postfix +
  Nginx adjustments)
- The mailman role was deleted and the mailman3 role renamed to mailman

[1] 75ac7d09 ("mailman: Fourth and final batch of mailman3 migrated lists")
[2] 9294828f ("Setup mailman3 server")

Fix #59
parent 3c152709
No related branches found
No related tags found
1 merge request!628Kill the mailman2 server and put the mailman3 server in its place
Showing
with 235 additions and 197 deletions
......@@ -157,14 +157,6 @@ Prometheus, and Grafana server which receives selected performance/metrics from
Online collborative markdwown editor for Arch Linux Staff.
## mailman3.archlinux.org
This server runs mailman3 as mailman2 and mailman3 can't be installed on the same server. The HTTP and LMTP traffic is routed over WireGuard from lists.archlinux.org.
### Services
- mailman3
### Services
- [hedgedoc](https://hedgedoc.org/)
......
......@@ -164,15 +164,15 @@
3072 MD5:50:c8:93:43:05:d5:73:a4:84:b1:07:66:a7:20:a5:79 root@archlinux-packer (RSA)
# lists.archlinux.org
1024 SHA256:/o3BhNZ6MdfHXrqDzVxP5OgKcTmo1/e2v80Xb+Q2ypc root@archlinux-packer (DSA)
256 SHA256:Xe+YrG+IfhtQkNft+SB7UsTQCIgbqNnqMl/Pqs6uzBE root@archlinux-packer (ECDSA)
256 SHA256:fAKD+26rDZ74MOMWZI8L3k2c7RzTYd69+iwKp4zhw8c root@archlinux-packer (ED25519)
3072 SHA256:NyspEiVRnuRtL854ErcdybtjoBia+miQkpuToYZEl78 root@archlinux-packer (RSA)
1024 SHA256:U1A+NO+I+JRg0YPo+UgwGfbextnL+pVuqjWGdyokLpI root@archlinux-packer (DSA)
256 SHA256:vdEZ5/6Xxd7Azjzaf5xz5kfzQrWcq1raz5cFAIclooE root@archlinux-packer (ECDSA)
256 SHA256:iCeRz+2HK7heoapDRscHpgbEX4cbem1BZpWzrAoOxTQ root@archlinux-packer (ED25519)
3072 SHA256:sqUYYmrNXzYPL5TtsBsTnaANsZ/P7miyCAIkt0YWfBg root@archlinux-packer (RSA)
1024 MD5:fb:bb:0e:a8:0c:5c:41:5a:b1:d9:61:4d:e5:c3:bf:b1 root@archlinux-packer (DSA)
256 MD5:56:43:80:27:a7:4e:4c:1f:a4:14:dd:d1:eb:37:13:a9 root@archlinux-packer (ECDSA)
256 MD5:3c:91:d8:b0:4b:5c:36:40:79:27:8a:c7:24:d6:26:af root@archlinux-packer (ED25519)
3072 MD5:88:99:f2:47:b1:e3:3c:99:52:67:d5:d5:55:b0:af:2c root@archlinux-packer (RSA)
1024 MD5:8f:94:fe:a9:56:ee:3f:cc:a4:e7:a5:4f:2b:02:e8:c3 root@archlinux-packer (DSA)
256 MD5:ca:3e:2d:aa:8a:4b:71:3a:18:22:59:0f:6e:ff:ae:5d root@archlinux-packer (ECDSA)
256 MD5:a8:d3:f8:42:ff:ae:7d:71:1b:fe:93:4b:f7:df:38:5f root@archlinux-packer (ED25519)
3072 MD5:51:ea:a4:ec:76:87:ee:89:e7:3a:fc:80:ea:fe:2d:9c root@archlinux-packer (RSA)
# mail.archlinux.org
1024 SHA256:/d3MC4NoQbPSNgNebFyzNCze4HVHPhITVWy9vWdZUp4 root@archlinux-packer (DSA)
......@@ -185,17 +185,6 @@
256 MD5:dd:20:c1:f1:f2:fa:70:86:3a:e2:39:86:b1:01:2f:61 root@archlinux-packer (ED25519)
3072 MD5:b6:14:30:bd:fe:43:46:6a:20:a2:8b:b0:aa:d4:35:19 root@archlinux-packer (RSA)
# mailman3.archlinux.org
1024 SHA256:U1A+NO+I+JRg0YPo+UgwGfbextnL+pVuqjWGdyokLpI root@archlinux-packer (DSA)
256 SHA256:vdEZ5/6Xxd7Azjzaf5xz5kfzQrWcq1raz5cFAIclooE root@archlinux-packer (ECDSA)
256 SHA256:iCeRz+2HK7heoapDRscHpgbEX4cbem1BZpWzrAoOxTQ root@archlinux-packer (ED25519)
3072 SHA256:sqUYYmrNXzYPL5TtsBsTnaANsZ/P7miyCAIkt0YWfBg root@archlinux-packer (RSA)
1024 MD5:8f:94:fe:a9:56:ee:3f:cc:a4:e7:a5:4f:2b:02:e8:c3 root@archlinux-packer (DSA)
256 MD5:ca:3e:2d:aa:8a:4b:71:3a:18:22:59:0f:6e:ff:ae:5d root@archlinux-packer (ECDSA)
256 MD5:a8:d3:f8:42:ff:ae:7d:71:1b:fe:93:4b:f7:df:38:5f root@archlinux-packer (ED25519)
3072 MD5:51:ea:a4:ec:76:87:ee:89:e7:3a:fc:80:ea:fe:2d:9c root@archlinux-packer (RSA)
# man.archlinux.org
1024 SHA256:11C7Qa1GSNBBspSlber3Sp+LEMRpfr/VWkypfu6OnhA root@archlinux-packer (DSA)
256 SHA256:fL79NVaEiwXGfUhTXWLkue/D1seSADYbui+jwQ2dvW0 root@archlinux-packer (ECDSA)
......
......@@ -86,20 +86,15 @@ homedir.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPxEHvFCXujU6s4eW0U79o
homedir.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDuQbGoCSIPisaZeqtJhM369ugQWc8pHE8404AZu0yUgDxMl6AP5BUfdynlR6VGt4edSaEyp9BkT15YaKh5vph/9MUtZ2zbQ7WPRuvfLNG+RI458q4CYdykVMmTs1DEeAxaVMIAL3225pqh7QMcME0edX9f4PLLkQk8+AAAy24rvgwxLE0BnSLB3zp7wCJw5rm2iZAcqsKkIZw2FJKMlRuEovdvgc7A0FfkSc8muvvHET1FK/Uqv5i9R2Xk3NPFkt/bzcwOVBXCeqUrjLmD0UhRWX8J8GMmrEVPVQLBT6mn/OtlXpOiDcr9HkSLS1mqo59N9wyI4tCKjYQZMEWU36PYjXlDzqOGmdAR6Ly8vDo3BC+ByQqLf/ixkoFD/I5inGejPnAv9eXuiP8o0KoPDOALD8gqwqCoPjElE9ZVObp+NJbuQeXRZt70VKxZEWrUKxKxHM3RoYvgd3h/GHaYEGWdbvTMTVK+xnrczL+Eme4Y81zA8KTwY5qbyc5QCHvksKM=
# lists.archlinux.org
lists.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKBHMlX50Jr2HiVJ/qDSH3mAjobpbBrGvBRXTKB/xXFBiVXCbJQCQ9HKXQZunLALaIm+jAgpskbXqLQMEpWzST8=
lists.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVKwNsXUXpgNhlwPVlBRNlpvOt0U9deANS/n//nxbe1
lists.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuKQnkGRdXyu74f92lzJcQMMDjTzVXkne/mLHiMYKQWlboIBIry3FkzyUGDLbNlZOe4PNR43D9FI0/1EjAuVV72HVQ9sidCbJR/azw3+JF8zwU1HDMOhtCNaWYNqk0DHDvHuWhL6N0duFASf+ZTKRB5Rgk3+p0FisKMCep2vJy5kHY0829INk6ORgPxYzCHCZOLEfZX0aydwscTnubKq1t9blWUdqKSm5Xq5+NEJNPKlo6TgdcBihkdAyaGnZ9KWrXycV6j0UaT/VJNuumZ9KlsvI7Xi/TVDWcLcsU/UqeEvnzUi3oRrvkADzIcoFa5/QrSRQJppKAUgjuhOuk+Px38IIvRdrwDxDoChei+qU8S2O24PP7Cu4oYZ/ecGb8wJleEWVVaYrD5JTEugg0iTe2t0LJiP6rTC1faxErZ9wru18nGNWYR2b+b1MfBzppAoikZUoqygKYYLAerHj3B9wFmw2RJG8JFZ95lMukJmDG8kCYz7eq753PYAAmpFZbdZU=
lists.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLYxKdG6ntbOV/YpVbRkJiJfAPt8BTTN/hKm0uebSwpuQbbv5hxXLSOYeA0C/yJBNXXX4EJ82J88oEJQBFxiPvY=
lists.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+GtJoC+QEUyKA/ZneTBXOBs7W3JBAEb1nLDkjzsqa1
lists.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdPJQIkN6wDk/140HS1WCIKc0Iz7Oq8c98XaLB0i9ksUxkWB4rxia/WP5RRF+g9yAqZvIg0f5W0d85pfuh+1TOccXk8r6GsH+gRIEkdmwu4Mf7iBpkQxl3n70yjNGxgbwGkVG9vREvJ4v3l/NRZrX2/N3RvcPG9TQwjFFOFYTRZNfUPvsppk572yQ8cjf7oUvJmLOwsKagO5WMUoKFAbO35/Mp2H6VbApYtIdpkFOXnaJUVduHInNa18CmKl28ZSTsigLkYb8pboS6RacJYgA5kK0vQsXCguDrA+SI9k1xW4i9FjUWsLlPuLkk9c7Tj39R95gWhxWwQ99ApNDVvZa+skSbMS7h4/d3NosyM2OO9LfqPiHn2xDsuvmpN0ScCwuocwR09EMrj4MQKzo31ITFHuSyxob0Z4yTQrKvJxdNwveXqaRHFNXUvSWtoRkk2cKB5hjsr0QCROBidYu4WG+/LfolzJQfuRqH7dvg5dvmJLrcozfcCpxspdBTIEKLG/c=
# mail.archlinux.org
mail.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFvJy2P8zOSKt3EocULHN85PVGW1AINk15+GilqUc5a79Zsy0FvWqV16fjxLRN3zIOkBvSKZMvsNadja+quEr9s=
mail.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTOoGxsf23f6AjIHcQQuvbTOaeIt48Y0PiBj9qlJi1H
mail.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPrURadxte8UJiteGa6+Q+OjTAjhvGAQFkNSXj1pr4k03uxkU6l2v2LuTygk+4SZSCyUsKvNx/ljJeHBnuecQ8rRv19ZFqy/GQKB3oEmiNYMo2dYYlJWwTVBHatmghhB1j2y40yqdKWH2xQuXC3HtnS7fHG0g1Rc4R9KB4MQlcXkwnSEMpwpWBoO7sr0M4YTdwE+nSG9aNfyPbPGp3mX4ATz5X5hPJOlSFVDV6NuKrA+5qyt4jSKdeG5IuWeEnEJesYJEvShYdY9DvMCXnZykB0emzzk+5+Cp2lTPf9LOO3wNsTgHV/CwkoAoMgr9+ASefhBr3nxmmrs9T7nwuobGCGFUqQ2D8IKCmsWGVKXYERViz3x/gYUIlHgVJpoIXCFFqbdpWwxKR1aDMug2fFe699/FzuPdqrWPFdQMF2mPQ0w3AH/62KGp+PULE2HxrlCiY/gF2m8iJLgunxVKmi/c0ufgK9QilnKcPO+W4tcISa5MYt7MSTTLV9eVsgVjGhOU=
# mailman3.archlinux.org
mailman3.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLYxKdG6ntbOV/YpVbRkJiJfAPt8BTTN/hKm0uebSwpuQbbv5hxXLSOYeA0C/yJBNXXX4EJ82J88oEJQBFxiPvY=
mailman3.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+GtJoC+QEUyKA/ZneTBXOBs7W3JBAEb1nLDkjzsqa1
mailman3.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdPJQIkN6wDk/140HS1WCIKc0Iz7Oq8c98XaLB0i9ksUxkWB4rxia/WP5RRF+g9yAqZvIg0f5W0d85pfuh+1TOccXk8r6GsH+gRIEkdmwu4Mf7iBpkQxl3n70yjNGxgbwGkVG9vREvJ4v3l/NRZrX2/N3RvcPG9TQwjFFOFYTRZNfUPvsppk572yQ8cjf7oUvJmLOwsKagO5WMUoKFAbO35/Mp2H6VbApYtIdpkFOXnaJUVduHInNa18CmKl28ZSTsigLkYb8pboS6RacJYgA5kK0vQsXCguDrA+SI9k1xW4i9FjUWsLlPuLkk9c7Tj39R95gWhxWwQ99ApNDVvZa+skSbMS7h4/d3NosyM2OO9LfqPiHn2xDsuvmpN0ScCwuocwR09EMrj4MQKzo31ITFHuSyxob0Z4yTQrKvJxdNwveXqaRHFNXUvSWtoRkk2cKB5hjsr0QCROBidYu4WG+/LfolzJQfuRqH7dvg5dvmJLrcozfcCpxspdBTIEKLG/c=
# man.archlinux.org
man.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPhnsStoFw6rbVpE1S1vsXNk8de1SyMag1C+v0DWVSuNYzTylYg4322WbYzw45z2XhxrF6XmCSDMvgxvFwnfLQA=
man.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzjkN+igIxSIv5N9+ANNoo6knPa51Tj5TAXs4EQ8lY2
......
