wip: mailman3 role

mailman: use unix socket for postgres

wip: mailman3 role
ea4e61f3 · Kristian Klausen · Jelle van der Waa · 9c26396c · ea4e61f3 · ea4e61f3
Verified Commit ea4e61f3 authored 3 years ago by Kristian Klausen Committed by Jelle van der Waa 3 years ago
--- a/playbooks/mailman3.archlinux.org.yml
+++ b/playbooks/mailman3.archlinux.org.yml
@@ -13,3 +13,6 @@
    - { role: prometheus_exporters }
    - { role: promtail }
    - { role: nginx, nginx_firewall_zone: wireguard }
+    - { role: uwsgi }
+    - { role: postgres }
+    - { role: mailman3 }
--- a/roles/mailman3/defaults/main.yml
+++ b/roles/mailman3/defaults/main.yml
+#lists_domain: lists.archlinux.org
--- a/roles/mailman3/files/postfix.cfg
+++ b/roles/mailman3/files/postfix.cfg
+[postfix]
+# Additional configuration variables for the postfix MTA.
+
+# This variable describe the program to use for regenerating the transport map
+# db file, from the associated plain text files.  The file being updated will
+# be appended to this string (with a separating space), so it must be
+# appropriate for os.system().
+postmap_command: /usr/bin/true
+
+# This variable describes the type of transport maps that will be generated by
+# mailman to be used with postfix for LMTP transport. By default, it is set to
+# hash, but mailman also supports `regex` tables.
+transport_file_type: hash
--- a/roles/mailman3/handlers/main.yml
+++ b/roles/mailman3/handlers/main.yml
+---
+- name: reload mailman
+  service: name=mailman3 state=reloaded
--- a/roles/mailman3/tasks/main.yml
+++ b/roles/mailman3/tasks/main.yml
+---
+- name: install mailman3, python-zipp, python-psycopg2 and uwsgi-plugin-python
+  pacman: name=mailman3,python-zipp,python-psycopg2,uwsgi-plugin-python state=present
+
+- name: install mailman configuration
+  template: src=mailman.cfg.j2 dest=/etc/mailman.cfg owner=root group=mailman mode=0640
+  loop:
+  notify: reload mailman
+
+- name: install mailman postfix.cfg configuration
+  copy: src=postfix.cfg dest=/etc/postfix.cfg owner=root group=root mode=0644
+  notify: reload mailman
+
+#- name: create mailman list
+#  command: /usr/lib/mailman/bin/newlist -a mailman root@{{ lists_domain }} meG0n5Wq6dEWCA6s
+#  args:
+#    creates: /var/lib/mailman/lists/mailman
+
+#- name: configure mailman uwsgi service
+#  copy: src=mailman.ini dest=/etc/uwsgi/vassals/ owner=mailman group=http mode=0644
+
+#- name: make nginx log dir
+#  file: path=/var/log/nginx/{{ lists_domain }} state=directory owner=root group=root mode=0755
+
+#- name: set up nginx
+#  template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/mailman.conf" owner=root group=root mode=644
+#  notify: reload nginx
+#  tags: ['nginx']
+
+- name: create postgres mailman user
+  postgresql_user: name="{{ vault_mailman_db_user }}" password="{{ vault_mailman_db_password }}"
+  become: true
+  become_user: postgres
+  become_method: su
+  no_log: true
+
+- name: create mailman db
+  postgresql_db: name=mailman owner="{{ vault_mailman_db_user }}"
+  become: true
+  become_user: postgres
+  become_method: su
+
+# TODO: start uwsgi
+
+- name: start and enable mailman{.service,-*.timer}
+  systemd: name={{ item }} enabled=yes daemon_reload=yes state=started
+  loop:
+    - mailman3.service
+#    - mailman-senddigests.timer
+#    - mailman-nightlygzip.timer
+#    - mailman-mailpasswds.timer
+#    - mailman-gatenews.timer
+#    - mailman-disabled.timer
+#    - mailman-cullbadshunt.timer
+#    - mailman-checkdbs.timer
--- a/roles/mailman3/templates/mailman.cfg.j2
+++ b/roles/mailman3/templates/mailman.cfg.j2
+[mailman]
+layout: fhs
+
+[database]
+class: mailman.database.postgresql.PostgreSQLDatabase
+url: postgres://{{ vault_mailman_db_user }}:{{ vault_mailman_db_password }}@/mailman
+
+
+# TODO: admin_user and admin_pass
+
+[mta]
+configuration: /etc/postfix.cfg
--- a/roles/mailman3/templates/nginx.d.conf.j2
+++ b/roles/mailman3/templates/nginx.d.conf.j2
+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  {{ lists_domain }};
+
+    access_log   /var/log/nginx/{{ lists_domain }}/access.log main;
+    access_log   /var/log/nginx/{{ lists_domain }}/access.log.json json_main;
+    error_log    /var/log/nginx/{{ lists_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        access_log off;
+        return 301 https://$server_name$request_uri;
+    }
+}
+
+server {
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ lists_domain }};
+
+    access_log   /var/log/nginx/{{ lists_domain }}/access.log main;
+    access_log   /var/log/nginx/{{ lists_domain }}/access.log.json json_main;
+    error_log    /var/log/nginx/{{ lists_domain }}/error.log;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ lists_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ lists_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ lists_domain }}/chain.pem;
+
+    # redirect old urls
+    location /mailman {
+        rewrite ^/mailman/(.*) /$1 permanent;
+    }
+
+    location /icons {
+        alias /usr/lib/mailman/icons;
+    }
+
+    location /pipermail {
+        alias /var/lib/mailman/archives/public;
+        autoindex on;
+    }
+
+    location / {
+        root            /usr/lib/mailman/cgi-bin/;
+        index           listinfo;
+        include         uwsgi_params;
+        uwsgi_modifier1 9;
+        uwsgi_pass      unix:/run/uwsgi/mailman.sock;
+    }
+
+}