Meeting 2020 11 26

• Meeting 2020 11 26
  • Mail migration updates
    • State
    • Who
    • Actionable
  • Dovecot keycloak integration update
    • State
    • Who
    • Actionable
  • Gitlab pages for projects
    • State
    • Who
    • Actionable
  • Mailman migration
    • State
    • Who
    • Actionable

Mail migration updates

State

• Migrated to rspamd on mail.archlinux.org and remove spamassasian
• Enabled a service which does purging of dovecot inboxes which free'd 4GB of diskspace (Remove messages with refcount=0 from mdbox files)
• Found an issue in archweb that we send an email with a Reply-To to the user that has flagged the package.

Who

• Jelle, freswa, wCPO

Actionable

• Create an archweb issue for removing / reworking reply-to for flagging packages request
• Resolve/Investigate spam issues which have been reported
• Stop Luna from relaying emails to mail.archlinux.org

Dovecot keycloak integration update

State

• A meeting has been held about adding the option to support "app password" (singular) for dovecot.
• A hashed password (bcrypt) is stored in a Keycloak attribute which a user can write too.
• We create a mapping file which maps the keycloak userid to the @archlinux.org address.
• A small tool has been created to allow user profile updates to be received by a mail credential syncer.
• A small tool has been created to save these hashed passwords into a file which is compatible with dovecot/opensmtpd

Who

• freswa, wCPO, svenstaro, lambdaclan

Actionable

• Document creating of service account (see notes)
• Research/Check if that Keycloak read only scope does what it says.
• Package keycloak-http-webhook-provider
• Write an ansible role to deploy mapping role, syncer, keycloak http webhook provider
• Research manage sieve deployment
• Customize Keycloak theme and add "app password" field (#217)
  • Add bcrypt REST endpoint (Keycloak doc)
  • Add "password-validate" REST endpoint which use the internal Keycloak API

Gitlab pages for projects

State

• We want to enable Gitlab pages for askme-not and conf.archlinux.org so these projects can deploy themselves and devops don't have to worry.

Who

• svenstaro

Actionable

• Can we limit Gitlab pages to only certain projects
• How do we setup a custom domain for official domains
• Consider allowing arch staff to deploy pages under *.pkgbuild.com (see #30 (closed) for wildcard notes)

Mailman migration

State

• hyperkity - modern mailman archive

• postorious - list management interface

• Investigate Keycloak and mailman integration

• Will continue working from the current mailman branch with postorious/hyperkitty integration

• Combining hyperkitty and postorious is a bit tricky on one domain

• Figuring out how to change the domain of the list without breaking too much

Who

• dvzrv

Actionable

• Continue with the mailman integration/ansible role
• Split postfix configuration from mail.archlinux.org