......@@ -26,7 +26,6 @@ root_ssh_keys:
- dashboards.archlinux.org
- gitlab.archlinux.org
- lists.archlinux.org
- mailman3.archlinux.org
- monitoring.archlinux.org
# - run 'playbooks/tasks/reencrypt-vault-{super,default}-key.yml' when this
......
$ANSIBLE_VAULT;1.1;AES256
38306134633332383131393237386134643236316136333335313130663639373434643434303734
6530323361333765393633616338333830346634363835350a363933363736393935333833313461
66336437366666316366326566313837653934333732336532393264343663643861633639636566
3330353837636631320a303533653661623866383230353563366166653232316635353631613836
39306531623538656335643031623361633465366138356263663630386362626630336262303865
31306465323730316633316534333663313565336634346164363331353962366239663035366139
33636139666262663962396236396337666336663835633865373966386534393064323333326164
35643530656134643565
63633533303232373335663630346139613137616132393738383265663337636565663935386365
3262636536383962333438653033323061306433323232610a623836643732616163383364316639
37626134643334383432346465343734353566663261643334396563336132666133666431313563
6365643566626635360a616139393131346566666266653737303562663664656231643836373038
37316436643133333261313963356435353938393032313935353939613962303733623934313965
64356635626561376130336134656436386638306538373635313638393932313337316636343533
32666138613765326332373335366634313530656162383162633861666365333230303132346263
63613031643230356361383638386230613231626135663763373630666362623536663165356335
33333033376332653130626262633563336238383931393636346339333963326330373431363931
61383733626363316539653638373562616335366363306365353166666335383037633830636263
37313663636139666131623435383833313434396665663162623934646330626362346237363331
65323537383536333763646431623061646337613761363861373261343638653235333038663239
34636662663763363832643061313035316437633965346332363432653562613865623261613235
61303239626136303736356533373739343566313464343931383962633232313263383230336438
32653534623739616436346539616336373562376632303833323230643465666262303263383334
64623362363863393866666461396237613934656239653262316438633338313036303436313236
61623562376139616539646231376438636234656363666639646465663035326161346435396439
63613839396163616135313537626535393039623866646431333239383263313931386131303464
36353837303662343530663561363036633864346131343731643535386462316663353233636638
36323134643230376239326637656537633337323333616630313531653239366263386238363333
32336538613635613964366562383165616433363738623638393364363233636262643131653532
62326363356333333563383139323366363462613031303566376365643439373163613166333339
38353266616463396139336663353536336631666565656630396431363439333034653336316234
61663232383136353937336431353131323933613462666233663464656166356161613039316436
3136
$ANSIBLE_VAULT;1.1;AES256
63633533303232373335663630346139613137616132393738383265663337636565663935386365
3262636536383962333438653033323061306433323232610a623836643732616163383364316639
37626134643334383432346465343734353566663261643334396563336132666133666431313563
6365643566626635360a616139393131346566666266653737303562663664656231643836373038
37316436643133333261313963356435353938393032313935353939613962303733623934313965
64356635626561376130336134656436386638306538373635313638393932313337316636343533
32666138613765326332373335366634313530656162383162633861666365333230303132346263
63613031643230356361383638386230613231626135663763373630666362623536663165356335
33333033376332653130626262633563336238383931393636346339333963326330373431363931
61383733626363316539653638373562616335366363306365353166666335383037633830636263
37313663636139666131623435383833313434396665663162623934646330626362346237363331
65323537383536333763646431623061646337613761363861373261343638653235333038663239
34636662663763363832643061313035316437633965346332363432653562613865623261613235
61303239626136303736356533373739343566313464343931383962633232313263383230336438
32653534623739616436346539616336373562376632303833323230643465666262303263383334
64623362363863393866666461396237613934656239653262316438633338313036303436313236
61623562376139616539646231376438636234656363666639646465663035326161346435396439
63613839396163616135313537626535393039623866646431333239383263313931386131303464
