Setup mailman3 server

We want to migrate to mailman3 as mailman2 is basically unmaintained and requires Python 2 which is EOL.

Because the mailman and mailman3 packages conflict and we don't want to perform a big bang migration, mailman3 must be deployed on a separate server. mailman-web (mailman3's web interface) hasn't been packaged yet, so for now we are using my homebrewed PKGBUILD.

[1] https://gist.github.com/klausenbusk/5982063f95c503754a51ed2fefb8915e

Ref #59 (closed)

---

Migrated lists:

• arch-announce
• arch-devops-private
• arch-events
• arch-wiki-admins

roles/mailman3/tasks/main.yml

+---
+- name: install mailman3 and related packages
+  pacman: name=mailman3,mailman3-hyperkitty,python-psycopg2,mailman-web,uwsgi-plugin-python state=present
+  register: install
+
+- name: install {mailman,mailman-web} configuration
+  template: src={{ item.src }} dest={{ item.dest }} owner=root group={{ item.group }} mode=0640
+  loop:
+    - {src: mailman.cfg.j2, dest: /etc/mailman.cfg, group: mailman}
+    - {src: mailman-hyperkitty.cfg.j2, dest: /etc/mailman-hyperkitty.cfg, group: mailman}
+    - {src: settings.py.j2, dest: /etc/webapps/mailman-web/settings.py, group: mailman-web}
+    - {src: urls.py.j2, dest: /etc/webapps/mailman-web/urls.py, group: mailman-web}
+  notify:
+    - reload mailman
+    - restart mailman-web
+
+- name: install mailman postfix.cfg configuration
+  copy: src=postfix.cfg dest=/etc/postfix.cfg owner=root group=root mode=0644
+  notify: reload mailman
+
+- name: make nginx log dir
+  file: path=/var/log/nginx/{{ lists_domain }} state=directory owner=root group=root mode=0755
+
+- name: set up nginx
+  template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/mailman.conf" owner=root group=root mode=644
+  notify: reload nginx
+  tags: ['nginx']
+
+- name: create postgres {mailman,mailman-web} user
+  postgresql_user: name={{ item.username }} password={{ item.password }}
+  loop:
+    - {username: "{{ vault_mailman_db_user }}", password: "{{ vault_mailman_db_password }}"}
+    - {username: "{{ vault_mailman_web_db_user }}", password: "{{ vault_mailman_web_db_password }}"}
+  become: true
+  become_user: postgres
+  become_method: su
+  no_log: true
+
+- name: create {mailman,mailman-web} db
+  postgresql_db: name={{ item.db }} owner={{ item.owner }}
+  loop:
+    - {db: mailman, owner: "{{ vault_mailman_db_user }}"}
+    - {db: mailman-web, owner: "{{ vault_mailman_web_db_user }}"}
+  become: true
+  become_user: postgres
+  become_method: su
+
+- name: run Django management tasks
+  command: django-admin {{ item }} --pythonpath /etc/webapps/mailman-web --settings settings
+  loop:
+    - migrate
+    - loaddata
+    - collectstatic
+    - compress
+  become: true
+  become_user: mailman-web
+  when: install.changed
+
+- name: open LMTP ipv4 port for lists.archlinux.org
+  ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
+    rich_rule="rule family=ipv4 source address={{ hostvars['lists.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8024 accept"
+  tags:
+    - firewall
+
+- name: start and enable mailman{.service,-*.timer}
+  systemd: name={{ item }} enabled=yes daemon_reload=yes state=started
+  loop:
+    - mailman3.service
+    - mailman3-digests.timer
+    - mailman3-gatenews.timer
+    - mailman3-notify.timer
+    - uwsgi@mailman\x2dweb.service