Verified Commit 50615a32 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧 Committed by Jelle van der Waa
Browse files

Fully setup hyperkitty and nginx rules.

parent 3c36760a
# Mailman
mailman_domain: mailman3.archlinux.org # lists.archlinux.org
mailman_db_user: mailman
mailman_nginx_conf: /etc/nginx/nginx.d/mailman.conf
# Hyperkitty
hyperkitty_dir: /usr/share/webapps/hyperkitty
......
[Unit]
Description=uWSGI service unit
After=syslog.target
[Service]
ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/%I.ini
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -INT $MAINPID
Type=notify
SuccessExitStatus=15 17 29 30
StandardError=syslog
NotifyAccess=all
KillSignal=SIGQUIT
PrivateDevices=yes
PrivateTmp=yes
ProtectSystem=full
ReadWriteDirectories=/etc/webapps /var/lib/
ProtectHome=yes
NoNewPrivileges=yes
[Install]
WantedBy=multi-user.target
[Unit]
Description=Socket for uWSGI %I
[Socket]
ListenStream=/run/%I/%I.sock
SocketGroup=http
SocketMode=0660
[Install]
WantedBy=sockets.target
......@@ -29,7 +29,9 @@
become_user: postgres
become_method: su
- template: src="hyperkitty.py.j2" dest="/etc/webapps/hyperkitty/settings_local.py" owner=hyperkitty group=root mode=0644
- file: src=/etc/webapps/hyperkitty/settings_local.py dest=/usr/share/webapps/hyperkitty/settings_local.py owner=root group=hyperkitty state=link
- template: src="hyperkitty.py.j2" dest="/etc/webapps/hyperkitty/settings_local.py" owner=root group=hyperkitty mode=0644
# TODO: only run when required, ie. hyperkitty package updated
- name: generate a hyperkitty database
......@@ -82,6 +84,36 @@
become_method: sudo
when: not hyperkitty_superuser_existed
- name: copy uwsgi-secure@.socket service
copy: src=uwsgi-secure@.service dest=/etc/systemd/system/uwsgi-secure@.service
notify:
- daemon reload
- name: copy uwsgi-secure@.socket service
copy: src=uwsgi-secure@.socket dest=/etc/systemd/system/uwsgi-secure@.socket
notify:
- daemon reload
- name: create ssl cert
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ mailman_domain }}' creates='/etc/letsencrypt/live/{{ mailman_domain }}/fullchain.pem'
- name: make nginx log dir
file: path=/var/log/nginx/{{ mailman_domain }} state=directory owner=root group=root mode=0755
- name: set up nginx
template: src=nginx.d.conf.j2 dest="{{ mailman_nginx_conf }}" owner=root group=root mode=644
notify:
- reload nginx
tags: ['nginx']
- name: make nginx log dir
file: path=/var/log/nginx/{{ mailman_domain }} state=directory owner=root group=root mode=0755
- name: enable hyperkitty socket
service: name="uwsgi-secure@hyperkitty.socket" enabled=yes state=started
- name: enable hyperkitty asynchronous operations service
service: name="hyperkitty-qcluster.service" enabled=yes state=started
- name: start and enable mailman core service
service: name="mailman3.service" enabled=yes state=started
......
......@@ -10,6 +10,7 @@ ADMINS = (
ALLOWED_HOSTS = [
"localhost",
"127.0.0,1",
"{{ mailman_domain }}",
]
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
......@@ -23,7 +24,7 @@ DATABASES = {
'ENGINE' : 'django.db.backends.postgresql_psycopg2',
'NAME' : 'hyperkitty',
'USER' : '{{ hyperkitty_db_user }}',
'PASSWORD': ''{{ vault_postgres_users.hyperkitty }},
'PASSWORD': '{{ vault_postgres_users.hyperkitty }}',
'HOST' : 'localhost',
'PORT' : '',
}
......
server {
listen 80;
listen [::]:80;
server_name mailman.archlinux.org;
server_name mailman3.archlinux.org;
access_log /var/log/nginx/{{ mailman_domain }}/access.log reduced;
error_log /var/log/nginx/{{ mailman_domain }}/error.log;
......@@ -17,17 +17,21 @@ server {
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mailman.archlinux.org;
server_name mailman3.archlinux.org;
access_log /var/log/nginx/{{ mailman_domain }}/access.log reduced;
error_log /var/log/nginx/{{ mailman_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/mailman.archlinux.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mailman.archlinux.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mailman.archlinux.org/chain.pem;
ssl_certificate /etc/letsencrypt/live/mailman3.archlinux.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mailman3.archlinux.org/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mailman3.archlinux.org/chain.pem;
location / {
access_log off;
return 301 https://{{ mailman_domain }}$request_uri;
charset utf-8;
client_max_body_size 75M;
root /usr/share/webapps/hyperkitty;
location ~^/(accounts|admin|hyperkitty)/(.*)$ {
include /etc/nginx/uwsgi_params;
uwsgi_pass unix:/run/hyperkitty/hyperkitty.sock;
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment