|
|
# Meeting 2020 11 26
|
|
|
|
|
|
[[_TOC_]]
|
|
|
|
|
|
## Mail migration updates
|
|
|
|
|
|
### State
|
|
|
|
|
|
* Migrated to rspamd on mail.archlinux.org and remove spamassasian
|
|
|
* [Enabled a service](https://gitlab.archlinux.org/archlinux/infrastructure/-/commit/5adae994b6910b289cc8e68930ca15cbb16ce8a0) which does purging of dovecot inboxes which free'd 4GB of diskspace (`Remove messages with refcount=0 from mdbox files`)
|
|
|
* Found an issue in archweb that we send an email with a Reply-To to the user that has flagged the package.
|
|
|
|
|
|
### Who
|
|
|
|
|
|
* Jelle, freswa, wCPO
|
|
|
|
|
|
### Actionable
|
|
|
|
|
|
* Create an archweb issue for removing / reworking reply-to for flagging packages request
|
|
|
* Resolve/Investigate spam issues which have been reported
|
|
|
* Stop Luna from relaying emails to mail.archlinux.org
|
|
|
|
|
|
|
|
|
## Dovecot keycloak integration update
|
|
|
|
|
|
### State
|
|
|
|
|
|
* A meeting has been held about adding the option to support "app password" (singular) for dovecot.
|
|
|
* A hashed password (bcrypt) is stored in a Keycloak attribute which a user can write too.
|
|
|
* We create a mapping file which maps the keycloak userid to the @archlinux.org address.
|
|
|
* A small [tool](https://github.com/svenstaro/keycloak-http-webhook-provider) has been created to allow user profile updates to be received by a mail credential syncer.
|
|
|
* A small [tool](https://gitlab.archlinux.org/archlinux/mail-credential-syncer) has been created to save these hashed passwords into a file which is compatible with dovecot/opensmtpd
|
|
|
*
|
|
|
|
|
|
### Who
|
|
|
|
|
|
* freswa, wCPO, svenstaro, lambdaclan
|
|
|
|
|
|
### Actionable
|
|
|
|
|
|
* Document creating of service account (see [notes](https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/210#note_6564))
|
|
|
* Research/Check if that Keycloak read only scope does what it says.
|
|
|
* Package keycloak-http-webhook-provider
|
|
|
* Write an ansible role to deploy mapping role, syncer, keycloak http webhook provider
|
|
|
* Research [manage sieve](https://wiki.dovecot.org/Pigeonhole/ManageSieve/Configuration) deployment
|
|
|
* Customize Keycloak theme and add "app password" field ([#217](https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/217))
|
|
|
* Add bcrypt REST endpoint (Keycloak [doc](https://www.keycloak.org/docs/latest/server_development/#_extensions_rest))
|
|
|
* Add "password-validate" REST endpoint which use the internal Keycloak API
|
|
|
|
|
|
## Gitlab pages for projects
|
|
|
|
|
|
### State
|
|
|
|
|
|
* We want to enable Gitlab pages for askme-not and conf.archlinux.org so these projects can deploy themselves and devops don't have to worry.
|
|
|
|
|
|
### Who
|
|
|
|
|
|
* svenstaro
|
|
|
|
|
|
### Actionable
|
|
|
|
|
|
* Can we limit Gitlab pages to only certain projects
|
|
|
* How do we setup a custom domain for official domains
|
|
|
* Consider allowing arch staff to deploy pages under *.pkgbuild.com (see [#30](https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/30) for wildcard notes)
|
|
|
|
|
|
## Mailman migration
|
|
|
|
|
|
### State
|
|
|
|
|
|
* hyperkity - modern mailman archive
|
|
|
* postorious - list management interface
|
|
|
|
|
|
* Investigate Keycloak and mailman integration
|
|
|
* Will continue working from the current mailman branch with postorious/hyperkitty integration
|
|
|
* Combining hyperkitty and postorious is a bit tricky on one domain
|
|
|
* Figuring out how to change the domain of the list without breaking too much
|
|
|
*
|
|
|
|
|
|
### Who
|
|
|
|
|
|
* dvzrv
|
|
|
|
|
|
### Actionable
|
|
|
|
|
|
* Continue with the mailman integration/ansible role
|
|
|
* Split postfix configuration from mail.archlinux.org |
|
|
\ No newline at end of file |