From ea4e61f38ed1fe35ff8eaa824b10df7c1e0c060f Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Fri, 2 Jul 2021 22:03:11 +0200
Subject: [PATCH] wip: mailman3 role

mailman: use unix socket for postgres
---
 playbooks/mailman3.archlinux.org.yml     |  3 ++
 roles/mailman3/defaults/main.yml         |  1 +
 roles/mailman3/files/postfix.cfg         | 13 ++++++
 roles/mailman3/handlers/main.yml         |  3 ++
 roles/mailman3/tasks/main.yml            | 55 ++++++++++++++++++++++++
 roles/mailman3/templates/mailman.cfg.j2  | 12 ++++++
 roles/mailman3/templates/nginx.d.conf.j2 | 53 +++++++++++++++++++++++
 7 files changed, 140 insertions(+)
 create mode 100644 roles/mailman3/defaults/main.yml
 create mode 100644 roles/mailman3/files/postfix.cfg
 create mode 100644 roles/mailman3/handlers/main.yml
 create mode 100644 roles/mailman3/tasks/main.yml
 create mode 100644 roles/mailman3/templates/mailman.cfg.j2
 create mode 100644 roles/mailman3/templates/nginx.d.conf.j2

diff --git a/playbooks/mailman3.archlinux.org.yml b/playbooks/mailman3.archlinux.org.yml
index 90df800fc..93d6c3551 100644
--- a/playbooks/mailman3.archlinux.org.yml
+++ b/playbooks/mailman3.archlinux.org.yml
@@ -13,3 +13,6 @@
     - { role: prometheus_exporters }
     - { role: promtail }
     - { role: nginx, nginx_firewall_zone: wireguard }
+    - { role: uwsgi }
+    - { role: postgres }
+    - { role: mailman3 }
diff --git a/roles/mailman3/defaults/main.yml b/roles/mailman3/defaults/main.yml
new file mode 100644
index 000000000..d727cd8b4
--- /dev/null
+++ b/roles/mailman3/defaults/main.yml
@@ -0,0 +1 @@
+#lists_domain: lists.archlinux.org
diff --git a/roles/mailman3/files/postfix.cfg b/roles/mailman3/files/postfix.cfg
new file mode 100644
index 000000000..6068f1cc6
--- /dev/null
+++ b/roles/mailman3/files/postfix.cfg
@@ -0,0 +1,13 @@
+[postfix]
+# Additional configuration variables for the postfix MTA.
+
+# This variable describe the program to use for regenerating the transport map
+# db file, from the associated plain text files.  The file being updated will
+# be appended to this string (with a separating space), so it must be
+# appropriate for os.system().
+postmap_command: /usr/bin/true
+
+# This variable describes the type of transport maps that will be generated by
+# mailman to be used with postfix for LMTP transport. By default, it is set to
+# hash, but mailman also supports `regex` tables.
+transport_file_type: hash
diff --git a/roles/mailman3/handlers/main.yml b/roles/mailman3/handlers/main.yml
new file mode 100644
index 000000000..f4cd5f021
--- /dev/null
+++ b/roles/mailman3/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: reload mailman
+  service: name=mailman3 state=reloaded
diff --git a/roles/mailman3/tasks/main.yml b/roles/mailman3/tasks/main.yml
new file mode 100644
index 000000000..676c673f9
--- /dev/null
+++ b/roles/mailman3/tasks/main.yml
@@ -0,0 +1,55 @@
+---
+- name: install mailman3, python-zipp, python-psycopg2 and uwsgi-plugin-python
+  pacman: name=mailman3,python-zipp,python-psycopg2,uwsgi-plugin-python state=present
+
+- name: install mailman configuration
+  template: src=mailman.cfg.j2 dest=/etc/mailman.cfg owner=root group=mailman mode=0640
+  loop:
+  notify: reload mailman
+
+- name: install mailman postfix.cfg configuration
+  copy: src=postfix.cfg dest=/etc/postfix.cfg owner=root group=root mode=0644
+  notify: reload mailman
+
+#- name: create mailman list
+#  command: /usr/lib/mailman/bin/newlist -a mailman root@{{ lists_domain }} meG0n5Wq6dEWCA6s
+#  args:
+#    creates: /var/lib/mailman/lists/mailman
+
+#- name: configure mailman uwsgi service
+#  copy: src=mailman.ini dest=/etc/uwsgi/vassals/ owner=mailman group=http mode=0644
+
+#- name: make nginx log dir
+#  file: path=/var/log/nginx/{{ lists_domain }} state=directory owner=root group=root mode=0755
+
+#- name: set up nginx
+#  template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/mailman.conf" owner=root group=root mode=644
+#  notify: reload nginx
+#  tags: ['nginx']
+
+- name: create postgres mailman user
+  postgresql_user: name="{{ vault_mailman_db_user }}" password="{{ vault_mailman_db_password }}"
+  become: true
+  become_user: postgres
+  become_method: su
+  no_log: true
+
+- name: create mailman db
+  postgresql_db: name=mailman owner="{{ vault_mailman_db_user }}"
+  become: true
+  become_user: postgres
+  become_method: su
+
+# TODO: start uwsgi
+
+- name: start and enable mailman{.service,-*.timer}
+  systemd: name={{ item }} enabled=yes daemon_reload=yes state=started
+  loop:
+    - mailman3.service
+#    - mailman-senddigests.timer
+#    - mailman-nightlygzip.timer
+#    - mailman-mailpasswds.timer
+#    - mailman-gatenews.timer
+#    - mailman-disabled.timer
+#    - mailman-cullbadshunt.timer
+#    - mailman-checkdbs.timer
diff --git a/roles/mailman3/templates/mailman.cfg.j2 b/roles/mailman3/templates/mailman.cfg.j2
new file mode 100644
index 000000000..7633af95f
--- /dev/null
+++ b/roles/mailman3/templates/mailman.cfg.j2
@@ -0,0 +1,12 @@
+[mailman]
+layout: fhs
+
+[database]
+class: mailman.database.postgresql.PostgreSQLDatabase
+url: postgres://{{ vault_mailman_db_user }}:{{ vault_mailman_db_password }}@/mailman
+
+
+# TODO: admin_user and admin_pass
+
+[mta]
+configuration: /etc/postfix.cfg
diff --git a/roles/mailman3/templates/nginx.d.conf.j2 b/roles/mailman3/templates/nginx.d.conf.j2
new file mode 100644
index 000000000..accb7e83b
--- /dev/null
+++ b/roles/mailman3/templates/nginx.d.conf.j2
@@ -0,0 +1,53 @@
+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  {{ lists_domain }};
+
+    access_log   /var/log/nginx/{{ lists_domain }}/access.log main;
+    access_log   /var/log/nginx/{{ lists_domain }}/access.log.json json_main;
+    error_log    /var/log/nginx/{{ lists_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        access_log off;
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+server {
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ lists_domain }};
+
+    access_log   /var/log/nginx/{{ lists_domain }}/access.log main;
+    access_log   /var/log/nginx/{{ lists_domain }}/access.log.json json_main;
+    error_log    /var/log/nginx/{{ lists_domain }}/error.log;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ lists_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ lists_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ lists_domain }}/chain.pem;
+
+    # redirect old urls
+    location /mailman {
+        rewrite ^/mailman/(.*) /$1 permanent;
+    }
+
+    location /icons {
+        alias /usr/lib/mailman/icons;
+    }
+
+    location /pipermail {
+        alias /var/lib/mailman/archives/public;
+        autoindex on;
+    }
+
+    location / {
+        root            /usr/lib/mailman/cgi-bin/;
+        index           listinfo;
+        include         uwsgi_params;
+        uwsgi_modifier1 9;
+        uwsgi_pass      unix:/run/uwsgi/mailman.sock;
+    }
+
+}
-- 
GitLab