36353837303662343530663561363036633864346131343731643535386462316663353233636638
36323134643230376239326637656537633337323333616630313531653239366263386238363333
32336538613635613964366562383165616433363738623638393364363233636262643131653532
62326363356333333563383139323366363462613031303566376365643439373163613166333339
38353266616463396139336663353536336631666565656630396431363439333034653336316234
61663232383136353937336431353131323933613462666233663464656166356161613039316436
3136
filesystem: btrfs
ipv4_address: 65.21.106.94
wireguard_address: 10.0.0.37
wireguard_public_key: obBFreFGNDLB17+PaJspE4qNeVX4o7ZPcJj3ZmJhahg=
$ANSIBLE_VAULT;1.1;AES256
32363065633737653663623334663139323638366462343630623765396636353932653932356261
6239356162633731656330383436363861376231616462390a356432316532333632653839333230
63636434373462643231323532633362363434646230323636333264393032373632343932616361
6536383038313134300a363139313337646533626334333666326535623039323332666338306532
33643430313864663833343765623138393165386564343636306363626232666436353665353235
34623064363764336139633334663530376332633536383033313438613035303662333435313536
34366663643130633064646161613065373532653235373730316439643165383635353761396639
61656462333035666437
......@@ -51,7 +51,6 @@ security.archlinux.org
md.archlinux.org
lists.archlinux.org
gluebuddy.archlinux.org
mailman3.archlinux.org
[public_html]
homedir.archlinux.org
......@@ -138,7 +137,6 @@ gluebuddy.archlinux.org
homedir.archlinux.org
lists.archlinux.org
mail.archlinux.org
mailman3.archlinux.org
man.archlinux.org
matrix.archlinux.org
md.archlinux.org
......
......@@ -8,7 +8,7 @@
- { role: sshd }
- { role: root_ssh }
- { role: hardening }
- { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" }
- { role: borg_client, tags: ["borg"] }
- { role: prometheus_exporters }
- { role: promtail }
- { role: certbot }
......@@ -17,4 +17,5 @@
- { role: rspamd, rspamd_dkim_domain: lists.archlinux.org, rspamd_dkim_use_esld: false, tags: ["mail"] }
- { role: unbound, unbound_port: 5353, tags: ["mail"] }
- { role: uwsgi }
- { role: postgres }
- { role: mailman }
- name: Setup mailman3 server
hosts: mailman3.archlinux.org
remote_user: root
roles:
- { role: common }
- { role: firewalld }
- { role: wireguard }
- { role: sshd }
- { role: root_ssh }
- { role: hardening }
- { role: borg_client, tags: ["borg"] }
- { role: prometheus_exporters }
- { role: promtail }
- { role: nginx, nginx_firewall_zone: wireguard }
- { role: uwsgi }
- { role: postgres }
- { role: mailman3 }
lists_domain: lists.archlinux.org
lists:
arch-announce:
allow_list_posts: false
bounce_info_stale_after: 60d
default_member_action: reject
default_nonmember_action: reject
description: This mailing list is for official announcements for the Arch Linux distribution.
display_name: Arch-announce
moderator_password: "{{ vault_archweb_mailman_password }}"
arch-commits:
allow_list_posts: false
accept_these_nonmembers:
- ^.+@(.+\.)?archlinux\.org
archive_policy: never
default_member_action: reject
default_nonmember_action: reject
description: Arch Linux packaging commits
display_name: Arch-commits
info: This list contains all commits to the package repositories, including diffs for newest changes.
max_message_size: 200
arch-dev:
advertised: false
archive_policy: private
description: Development Discussion for Arch Linux
display_name: Arch-dev
info: This list is for development discussion about Arch Linux. This list is closed to the general public and only used by internal Arch Linux developers.
subscription_policy: confirm_then_moderate
arch-devops:
display_name: Arch-devops
description: Arch Linux Infrastructure development discussion
arch-devops-private:
advertised: false
archive_policy: private
description: List for internal discussion of the devops team
display_name: Arch-devops-private
subscription_policy: confirm_then_moderate
arch-dev-public:
default_member_action: hold
description: Public mailing list for Arch Linux development
display_name: Arch-dev-public
arch-events:
description: Arch Linux Events
display_name: Arch-events
arch-general:
description: General Discussion about Arch Linux
display_name: Arch-general
info: |
This mailing list hosts general discusson about the Arch Linux distribution. Questions, problems, and new development ideas can be posted here.
You must be subscribed to the list in order to post to it.
arch-mirrors-announce:
description: List for mirror admins to send announcements (like downtime notifications) to our users
display_name: Arch-mirrors-announce
info: |
This list is intended for admins of Arch Linux mirrors that want to notify our users about downtime of their mirror.
This list also accepts mails from non-subscribers.
arch-mirrors:
description: Arch Linux Mirroring Discussion and Announcements
display_name: Arch-mirrors
info: This list is intended for admins of Arch Linux mirrors. Discussion and announcements regarding mirroring will use this list.
arch-multilib:
description: Arch Linux Multilib (32bit libs on 64bit OSes)
display_name: Arch-multilib
arch-ports:
description: Discussion regarding the porting of Arch Linux to non-x86_64 architectures
display_name: Arch-ports
info: This list is primarily used to talk about porting Arch Linux to non-x86_64 platforms, such as PPC, ARM, i586, i686, etc.
arch-proaudio:
description: Discussion about real-time multimedia, including (semi-)pro audio and video
display_name: Arch-proaudio
arch-projects:
description: Arch Linux projects development discussion
display_name: Arch-projects
info: |
Announcements, development discussion, patches and pull requests for the Arch Linux projects:<ul><li><a target="blank" href="https://github.com/archlinux/archweb/">archweb</a> (patches preferably on Github as pull requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/arch-release-promotion/">arch-release-promotion</a> (patches only on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/dbscripts/">dbscripts</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/devtools/">devtools</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://github.com/archlinux/mkinitcpio/">mkinitcpio</a> (patches preferably on Github as pull requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/namcap/">namcap</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/netctl/">netctl</a> (patches preferably on the mailing list)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/pyalpm/">pyalpm</a> (patches preferably on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/repod/">repod</a> (patches only on GitLab as merge requests)</li><li><a target="blank" href="https://gitlab.archlinux.org/archlinux/shim-signed/">shim-signed</a> (contributions preferably on GitLab as merge requests)</li></ul>
Please begin the email subject with the name of a project in square brackets (e.g. <code>[devtools]</code>). If no project matches, use <code>[projects]</code>.
Note: No user discussion!
arch-releng:
description: Arch Linux Release Engineering
display_name: Arch-releng
arch-security:
description: Announcements about security issues in Arch Linux and its packages
display_name: Arch-security
info: Discussion about announcements should happen on arch-general.
arch-tu:
advertised: false
archive_policy: private
description: Trusted Users Discussion for Arch Linux
display_name: Arch-tu
info: This list is for trusted users discussion about Arch Linux. This list is closed to the general public and only used by internal Arch Linux trusted users.
subscription_policy: confirm_then_moderate
arch-wiki-admins:
advertised: false
archive_policy: private
default_nonmember_action: defer
display_name: Arch-wiki-admins
subscription_policy: confirm_then_moderate
arch-women:
description: Mailing list for the Arch Women project
display_name: Arch-women
info: |
<a href="https://archwomen.org/">Arch Women</a> is an all inclusive organization of Arch Linux enthusiasts with a focus on helping more women become involved in the Arch Linux community and FOSS.
Mailing list graciously hosted by the Arch Linux™ project.
aur-dev:
description: Arch User Repository (AUR) Development
display_name: Aur-dev
info: This list is intended for discussion of AUR and community based code and development.
aur-general:
description: Discussion about the Arch User Repository (AUR)
display_name: Aur-general
info: This list is for Trusted Users, Arch Linux developers, and the general public to discuss issues surrounding the Trusted User structure and the Arch User Repository (AUR).
aur-requests:
accept_these_nonmembers:
- notify@aur.archlinux.org
description: Public mailing list for AUR package deletion/merge/orphan requests
display_name: Aur-requests
pacman-contrib:
description: Discussion list for pacman-contrib development
display_name: Pacman-contrib
info: This list is used by pacman-contrib developers to coordinate, share patches, etc.
pacman-dev:
description: Discussion list for pacman development
display_name: Pacman-dev
info: This list is used by pacman developers and contributors to coordinate, fix problems, share patches, etc.
staff:
advertised: false
archive_policy: private
description: Internal list that includes all Arch Linux staff members (devs, TUs, support staff)
display_name: Staff
subscription_policy: confirm_then_moderate
[uwsgi]
plugins = cgi
socket = /run/uwsgi/%n.sock
chmod-socket = 770
threads = 2
cgi = /=/usr/lib/mailman/cgi-bin/
cgi-index = listinfo
uid = mailman
gid = http
/listinfo/arch-announce /mailman3/lists/arch-announce@lists.archlinux.org/;
/listinfo/arch-commits /mailman3/lists/arch-commits@lists.archlinux.org/;
/listinfo/arch-dev /mailman3/lists/arch-dev@lists.archlinux.org/;
/listinfo/arch-dev-public /mailman3/lists/arch-dev-public@lists.archlinux.org/;
/listinfo/arch-devops /mailman3/lists/arch-devops@lists.archlinux.org/;
/listinfo/arch-devops-private /mailman3/lists/arch-devops-private@lists.archlinux.org/;
/listinfo/arch-events /mailman3/lists/arch-events@lists.archlinux.org/;
/listinfo/arch-general /mailman3/lists/arch-general@lists.archlinux.org/;
/listinfo/arch-mirrors /mailman3/lists/arch-mirrors@lists.archlinux.org/;
/listinfo/arch-mirrors-announce /mailman3/lists/arch-mirrors-announce@lists.archlinux.org/;
/listinfo/arch-multilib /mailman3/lists/arch-multilib@lists.archlinux.org/;
/listinfo/arch-ports /mailman3/lists/arch-ports@lists.archlinux.org/;
/listinfo/arch-proaudio /mailman3/lists/arch-proaudio@lists.archlinux.org/;
/listinfo/arch-projects /mailman3/lists/arch-projects@lists.archlinux.org/;
/listinfo/arch-releng /mailman3/lists/arch-releng@lists.archlinux.org/;
/listinfo/arch-security /mailman3/lists/arch-security@lists.archlinux.org/;
/listinfo/arch-tu /mailman3/lists/arch-tu@lists.archlinux.org/;
/listinfo/arch-wiki-admins /mailman3/lists/arch-wiki-admins@lists.archlinux.org/;
/listinfo/arch-women /mailman3/lists/arch-women@lists.archlinux.org/;
/listinfo/aur-dev /mailman3/lists/aur-dev@lists.archlinux.org/;
/listinfo/aur-general /mailman3/lists/aur-general@lists.archlinux.org/;
/listinfo/aur-requests /mailman3/lists/aur-requests@lists.archlinux.org/;
/listinfo/pacman-contrib /mailman3/lists/pacman-contrib@lists.archlinux.org/;
/listinfo/pacman-dev /mailman3/lists/pacman-dev@lists.archlinux.org/;
/listinfo/staff /mailman3/lists/staff@lists.archlinux.org/;
[Service]
Restart=always
- name: Restart mailman
service: name=mailman daemon_reload=yes state=restarted
- name: Reload mailman
service: name=mailman state=reloaded
service: name=mailman3 state=reloaded
- name: Restart mailman-web
service: name=uwsgi@mailman\\x2dweb.service state=restarted
- name: Reload postfix
service: name=postfix state=reloaded
......@@ -11,4 +11,3 @@
command: postmap /etc/postfix/{{ item }}
loop:
- aliases
- transport
......@@ -4,12 +4,19 @@
vars:
domains: ["{{ lists_domain }}"]
- name: Install mailman, uwsgi-plugin-cgi and postfx
pacman: name=mailman,uwsgi-plugin-cgi,postfix,postfix-pcre state=present
- name: Install mailman3 and related packages
pacman: name=mailman3,mailman3-hyperkitty,python-psycopg2,mailman-web,python-xapian-haystack,uwsgi-plugin-python,postfix,postfix-pcre state=present
register: install
- name: Install mailman configuration
template: src=mm_cfg.py.j2 dest=/etc/mailman/mm_cfg.py follow=yes owner=root group=root mode=0644
notify: Reload mailman
- name: Install {mailman,mailman-web} configuration
template: src={{ item.src }} dest={{ item.dest }} owner=root group={{ item.group }} mode=0640
loop:
- {src: mailman.cfg.j2, dest: /etc/mailman.cfg, group: mailman}
- {src: mailman-hyperkitty.cfg.j2, dest: /etc/mailman-hyperkitty.cfg, group: mailman}
- {src: settings.py.j2, dest: /etc/webapps/mailman-web/settings.py, group: mailman-web}
notify:
- Reload mailman
- Restart mailman-web
- name: Install postfix configuration
template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0644
......@@ -22,59 +29,66 @@
- milter_header_checks
notify: Run postmap
- name: Install postfix templated maps
template: src={{ item }}.j2 dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
loop:
- transport
notify: Run postmap
- name: Open firewall holes for postfix
ansible.posix.firewalld: service=smtp zone={{ item }} permanent=true state=enabled immediate=yes
loop:
-
- wireguard
when: configure_firewall
ansible.posix.firewalld: service=smtp permanent=true state=enabled immediate=yes
tags:
- firewall
- name: Create mailman list
command: /usr/lib/mailman/bin/newlist -a mailman root@{{ lists_domain }} meG0n5Wq6dEWCA6s
args:
creates: /var/lib/mailman/lists/mailman
- name: Configure mailman uwsgi service
copy: src=mailman.ini dest=/etc/uwsgi/vassals/ owner=mailman group=http mode=0644
- name: Make nginx log dir
file: path=/var/log/nginx/{{ lists_domain }} state=directory owner=root group=root mode=0755
- name: Install nginx mailman2->mailman3 redirect map
copy: src=migrated-lists.map dest=/etc/nginx/maps/ owner=root group=root mode=0644
notify: Reload nginx
- name: Set up nginx
template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/mailman.conf" owner=root group=root mode=644
notify: Reload nginx
tags: ['nginx']
- name: Start and enable postfix
systemd: name=postfix.service enabled=yes daemon_reload=yes state=started
- name: Create postgres {mailman,mailman-web} user
postgresql_user: name={{ item.username }} password={{ item.password }}
loop:
- {username: "{{ vault_mailman_db_user }}", password: "{{ vault_mailman_db_password }}"}
- {username: "{{ vault_mailman_web_db_user }}", password: "{{ vault_mailman_web_db_password }}"}
become: true
become_user: postgres
become_method: su
no_log: true
- name: Create drop-in directory for mailman.service
file: path=/etc/systemd/system/mailman.service.d state=directory owner=root group=root mode=0755
- name: Create {mailman,mailman-web} db
postgresql_db: name={{ item.db }} owner={{ item.owner }}
loop:
- {db: mailman, owner: "{{ vault_mailman_db_user }}"}
- {db: mailman-web, owner: "{{ vault_mailman_web_db_user }}"}
become: true
become_user: postgres
become_method: su
- name: Install drop-in for mailman.service
copy: src=override.conf dest=/etc/systemd/system/mailman.service.d/ owner=root group=root mode=0644
notify: Restart mailman
- name: Run Django management tasks
command: django-admin {{ item }} --pythonpath /etc/webapps/mailman-web --settings settings
loop:
- migrate
- loaddata
- collectstatic
- compress
become: true
become_user: mailman-web
when: false
- name: Start and enable postfix
systemd: name=postfix.service enabled=yes daemon_reload=yes state=started
- name: Start and enable mailman{.service,-*.timer}
systemd: name={{ item }} enabled=yes daemon_reload=yes state=started
loop:
- mailman.service
- mailman-senddigests.timer
- mailman-nightlygzip.timer
- mailman-mailpasswds.timer
- mailman-gatenews.timer
- mailman-disabled.timer
- mailman-cullbadshunt.timer
- mailman-checkdbs.timer
- mailman3.service
- mailman3-digests.timer
- mailman3-notify.timer
- uwsgi@mailman\x2dweb.service
- name: Update list configurations
uri:
url: http://localhost:8001/3.1/lists/{{ item }}.lists.archlinux.org/config
user: "{{ vault_mailman_admin_user }}"
password: "{{ vault_mailman_admin_pass }}"
method: PUT
body_format: json
status_code: 204
body: "{{ lookup('file', 'list_base_configuration.json') | from_json | combine(lists[item]) | to_json }}"
loop: "{{ lists.keys() }}"
......@@ -15,7 +15,7 @@
# better if it is not.
# However, if your Mailman installation is accessed via HTTPS, the URL needs
# to match your SSL certificate (e.g. https://lists.example.com/hyperkitty).
base_url: http://localhost/archives/
base_url: http://localhost:8000/archives/
# Shared API key, must be the identical to the value in HyperKitty's
# settings.
......
......@@ -10,13 +10,6 @@ url: postgres://{{ vault_mailman_db_user }}:{{ vault_mailman_db_password }}@/mai
admin_user: {{ vault_mailman_admin_user }}
admin_pass: {{ vault_mailman_admin_pass }}
[mta]
configuration: /etc/postfix.cfg
lmtp_host: {{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}
lmtp_port: 8024
smtp_host: {{ hostvars['lists.archlinux.org']['wireguard_address'] }}
smtp_port: 25
[archiver.hyperkitty]
class: mailman_hyperkitty.Archiver
enable: yes
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment