diff --git a/docs/servers.md b/docs/servers.md index 0f61ee62..deb392ef 100644 --- a/docs/servers.md +++ b/docs/servers.md @@ -157,14 +157,6 @@ Prometheus, and Grafana server which receives selected performance/metrics from Online collborative markdwown editor for Arch Linux Staff. -## mailman3.archlinux.org - -This server runs mailman3 as mailman2 and mailman3 can't be installed on the same server. The HTTP and LMTP traffic is routed over WireGuard from lists.archlinux.org. - -### Services - - - mailman3 - ### Services - [hedgedoc](https://hedgedoc.org/) diff --git a/docs/ssh-hostkeys.txt b/docs/ssh-hostkeys.txt index f19b6dc2..e89944a9 100644 --- a/docs/ssh-hostkeys.txt +++ b/docs/ssh-hostkeys.txt @@ -164,15 +164,15 @@ 3072 MD5:50:c8:93:43:05:d5:73:a4:84:b1:07:66:a7:20:a5:79 root@archlinux-packer (RSA) # lists.archlinux.org -1024 SHA256:/o3BhNZ6MdfHXrqDzVxP5OgKcTmo1/e2v80Xb+Q2ypc root@archlinux-packer (DSA) -256 SHA256:Xe+YrG+IfhtQkNft+SB7UsTQCIgbqNnqMl/Pqs6uzBE root@archlinux-packer (ECDSA) -256 SHA256:fAKD+26rDZ74MOMWZI8L3k2c7RzTYd69+iwKp4zhw8c root@archlinux-packer (ED25519) -3072 SHA256:NyspEiVRnuRtL854ErcdybtjoBia+miQkpuToYZEl78 root@archlinux-packer (RSA) +1024 SHA256:U1A+NO+I+JRg0YPo+UgwGfbextnL+pVuqjWGdyokLpI root@archlinux-packer (DSA) +256 SHA256:vdEZ5/6Xxd7Azjzaf5xz5kfzQrWcq1raz5cFAIclooE root@archlinux-packer (ECDSA) +256 SHA256:iCeRz+2HK7heoapDRscHpgbEX4cbem1BZpWzrAoOxTQ root@archlinux-packer (ED25519) +3072 SHA256:sqUYYmrNXzYPL5TtsBsTnaANsZ/P7miyCAIkt0YWfBg root@archlinux-packer (RSA) -1024 MD5:fb:bb:0e:a8:0c:5c:41:5a:b1:d9:61:4d:e5:c3:bf:b1 root@archlinux-packer (DSA) -256 MD5:56:43:80:27:a7:4e:4c:1f:a4:14:dd:d1:eb:37:13:a9 root@archlinux-packer (ECDSA) -256 MD5:3c:91:d8:b0:4b:5c:36:40:79:27:8a:c7:24:d6:26:af root@archlinux-packer (ED25519) -3072 MD5:88:99:f2:47:b1:e3:3c:99:52:67:d5:d5:55:b0:af:2c root@archlinux-packer (RSA) +1024 MD5:8f:94:fe:a9:56:ee:3f:cc:a4:e7:a5:4f:2b:02:e8:c3 root@archlinux-packer (DSA) +256 MD5:ca:3e:2d:aa:8a:4b:71:3a:18:22:59:0f:6e:ff:ae:5d root@archlinux-packer (ECDSA) +256 MD5:a8:d3:f8:42:ff:ae:7d:71:1b:fe:93:4b:f7:df:38:5f root@archlinux-packer (ED25519) +3072 MD5:51:ea:a4:ec:76:87:ee:89:e7:3a:fc:80:ea:fe:2d:9c root@archlinux-packer (RSA) # mail.archlinux.org 1024 SHA256:/d3MC4NoQbPSNgNebFyzNCze4HVHPhITVWy9vWdZUp4 root@archlinux-packer (DSA) @@ -185,17 +185,6 @@ 256 MD5:dd:20:c1:f1:f2:fa:70:86:3a:e2:39:86:b1:01:2f:61 root@archlinux-packer (ED25519) 3072 MD5:b6:14:30:bd:fe:43:46:6a:20:a2:8b:b0:aa:d4:35:19 root@archlinux-packer (RSA) -# mailman3.archlinux.org -1024 SHA256:U1A+NO+I+JRg0YPo+UgwGfbextnL+pVuqjWGdyokLpI root@archlinux-packer (DSA) -256 SHA256:vdEZ5/6Xxd7Azjzaf5xz5kfzQrWcq1raz5cFAIclooE root@archlinux-packer (ECDSA) -256 SHA256:iCeRz+2HK7heoapDRscHpgbEX4cbem1BZpWzrAoOxTQ root@archlinux-packer (ED25519) -3072 SHA256:sqUYYmrNXzYPL5TtsBsTnaANsZ/P7miyCAIkt0YWfBg root@archlinux-packer (RSA) - -1024 MD5:8f:94:fe:a9:56:ee:3f:cc:a4:e7:a5:4f:2b:02:e8:c3 root@archlinux-packer (DSA) -256 MD5:ca:3e:2d:aa:8a:4b:71:3a:18:22:59:0f:6e:ff:ae:5d root@archlinux-packer (ECDSA) -256 MD5:a8:d3:f8:42:ff:ae:7d:71:1b:fe:93:4b:f7:df:38:5f root@archlinux-packer (ED25519) -3072 MD5:51:ea:a4:ec:76:87:ee:89:e7:3a:fc:80:ea:fe:2d:9c root@archlinux-packer (RSA) - # man.archlinux.org 1024 SHA256:11C7Qa1GSNBBspSlber3Sp+LEMRpfr/VWkypfu6OnhA root@archlinux-packer (DSA) 256 SHA256:fL79NVaEiwXGfUhTXWLkue/D1seSADYbui+jwQ2dvW0 root@archlinux-packer (ECDSA) diff --git a/docs/ssh-known_hosts.txt b/docs/ssh-known_hosts.txt index 6570c8db..8275c63e 100644 --- a/docs/ssh-known_hosts.txt +++ b/docs/ssh-known_hosts.txt @@ -86,20 +86,15 @@ homedir.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPxEHvFCXujU6s4eW0U79o homedir.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDuQbGoCSIPisaZeqtJhM369ugQWc8pHE8404AZu0yUgDxMl6AP5BUfdynlR6VGt4edSaEyp9BkT15YaKh5vph/9MUtZ2zbQ7WPRuvfLNG+RI458q4CYdykVMmTs1DEeAxaVMIAL3225pqh7QMcME0edX9f4PLLkQk8+AAAy24rvgwxLE0BnSLB3zp7wCJw5rm2iZAcqsKkIZw2FJKMlRuEovdvgc7A0FfkSc8muvvHET1FK/Uqv5i9R2Xk3NPFkt/bzcwOVBXCeqUrjLmD0UhRWX8J8GMmrEVPVQLBT6mn/OtlXpOiDcr9HkSLS1mqo59N9wyI4tCKjYQZMEWU36PYjXlDzqOGmdAR6Ly8vDo3BC+ByQqLf/ixkoFD/I5inGejPnAv9eXuiP8o0KoPDOALD8gqwqCoPjElE9ZVObp+NJbuQeXRZt70VKxZEWrUKxKxHM3RoYvgd3h/GHaYEGWdbvTMTVK+xnrczL+Eme4Y81zA8KTwY5qbyc5QCHvksKM= # lists.archlinux.org -lists.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKBHMlX50Jr2HiVJ/qDSH3mAjobpbBrGvBRXTKB/xXFBiVXCbJQCQ9HKXQZunLALaIm+jAgpskbXqLQMEpWzST8= -lists.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVKwNsXUXpgNhlwPVlBRNlpvOt0U9deANS/n//nxbe1 -lists.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuKQnkGRdXyu74f92lzJcQMMDjTzVXkne/mLHiMYKQWlboIBIry3FkzyUGDLbNlZOe4PNR43D9FI0/1EjAuVV72HVQ9sidCbJR/azw3+JF8zwU1HDMOhtCNaWYNqk0DHDvHuWhL6N0duFASf+ZTKRB5Rgk3+p0FisKMCep2vJy5kHY0829INk6ORgPxYzCHCZOLEfZX0aydwscTnubKq1t9blWUdqKSm5Xq5+NEJNPKlo6TgdcBihkdAyaGnZ9KWrXycV6j0UaT/VJNuumZ9KlsvI7Xi/TVDWcLcsU/UqeEvnzUi3oRrvkADzIcoFa5/QrSRQJppKAUgjuhOuk+Px38IIvRdrwDxDoChei+qU8S2O24PP7Cu4oYZ/ecGb8wJleEWVVaYrD5JTEugg0iTe2t0LJiP6rTC1faxErZ9wru18nGNWYR2b+b1MfBzppAoikZUoqygKYYLAerHj3B9wFmw2RJG8JFZ95lMukJmDG8kCYz7eq753PYAAmpFZbdZU= +lists.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLYxKdG6ntbOV/YpVbRkJiJfAPt8BTTN/hKm0uebSwpuQbbv5hxXLSOYeA0C/yJBNXXX4EJ82J88oEJQBFxiPvY= +lists.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+GtJoC+QEUyKA/ZneTBXOBs7W3JBAEb1nLDkjzsqa1 +lists.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdPJQIkN6wDk/140HS1WCIKc0Iz7Oq8c98XaLB0i9ksUxkWB4rxia/WP5RRF+g9yAqZvIg0f5W0d85pfuh+1TOccXk8r6GsH+gRIEkdmwu4Mf7iBpkQxl3n70yjNGxgbwGkVG9vREvJ4v3l/NRZrX2/N3RvcPG9TQwjFFOFYTRZNfUPvsppk572yQ8cjf7oUvJmLOwsKagO5WMUoKFAbO35/Mp2H6VbApYtIdpkFOXnaJUVduHInNa18CmKl28ZSTsigLkYb8pboS6RacJYgA5kK0vQsXCguDrA+SI9k1xW4i9FjUWsLlPuLkk9c7Tj39R95gWhxWwQ99ApNDVvZa+skSbMS7h4/d3NosyM2OO9LfqPiHn2xDsuvmpN0ScCwuocwR09EMrj4MQKzo31ITFHuSyxob0Z4yTQrKvJxdNwveXqaRHFNXUvSWtoRkk2cKB5hjsr0QCROBidYu4WG+/LfolzJQfuRqH7dvg5dvmJLrcozfcCpxspdBTIEKLG/c= # mail.archlinux.org mail.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFvJy2P8zOSKt3EocULHN85PVGW1AINk15+GilqUc5a79Zsy0FvWqV16fjxLRN3zIOkBvSKZMvsNadja+quEr9s= mail.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTOoGxsf23f6AjIHcQQuvbTOaeIt48Y0PiBj9qlJi1H mail.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPrURadxte8UJiteGa6+Q+OjTAjhvGAQFkNSXj1pr4k03uxkU6l2v2LuTygk+4SZSCyUsKvNx/ljJeHBnuecQ8rRv19ZFqy/GQKB3oEmiNYMo2dYYlJWwTVBHatmghhB1j2y40yqdKWH2xQuXC3HtnS7fHG0g1Rc4R9KB4MQlcXkwnSEMpwpWBoO7sr0M4YTdwE+nSG9aNfyPbPGp3mX4ATz5X5hPJOlSFVDV6NuKrA+5qyt4jSKdeG5IuWeEnEJesYJEvShYdY9DvMCXnZykB0emzzk+5+Cp2lTPf9LOO3wNsTgHV/CwkoAoMgr9+ASefhBr3nxmmrs9T7nwuobGCGFUqQ2D8IKCmsWGVKXYERViz3x/gYUIlHgVJpoIXCFFqbdpWwxKR1aDMug2fFe699/FzuPdqrWPFdQMF2mPQ0w3AH/62KGp+PULE2HxrlCiY/gF2m8iJLgunxVKmi/c0ufgK9QilnKcPO+W4tcISa5MYt7MSTTLV9eVsgVjGhOU= -# mailman3.archlinux.org -mailman3.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLYxKdG6ntbOV/YpVbRkJiJfAPt8BTTN/hKm0uebSwpuQbbv5hxXLSOYeA0C/yJBNXXX4EJ82J88oEJQBFxiPvY= -mailman3.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+GtJoC+QEUyKA/ZneTBXOBs7W3JBAEb1nLDkjzsqa1 -mailman3.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdPJQIkN6wDk/140HS1WCIKc0Iz7Oq8c98XaLB0i9ksUxkWB4rxia/WP5RRF+g9yAqZvIg0f5W0d85pfuh+1TOccXk8r6GsH+gRIEkdmwu4Mf7iBpkQxl3n70yjNGxgbwGkVG9vREvJ4v3l/NRZrX2/N3RvcPG9TQwjFFOFYTRZNfUPvsppk572yQ8cjf7oUvJmLOwsKagO5WMUoKFAbO35/Mp2H6VbApYtIdpkFOXnaJUVduHInNa18CmKl28ZSTsigLkYb8pboS6RacJYgA5kK0vQsXCguDrA+SI9k1xW4i9FjUWsLlPuLkk9c7Tj39R95gWhxWwQ99ApNDVvZa+skSbMS7h4/d3NosyM2OO9LfqPiHn2xDsuvmpN0ScCwuocwR09EMrj4MQKzo31ITFHuSyxob0Z4yTQrKvJxdNwveXqaRHFNXUvSWtoRkk2cKB5hjsr0QCROBidYu4WG+/LfolzJQfuRqH7dvg5dvmJLrcozfcCpxspdBTIEKLG/c= - # man.archlinux.org man.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPhnsStoFw6rbVpE1S1vsXNk8de1SyMag1C+v0DWVSuNYzTylYg4322WbYzw45z2XhxrF6XmCSDMvgxvFwnfLQA= man.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzjkN+igIxSIv5N9+ANNoo6knPa51Tj5TAXs4EQ8lY2 diff --git a/group_vars/all/root_access.yml b/group_vars/all/root_access.yml index a5f9ba67..1f6a54b7 100644 --- a/group_vars/all/root_access.yml +++ b/group_vars/all/root_access.yml @@ -26,7 +26,6 @@ root_ssh_keys: - dashboards.archlinux.org - gitlab.archlinux.org - lists.archlinux.org - - mailman3.archlinux.org - monitoring.archlinux.org # - run 'playbooks/tasks/reencrypt-vault-{super,default}-key.yml' when this diff --git a/group_vars/all/vault_mailman.yml b/group_vars/all/vault_mailman.yml index 06f7aef2..03690e65 100644 --- a/group_vars/all/vault_mailman.yml +++ b/group_vars/all/vault_mailman.yml @@ -1,9 +1,26 @@ $ANSIBLE_VAULT;1.1;AES256 -38306134633332383131393237386134643236316136333335313130663639373434643434303734 -6530323361333765393633616338333830346634363835350a363933363736393935333833313461 -66336437366666316366326566313837653934333732336532393264343663643861633639636566 -3330353837636631320a303533653661623866383230353563366166653232316635353631613836 -39306531623538656335643031623361633465366138356263663630386362626630336262303865 -31306465323730316633316534333663313565336634346164363331353962366239663035366139 -33636139666262663962396236396337666336663835633865373966386534393064323333326164 -35643530656134643565 +63633533303232373335663630346139613137616132393738383265663337636565663935386365 +3262636536383962333438653033323061306433323232610a623836643732616163383364316639 +37626134643334383432346465343734353566663261643334396563336132666133666431313563 +6365643566626635360a616139393131346566666266653737303562663664656231643836373038 +37316436643133333261313963356435353938393032313935353939613962303733623934313965 +64356635626561376130336134656436386638306538373635313638393932313337316636343533 +32666138613765326332373335366634313530656162383162633861666365333230303132346263 +63613031643230356361383638386230613231626135663763373630666362623536663165356335 +33333033376332653130626262633563336238383931393636346339333963326330373431363931 +61383733626363316539653638373562616335366363306365353166666335383037633830636263 +37313663636139666131623435383833313434396665663162623934646330626362346237363331 +65323537383536333763646431623061646337613761363861373261343638653235333038663239 +34636662663763363832643061313035316437633965346332363432653562613865623261613235 +61303239626136303736356533373739343566313464343931383962633232313263383230336438 +32653534623739616436346539616336373562376632303833323230643465666262303263383334 +64623362363863393866666461396237613934656239653262316438633338313036303436313236 +61623562376139616539646231376438636234656363666639646465663035326161346435396439 +63613839396163616135313537626535393039623866646431333239383263313931386131303464 +36353837303662343530663561363036633864346131343731643535386462316663353233636638 +36323134643230376239326637656537633337323333616630313531653239366263386238363333 +32336538613635613964366562383165616433363738623638393364363233636262643131653532 +62326363356333333563383139323366363462613031303566376365643439373163613166333339 +38353266616463396139336663353536336631666565656630396431363439333034653336316234 +61663232383136353937336431353131323933613462666233663464656166356161613039316436 +3136 diff --git a/group_vars/all/vault_mailman3.yml b/group_vars/all/vault_mailman3.yml deleted file mode 100644 index 03690e65..00000000 --- a/group_vars/all/vault_mailman3.yml +++ /dev/null @@ -1,26 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -63633533303232373335663630346139613137616132393738383265663337636565663935386365 -3262636536383962333438653033323061306433323232610a623836643732616163383364316639 -37626134643334383432346465343734353566663261643334396563336132666133666431313563 -6365643566626635360a616139393131346566666266653737303562663664656231643836373038 -37316436643133333261313963356435353938393032313935353939613962303733623934313965 -64356635626561376130336134656436386638306538373635313638393932313337316636343533 -32666138613765326332373335366634313530656162383162633861666365333230303132346263 -63613031643230356361383638386230613231626135663763373630666362623536663165356335 -33333033376332653130626262633563336238383931393636346339333963326330373431363931 -61383733626363316539653638373562616335366363306365353166666335383037633830636263 -37313663636139666131623435383833313434396665663162623934646330626362346237363331 -65323537383536333763646431623061646337613761363861373261343638653235333038663239 -34636662663763363832643061313035316437633965346332363432653562613865623261613235 -61303239626136303736356533373739343566313464343931383962633232313263383230336438 -32653534623739616436346539616336373562376632303833323230643465666262303263383334 -64623362363863393866666461396237613934656239653262316438633338313036303436313236 -61623562376139616539646231376438636234656363666639646465663035326161346435396439 -63613839396163616135313537626535393039623866646431333239383263313931386131303464 -36353837303662343530663561363036633864346131343731643535386462316663353233636638 -36323134643230376239326637656537633337323333616630313531653239366263386238363333 -32336538613635613964366562383165616433363738623638393364363233636262643131653532 -62326363356333333563383139323366363462613031303566376365643439373163613166333339 -38353266616463396139336663353536336631666565656630396431363439333034653336316234 -61663232383136353937336431353131323933613462666233663464656166356161613039316436 -3136 diff --git a/host_vars/mailman3.archlinux.org/misc b/host_vars/mailman3.archlinux.org/misc deleted file mode 100644 index 01d1a3f5..00000000 --- a/host_vars/mailman3.archlinux.org/misc +++ /dev/null @@ -1,4 +0,0 @@ -filesystem: btrfs -ipv4_address: 65.21.106.94 -wireguard_address: 10.0.0.37 -wireguard_public_key: obBFreFGNDLB17+PaJspE4qNeVX4o7ZPcJj3ZmJhahg= diff --git a/host_vars/mailman3.archlinux.org/vault_wireguard.yml b/host_vars/mailman3.archlinux.org/vault_wireguard.yml deleted file mode 100644 index e8e3b3fc..00000000 --- a/host_vars/mailman3.archlinux.org/vault_wireguard.yml +++ /dev/null @@ -1,9 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -32363065633737653663623334663139323638366462343630623765396636353932653932356261 -6239356162633731656330383436363861376231616462390a356432316532333632653839333230 -63636434373462643231323532633362363434646230323636333264393032373632343932616361 -6536383038313134300a363139313337646533626334333666326535623039323332666338306532 -33643430313864663833343765623138393165386564343636306363626232666436353665353235 -34623064363764336139633334663530376332633536383033313438613035303662333435313536 -34366663643130633064646161613065373532653235373730316439643165383635353761396639 -61656462333035666437 diff --git a/hosts b/hosts index 4c4d84ab..3cf03bfc 100644 --- a/hosts +++ b/hosts @@ -51,7 +51,6 @@ security.archlinux.org md.archlinux.org lists.archlinux.org gluebuddy.archlinux.org -mailman3.archlinux.org [public_html] homedir.archlinux.org @@ -138,7 +137,6 @@ gluebuddy.archlinux.org homedir.archlinux.org lists.archlinux.org mail.archlinux.org -mailman3.archlinux.org man.archlinux.org matrix.archlinux.org md.archlinux.org diff --git a/playbooks/lists.archlinux.org.yml b/playbooks/lists.archlinux.org.yml index 0629ec0b..6669dd30 100644 --- a/playbooks/lists.archlinux.org.yml +++ b/playbooks/lists.archlinux.org.yml @@ -8,7 +8,7 @@ - { role: sshd } - { role: root_ssh } - { role: hardening } - - { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" } + - { role: borg_client, tags: ["borg"] } - { role: prometheus_exporters } - { role: promtail } - { role: certbot } @@ -17,4 +17,5 @@ - { role: rspamd, rspamd_dkim_domain: lists.archlinux.org, rspamd_dkim_use_esld: false, tags: ["mail"] } - { role: unbound, unbound_port: 5353, tags: ["mail"] } - { role: uwsgi } + - { role: postgres } - { role: mailman } diff --git a/playbooks/mailman3.archlinux.org.yml b/playbooks/mailman3.archlinux.org.yml deleted file mode 100644 index 171eb42d..00000000 --- a/playbooks/mailman3.archlinux.org.yml +++ /dev/null @@ -1,17 +0,0 @@ -- name: Setup mailman3 server - hosts: mailman3.archlinux.org - remote_user: root - roles: - - { role: common } - - { role: firewalld } - - { role: wireguard } - - { role: sshd } - - { role: root_ssh } - - { role: hardening } - - { role: borg_client, tags: ["borg"] } - - { role: prometheus_exporters } - - { role: promtail } - - { role: nginx, nginx_firewall_zone: wireguard } - - { role: uwsgi } - - { role: postgres } - - { role: mailman3 } diff --git a/roles/mailman/defaults/main.yml b/roles/mailman/defaults/main.yml index b2d2b3fd..7ac12333 100644 --- a/roles/mailman/defaults/main.yml +++ b/roles/mailman/defaults/main.yml @@ -1 +1,135 @@ lists_domain: lists.archlinux.org +lists: + arch-announce: + allow_list_posts: false + bounce_info_stale_after: 60d + default_member_action: reject + default_nonmember_action: reject + description: This mailing list is for official announcements for the Arch Linux distribution. + display_name: Arch-announce + moderator_password: "{{ vault_archweb_mailman_password }}" + arch-commits: + allow_list_posts: false + accept_these_nonmembers: + - ^.+@(.+\.)?archlinux\.org + archive_policy: never + default_member_action: reject + default_nonmember_action: reject + description: Arch Linux packaging commits + display_name: Arch-commits + info: This list contains all commits to the package repositories, including diffs for newest changes. + max_message_size: 200 + arch-dev: + advertised: false + archive_policy: private + description: Development Discussion for Arch Linux + display_name: Arch-dev + info: This list is for development discussion about Arch Linux. This list is closed to the general public and only used by internal Arch Linux developers. + subscription_policy: confirm_then_moderate + arch-devops: + display_name: Arch-devops + description: Arch Linux Infrastructure development discussion + arch-devops-private: + advertised: false + archive_policy: private + description: List for internal discussion of the devops team + display_name: Arch-devops-private + subscription_policy: confirm_then_moderate + arch-dev-public: + default_member_action: hold + description: Public mailing list for Arch Linux development + display_name: Arch-dev-public + arch-events: + description: Arch Linux Events + display_name: Arch-events + arch-general: + description: General Discussion about Arch Linux + display_name: Arch-general + info: | + This mailing list hosts general discusson about the Arch Linux distribution. Questions, problems, and new development ideas can be posted here. + + You must be subscribed to the list in order to post to it. + arch-mirrors-announce: + description: List for mirror admins to send announcements (like downtime notifications) to our users + display_name: Arch-mirrors-announce + info: | + This list is intended for admins of Arch Linux mirrors that want to notify our users about downtime of their mirror. + + This list also accepts mails from non-subscribers. + arch-mirrors: + description: Arch Linux Mirroring Discussion and Announcements + display_name: Arch-mirrors + info: This list is intended for admins of Arch Linux mirrors. Discussion and announcements regarding mirroring will use this list. + arch-multilib: + description: Arch Linux Multilib (32bit libs on 64bit OSes) + display_name: Arch-multilib + arch-ports: + description: Discussion regarding the porting of Arch Linux to non-x86_64 architectures + display_name: Arch-ports + info: This list is primarily used to talk about porting Arch Linux to non-x86_64 platforms, such as PPC, ARM, i586, i686, etc. + arch-proaudio: + description: Discussion about real-time multimedia, including (semi-)pro audio and video + display_name: Arch-proaudio + arch-projects: + description: Arch Linux projects development discussion + display_name: Arch-projects + info: | + Announcements, development discussion, patches and pull requests for the Arch Linux projects: + + Please begin the email subject with the name of a project in square brackets (e.g. [devtools]). If no project matches, use [projects]. + + Note: No user discussion! + arch-releng: + description: Arch Linux Release Engineering + display_name: Arch-releng + arch-security: + description: Announcements about security issues in Arch Linux and its packages + display_name: Arch-security + info: Discussion about announcements should happen on arch-general. + arch-tu: + advertised: false + archive_policy: private + description: Trusted Users Discussion for Arch Linux + display_name: Arch-tu + info: This list is for trusted users discussion about Arch Linux. This list is closed to the general public and only used by internal Arch Linux trusted users. + subscription_policy: confirm_then_moderate + arch-wiki-admins: + advertised: false + archive_policy: private + default_nonmember_action: defer + display_name: Arch-wiki-admins + subscription_policy: confirm_then_moderate + arch-women: + description: Mailing list for the Arch Women project + display_name: Arch-women + info: | + Arch Women is an all inclusive organization of Arch Linux enthusiasts with a focus on helping more women become involved in the Arch Linux community and FOSS. + + Mailing list graciously hosted by the Arch Linux™ project. + aur-dev: + description: Arch User Repository (AUR) Development + display_name: Aur-dev + info: This list is intended for discussion of AUR and community based code and development. + aur-general: + description: Discussion about the Arch User Repository (AUR) + display_name: Aur-general + info: This list is for Trusted Users, Arch Linux developers, and the general public to discuss issues surrounding the Trusted User structure and the Arch User Repository (AUR). + aur-requests: + accept_these_nonmembers: + - notify@aur.archlinux.org + description: Public mailing list for AUR package deletion/merge/orphan requests + display_name: Aur-requests + pacman-contrib: + description: Discussion list for pacman-contrib development + display_name: Pacman-contrib + info: This list is used by pacman-contrib developers to coordinate, share patches, etc. + pacman-dev: + description: Discussion list for pacman development + display_name: Pacman-dev + info: This list is used by pacman developers and contributors to coordinate, fix problems, share patches, etc. + staff: + advertised: false + archive_policy: private + description: Internal list that includes all Arch Linux staff members (devs, TUs, support staff) + display_name: Staff + subscription_policy: confirm_then_moderate diff --git a/roles/mailman3/files/list_base_configuration.json b/roles/mailman/files/list_base_configuration.json similarity index 100% rename from roles/mailman3/files/list_base_configuration.json rename to roles/mailman/files/list_base_configuration.json diff --git a/roles/mailman/files/mailman.ini b/roles/mailman/files/mailman.ini deleted file mode 100644 index fe6d040f..00000000 --- a/roles/mailman/files/mailman.ini +++ /dev/null @@ -1,10 +0,0 @@ -[uwsgi] -plugins = cgi -socket = /run/uwsgi/%n.sock -chmod-socket = 770 -threads = 2 - -cgi = /=/usr/lib/mailman/cgi-bin/ -cgi-index = listinfo -uid = mailman -gid = http diff --git a/roles/mailman/files/migrated-lists.map b/roles/mailman/files/migrated-lists.map deleted file mode 100644 index 5e9c72c0..00000000 --- a/roles/mailman/files/migrated-lists.map +++ /dev/null @@ -1,25 +0,0 @@ -/listinfo/arch-announce /mailman3/lists/arch-announce@lists.archlinux.org/; -/listinfo/arch-commits /mailman3/lists/arch-commits@lists.archlinux.org/; -/listinfo/arch-dev /mailman3/lists/arch-dev@lists.archlinux.org/; -/listinfo/arch-dev-public /mailman3/lists/arch-dev-public@lists.archlinux.org/; -/listinfo/arch-devops /mailman3/lists/arch-devops@lists.archlinux.org/; -/listinfo/arch-devops-private /mailman3/lists/arch-devops-private@lists.archlinux.org/; -/listinfo/arch-events /mailman3/lists/arch-events@lists.archlinux.org/; -/listinfo/arch-general /mailman3/lists/arch-general@lists.archlinux.org/; -/listinfo/arch-mirrors /mailman3/lists/arch-mirrors@lists.archlinux.org/; -/listinfo/arch-mirrors-announce /mailman3/lists/arch-mirrors-announce@lists.archlinux.org/; -/listinfo/arch-multilib /mailman3/lists/arch-multilib@lists.archlinux.org/; -/listinfo/arch-ports /mailman3/lists/arch-ports@lists.archlinux.org/; -/listinfo/arch-proaudio /mailman3/lists/arch-proaudio@lists.archlinux.org/; -/listinfo/arch-projects /mailman3/lists/arch-projects@lists.archlinux.org/; -/listinfo/arch-releng /mailman3/lists/arch-releng@lists.archlinux.org/; -/listinfo/arch-security /mailman3/lists/arch-security@lists.archlinux.org/; -/listinfo/arch-tu /mailman3/lists/arch-tu@lists.archlinux.org/; -/listinfo/arch-wiki-admins /mailman3/lists/arch-wiki-admins@lists.archlinux.org/; -/listinfo/arch-women /mailman3/lists/arch-women@lists.archlinux.org/; -/listinfo/aur-dev /mailman3/lists/aur-dev@lists.archlinux.org/; -/listinfo/aur-general /mailman3/lists/aur-general@lists.archlinux.org/; -/listinfo/aur-requests /mailman3/lists/aur-requests@lists.archlinux.org/; -/listinfo/pacman-contrib /mailman3/lists/pacman-contrib@lists.archlinux.org/; -/listinfo/pacman-dev /mailman3/lists/pacman-dev@lists.archlinux.org/; -/listinfo/staff /mailman3/lists/staff@lists.archlinux.org/; diff --git a/roles/mailman/files/override.conf b/roles/mailman/files/override.conf deleted file mode 100644 index 8a764e34..00000000 --- a/roles/mailman/files/override.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Service] -Restart=always diff --git a/roles/mailman/handlers/main.yml b/roles/mailman/handlers/main.yml index 61ce4bee..2f46b762 100644 --- a/roles/mailman/handlers/main.yml +++ b/roles/mailman/handlers/main.yml @@ -1,8 +1,8 @@ -- name: Restart mailman - service: name=mailman daemon_reload=yes state=restarted - - name: Reload mailman - service: name=mailman state=reloaded + service: name=mailman3 state=reloaded + +- name: Restart mailman-web + service: name=uwsgi@mailman\\x2dweb.service state=restarted - name: Reload postfix service: name=postfix state=reloaded @@ -11,4 +11,3 @@ command: postmap /etc/postfix/{{ item }} loop: - aliases - - transport diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml index 450bfd81..22419224 100644 --- a/roles/mailman/tasks/main.yml +++ b/roles/mailman/tasks/main.yml @@ -4,12 +4,19 @@ vars: domains: ["{{ lists_domain }}"] -- name: Install mailman, uwsgi-plugin-cgi and postfx - pacman: name=mailman,uwsgi-plugin-cgi,postfix,postfix-pcre state=present +- name: Install mailman3 and related packages + pacman: name=mailman3,mailman3-hyperkitty,python-psycopg2,mailman-web,python-xapian-haystack,uwsgi-plugin-python,postfix,postfix-pcre state=present + register: install -- name: Install mailman configuration - template: src=mm_cfg.py.j2 dest=/etc/mailman/mm_cfg.py follow=yes owner=root group=root mode=0644 - notify: Reload mailman +- name: Install {mailman,mailman-web} configuration + template: src={{ item.src }} dest={{ item.dest }} owner=root group={{ item.group }} mode=0640 + loop: + - {src: mailman.cfg.j2, dest: /etc/mailman.cfg, group: mailman} + - {src: mailman-hyperkitty.cfg.j2, dest: /etc/mailman-hyperkitty.cfg, group: mailman} + - {src: settings.py.j2, dest: /etc/webapps/mailman-web/settings.py, group: mailman-web} + notify: + - Reload mailman + - Restart mailman-web - name: Install postfix configuration template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0644 @@ -22,59 +29,66 @@ - milter_header_checks notify: Run postmap -- name: Install postfix templated maps - template: src={{ item }}.j2 dest=/etc/postfix/{{ item }} owner=root group=root mode=0644 - loop: - - transport - notify: Run postmap - - name: Open firewall holes for postfix - ansible.posix.firewalld: service=smtp zone={{ item }} permanent=true state=enabled immediate=yes - loop: - - - - wireguard - when: configure_firewall + ansible.posix.firewalld: service=smtp permanent=true state=enabled immediate=yes tags: - firewall -- name: Create mailman list - command: /usr/lib/mailman/bin/newlist -a mailman root@{{ lists_domain }} meG0n5Wq6dEWCA6s - args: - creates: /var/lib/mailman/lists/mailman - -- name: Configure mailman uwsgi service - copy: src=mailman.ini dest=/etc/uwsgi/vassals/ owner=mailman group=http mode=0644 - - name: Make nginx log dir file: path=/var/log/nginx/{{ lists_domain }} state=directory owner=root group=root mode=0755 -- name: Install nginx mailman2->mailman3 redirect map - copy: src=migrated-lists.map dest=/etc/nginx/maps/ owner=root group=root mode=0644 - notify: Reload nginx - - name: Set up nginx template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/mailman.conf" owner=root group=root mode=644 notify: Reload nginx - tags: ['nginx'] + +- name: Create postgres {mailman,mailman-web} user + postgresql_user: name={{ item.username }} password={{ item.password }} + loop: + - {username: "{{ vault_mailman_db_user }}", password: "{{ vault_mailman_db_password }}"} + - {username: "{{ vault_mailman_web_db_user }}", password: "{{ vault_mailman_web_db_password }}"} + become: true + become_user: postgres + become_method: su + no_log: true + +- name: Create {mailman,mailman-web} db + postgresql_db: name={{ item.db }} owner={{ item.owner }} + loop: + - {db: mailman, owner: "{{ vault_mailman_db_user }}"} + - {db: mailman-web, owner: "{{ vault_mailman_web_db_user }}"} + become: true + become_user: postgres + become_method: su + +- name: Run Django management tasks + command: django-admin {{ item }} --pythonpath /etc/webapps/mailman-web --settings settings + loop: + - migrate + - loaddata + - collectstatic + - compress + become: true + become_user: mailman-web + when: false - name: Start and enable postfix systemd: name=postfix.service enabled=yes daemon_reload=yes state=started -- name: Create drop-in directory for mailman.service - file: path=/etc/systemd/system/mailman.service.d state=directory owner=root group=root mode=0755 - -- name: Install drop-in for mailman.service - copy: src=override.conf dest=/etc/systemd/system/mailman.service.d/ owner=root group=root mode=0644 - notify: Restart mailman - - name: Start and enable mailman{.service,-*.timer} systemd: name={{ item }} enabled=yes daemon_reload=yes state=started loop: - - mailman.service - - mailman-senddigests.timer - - mailman-nightlygzip.timer - - mailman-mailpasswds.timer - - mailman-gatenews.timer - - mailman-disabled.timer - - mailman-cullbadshunt.timer - - mailman-checkdbs.timer + - mailman3.service + - mailman3-digests.timer + - mailman3-notify.timer + - uwsgi@mailman\x2dweb.service + +- name: Update list configurations + uri: + url: http://localhost:8001/3.1/lists/{{ item }}.lists.archlinux.org/config + user: "{{ vault_mailman_admin_user }}" + password: "{{ vault_mailman_admin_pass }}" + method: PUT + body_format: json + status_code: 204 + body: "{{ lookup('file', 'list_base_configuration.json') | from_json | combine(lists[item]) | to_json }}" + loop: "{{ lists.keys() }}" diff --git a/roles/mailman3/templates/mailman-hyperkitty.cfg.j2 b/roles/mailman/templates/mailman-hyperkitty.cfg.j2 similarity index 95% rename from roles/mailman3/templates/mailman-hyperkitty.cfg.j2 rename to roles/mailman/templates/mailman-hyperkitty.cfg.j2 index d85fc57f..a2ab2a8a 100644 --- a/roles/mailman3/templates/mailman-hyperkitty.cfg.j2 +++ b/roles/mailman/templates/mailman-hyperkitty.cfg.j2 @@ -15,7 +15,7 @@ # better if it is not. # However, if your Mailman installation is accessed via HTTPS, the URL needs # to match your SSL certificate (e.g. https://lists.example.com/hyperkitty). -base_url: http://localhost/archives/ +base_url: http://localhost:8000/archives/ # Shared API key, must be the identical to the value in HyperKitty's # settings. diff --git a/roles/mailman3/templates/mailman.cfg.j2 b/roles/mailman/templates/mailman.cfg.j2 similarity index 66% rename from roles/mailman3/templates/mailman.cfg.j2 rename to roles/mailman/templates/mailman.cfg.j2 index 82b4c47e..2eca990e 100644 --- a/roles/mailman3/templates/mailman.cfg.j2 +++ b/roles/mailman/templates/mailman.cfg.j2 @@ -10,13 +10,6 @@ url: postgres://{{ vault_mailman_db_user }}:{{ vault_mailman_db_password }}@/mai admin_user: {{ vault_mailman_admin_user }} admin_pass: {{ vault_mailman_admin_pass }} -[mta] -configuration: /etc/postfix.cfg -lmtp_host: {{ hostvars['mailman3.archlinux.org']['wireguard_address'] }} -lmtp_port: 8024 -smtp_host: {{ hostvars['lists.archlinux.org']['wireguard_address'] }} -smtp_port: 25 - [archiver.hyperkitty] class: mailman_hyperkitty.Archiver enable: yes diff --git a/roles/mailman/templates/main.cf.j2 b/roles/mailman/templates/main.cf.j2 index 5d29e60b..c6f6c4fe 100644 --- a/roles/mailman/templates/main.cf.j2 +++ b/roles/mailman/templates/main.cf.j2 @@ -22,7 +22,6 @@ mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64 - {{ hostvars['mailman3.archlinux.org']['wireguard_address'] }} # fatal: configuration error: mailbox_size_limit is smaller than message_size_limit message_size_limit = 104857600 @@ -46,10 +45,10 @@ smtpd_reject_footer = For assistance contact . Please smtpd_milters = inet:localhost:11332 non_smtpd_milters = $smtpd_milters -alias_maps = hash:/etc/postfix/aliases hash:/var/lib/mailman/data/aliases -local_recipient_maps = hash:/etc/postfix/transport $alias_maps +alias_maps = hash:/etc/postfix/aliases +local_recipient_maps = hash:/var/lib/mailman/data/postfix_lmtp $alias_maps alias_database = $alias_maps -transport_maps = hash:/etc/postfix/transport +transport_maps = hash:/var/lib/mailman/data/postfix_lmtp milter_header_checks = pcre:/etc/postfix/milter_header_checks diff --git a/roles/mailman/templates/mm_cfg.py.j2 b/roles/mailman/templates/mm_cfg.py.j2 deleted file mode 100644 index abe99fe3..00000000 --- a/roles/mailman/templates/mm_cfg.py.j2 +++ /dev/null @@ -1,79 +0,0 @@ -# -*- python -*- - -# Copyright (C) 1998-2018 by the Free Software Foundation, Inc. -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - -"""This module contains your site-specific settings. - -From a brand new distribution it should be copied to mm_cfg.py. If you -already have an mm_cfg.py, be careful to add in only the new settings you -want. Mailman's installation procedure will never overwrite your mm_cfg.py -file. - -The complete set of distributed defaults, with documentation, are in the file -Defaults.py. In mm_cfg.py, override only those you want to change, after the - - from Defaults import * - -line (see below). - -Note that these are just default settings; many can be overridden via the -administrator and user interfaces on a per-list or per-user basis. - -Also note that many of these settings will not be effective until Mailman -is restarted. Thus, you should always restart Mailman after changing this -file. - -Further, settings which relate to a list's host_name and web_page_url only -affect lists created after the change. For existing lists, see the FAQ at -. - -""" - -############################################### -# Here's where we get the distributed defaults. - -from Defaults import * - -################################################## -# Put YOUR site-specific settings below this line. - -# Please see: http://wiki.list.org/x/mIA9 if you change this -DEFAULT_URL_HOST = '{{ lists_domain }}' -DEFAULT_EMAIL_HOST = '{{ lists_domain }}' -MTA = 'Postfix' - -VIRTUAL_HOSTS.clear() -add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST) - -POSTFIX_STYLE_VIRTUAL_DOMAINS = ['{{ lists_domain }}'] - -DEFAULT_URL_PATTERN = 'https://%s/' -PUBLIC_ARCHIVE_URL = 'https://%(hostname)s/pipermail/%(listname)s' - -# bot protection -SUBSCRIBE_FORM_SECRET = '{{ vault_mailman_subscribe_form_secret }}' - -VIRTUAL_HOST_OVERVIEW = Off - -DEFAULT_SEND_REMINDERS = 0 - -PUBLIC_MBOX = Yes - -DEFAULT_MSG_HEADER = "" -DEFAULT_MSG_FOOTER = "" -#DEFAULT_DMARC_MODERATION_ACTION = 1 -REMOVE_DKIM_HEADERS = 1 diff --git a/roles/mailman/templates/nginx.d.conf.j2 b/roles/mailman/templates/nginx.d.conf.j2 index 5fc39fba..8c602b82 100644 --- a/roles/mailman/templates/nginx.d.conf.j2 +++ b/roles/mailman/templates/nginx.d.conf.j2 @@ -1,3 +1,17 @@ +# This is for POSTORIUS_TEMPLATE_BASE_URL and mailman_hyperkitty.Archiver's base_url. +server { + listen 8000; + listen [::]:8000; + server_name localhost; + + access_log off; + + location / { + include /etc/nginx/uwsgi_params; + uwsgi_pass unix:/run/mailman-web/mailman-web.sock; + } +} + server { listen 80; listen [::]:80; @@ -15,10 +29,6 @@ server { } } -map $uri $migrated_uri { - include maps/migrated-lists.map; -} - server { listen 443 ssl http2; listen [::]:443 ssl http2; @@ -32,41 +42,16 @@ server { ssl_certificate_key /etc/letsencrypt/live/{{ lists_domain }}/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ lists_domain }}/chain.pem; - if ($migrated_uri) { - return 302 $migrated_uri; + location /static/ { + alias /var/lib/mailman-web/static/; } - location = / { - return 302 /mailman3/lists/; - } - - # redirect old urls - location /mailman/ { - rewrite ^/mailman/(.*) /$1 permanent; - } - - location /icons/ { - alias /usr/lib/mailman/icons/; - } - - location ~ ^/pipermail(?:/(.*))?$ { - alias /var/lib/mailman/archives/public/$1; - add_header Cache-Control "public, no-cache"; - autoindex on; + location /pipermail/ { + alias /var/lib/mailman2/archives/public/; } location / { - root /usr/lib/mailman/cgi-bin/; - index listinfo; - include uwsgi_params; - uwsgi_modifier1 9; - uwsgi_pass unix:/run/uwsgi/mailman.sock; - } - - location ~ ^/(static|mailman3|archives|user-profile|accounts|admin3)($|/) { - proxy_pass http://{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}; - proxy_set_header Host {{ lists_domain }}; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Proto $scheme; + include /etc/nginx/uwsgi_params; + uwsgi_pass unix:/run/mailman-web/mailman-web.sock; } } diff --git a/roles/mailman3/templates/settings.py.j2 b/roles/mailman/templates/settings.py.j2 similarity index 93% rename from roles/mailman3/templates/settings.py.j2 rename to roles/mailman/templates/settings.py.j2 index 63acbdfb..3f85967e 100644 --- a/roles/mailman3/templates/settings.py.j2 +++ b/roles/mailman/templates/settings.py.j2 @@ -38,14 +38,14 @@ MAILMAN_ARCHIVER_KEY = '{{ vault_mailman_archiver_key }}' #: https://docs.djangoproject.com/en/3.2/topics/email/#smtp-backend EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' -EMAIL_HOST = '{{ hostvars['lists.archlinux.org']['wireguard_address'] }}' +EMAIL_HOST = '127.0.0.1' EMAIL_PORT = 25 #: Sender in Emails sent out by Postorius. DEFAULT_FROM_EMAIL = 'postorius@{{ lists_domain }}' SERVER_EMAIL = 'root@{{ lists_domain }}' -POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost' +POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost:8000' HYPERKITTY_ALLOW_WEB_POSTING = False HYPERKITTY_ENABLE_GRAVATAR = False diff --git a/roles/mailman/templates/transport.j2 b/roles/mailman/templates/transport.j2 deleted file mode 100644 index 6918dfca..00000000 --- a/roles/mailman/templates/transport.j2 +++ /dev/null @@ -1,257 +0,0 @@ -# AUTOMATICALLY GENERATED BY MAILMAN ON 2022-09-15 21:34:14 -# -# This file is generated by Mailman, and is kept in sync with the binary hash -# file. YOU SHOULD NOT MANUALLY EDIT THIS FILE unless you know what you're -# doing, and can keep the two files properly in sync. If you screw it up, -# you're on your own. - -# Aliases which are visible only in the @lists.archlinux.org domain. -arch-announce@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-announce-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-announce-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-announce-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-announce-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-announce-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-announce-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-announce-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-announce-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-commits@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-commits-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-commits-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-commits-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-commits-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-commits-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-commits-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-commits-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-commits-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-dev@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-dev-public@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-public-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-public-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-public-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-public-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-public-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-public-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-public-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-dev-public-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-devops@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-devops-private@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-private-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-private-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-private-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-private-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-private-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-private-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-private-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-devops-private-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-events@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-events-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-events-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-events-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-events-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-events-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-events-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-events-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-events-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-general@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-general-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-general-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-general-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-general-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-general-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-general-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-general-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-general-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-mirrors@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-mirrors-announce@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-announce-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-announce-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-announce-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-announce-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-announce-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-announce-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-announce-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-mirrors-announce-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-multilib@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-multilib-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-multilib-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-multilib-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-multilib-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-multilib-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-multilib-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-multilib-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-multilib-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-ports@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-ports-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-ports-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-ports-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-ports-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-ports-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-ports-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-ports-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-ports-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-proaudio@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-proaudio-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-proaudio-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-proaudio-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-proaudio-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-proaudio-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-proaudio-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-proaudio-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-proaudio-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-projects@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-projects-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-projects-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-projects-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-projects-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-projects-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-projects-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-projects-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-projects-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-releng@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-releng-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-releng-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-releng-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-releng-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-releng-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-releng-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-releng-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-releng-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-security@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-security-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-security-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-security-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-security-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-security-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-security-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-security-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-security-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-tu@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-tu-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-tu-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-tu-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-tu-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-tu-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-tu-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-tu-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-tu-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-wiki-admins@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-wiki-admins-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-wiki-admins-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-wiki-admins-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-wiki-admins-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-wiki-admins-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-wiki-admins-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-wiki-admins-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-wiki-admins-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -arch-women@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-women-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-women-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-women-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-women-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-women-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-women-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-women-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -arch-women-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -aur-dev@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-dev-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-dev-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-dev-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-dev-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-dev-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-dev-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-dev-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-dev-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -aur-general@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-general-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-general-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-general-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-general-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-general-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-general-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-general-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-general-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -aur-requests@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-requests-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-requests-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-requests-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-requests-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-requests-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-requests-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-requests-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -aur-requests-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -pacman-contrib@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-contrib-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-contrib-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-contrib-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-contrib-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-contrib-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-contrib-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-contrib-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-contrib-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -pacman-dev@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-dev-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-dev-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-dev-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-dev-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-dev-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-dev-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-dev-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -pacman-dev-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 - -staff@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -staff-bounces@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -staff-confirm@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -staff-join@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -staff-leave@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -staff-owner@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -staff-request@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -staff-subscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 -staff-unsubscribe@lists.archlinux.org lmtp:[{{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}]:8024 diff --git a/roles/mailman3/defaults/main.yml b/roles/mailman3/defaults/main.yml deleted file mode 100644 index 7ac12333..00000000 --- a/roles/mailman3/defaults/main.yml +++ /dev/null @@ -1,135 +0,0 @@ -lists_domain: lists.archlinux.org -lists: - arch-announce: - allow_list_posts: false - bounce_info_stale_after: 60d - default_member_action: reject - default_nonmember_action: reject - description: This mailing list is for official announcements for the Arch Linux distribution. - display_name: Arch-announce - moderator_password: "{{ vault_archweb_mailman_password }}" - arch-commits: - allow_list_posts: false - accept_these_nonmembers: - - ^.+@(.+\.)?archlinux\.org - archive_policy: never - default_member_action: reject - default_nonmember_action: reject - description: Arch Linux packaging commits - display_name: Arch-commits - info: This list contains all commits to the package repositories, including diffs for newest changes. - max_message_size: 200 - arch-dev: - advertised: false - archive_policy: private - description: Development Discussion for Arch Linux - display_name: Arch-dev - info: This list is for development discussion about Arch Linux. This list is closed to the general public and only used by internal Arch Linux developers. - subscription_policy: confirm_then_moderate - arch-devops: - display_name: Arch-devops - description: Arch Linux Infrastructure development discussion - arch-devops-private: - advertised: false - archive_policy: private - description: List for internal discussion of the devops team - display_name: Arch-devops-private - subscription_policy: confirm_then_moderate - arch-dev-public: - default_member_action: hold - description: Public mailing list for Arch Linux development - display_name: Arch-dev-public - arch-events: - description: Arch Linux Events - display_name: Arch-events - arch-general: - description: General Discussion about Arch Linux - display_name: Arch-general - info: | - This mailing list hosts general discusson about the Arch Linux distribution. Questions, problems, and new development ideas can be posted here. - - You must be subscribed to the list in order to post to it. - arch-mirrors-announce: - description: List for mirror admins to send announcements (like downtime notifications) to our users - display_name: Arch-mirrors-announce - info: | - This list is intended for admins of Arch Linux mirrors that want to notify our users about downtime of their mirror. - - This list also accepts mails from non-subscribers. - arch-mirrors: - description: Arch Linux Mirroring Discussion and Announcements - display_name: Arch-mirrors - info: This list is intended for admins of Arch Linux mirrors. Discussion and announcements regarding mirroring will use this list. - arch-multilib: - description: Arch Linux Multilib (32bit libs on 64bit OSes) - display_name: Arch-multilib - arch-ports: - description: Discussion regarding the porting of Arch Linux to non-x86_64 architectures - display_name: Arch-ports - info: This list is primarily used to talk about porting Arch Linux to non-x86_64 platforms, such as PPC, ARM, i586, i686, etc. - arch-proaudio: - description: Discussion about real-time multimedia, including (semi-)pro audio and video - display_name: Arch-proaudio - arch-projects: - description: Arch Linux projects development discussion - display_name: Arch-projects - info: | - Announcements, development discussion, patches and pull requests for the Arch Linux projects: - - Please begin the email subject with the name of a project in square brackets (e.g. [devtools]). If no project matches, use [projects]. - - Note: No user discussion! - arch-releng: - description: Arch Linux Release Engineering - display_name: Arch-releng - arch-security: - description: Announcements about security issues in Arch Linux and its packages - display_name: Arch-security - info: Discussion about announcements should happen on arch-general. - arch-tu: - advertised: false - archive_policy: private - description: Trusted Users Discussion for Arch Linux - display_name: Arch-tu - info: This list is for trusted users discussion about Arch Linux. This list is closed to the general public and only used by internal Arch Linux trusted users. - subscription_policy: confirm_then_moderate - arch-wiki-admins: - advertised: false - archive_policy: private - default_nonmember_action: defer - display_name: Arch-wiki-admins - subscription_policy: confirm_then_moderate - arch-women: - description: Mailing list for the Arch Women project - display_name: Arch-women - info: | - Arch Women is an all inclusive organization of Arch Linux enthusiasts with a focus on helping more women become involved in the Arch Linux community and FOSS. - - Mailing list graciously hosted by the Arch Linux™ project. - aur-dev: - description: Arch User Repository (AUR) Development - display_name: Aur-dev - info: This list is intended for discussion of AUR and community based code and development. - aur-general: - description: Discussion about the Arch User Repository (AUR) - display_name: Aur-general - info: This list is for Trusted Users, Arch Linux developers, and the general public to discuss issues surrounding the Trusted User structure and the Arch User Repository (AUR). - aur-requests: - accept_these_nonmembers: - - notify@aur.archlinux.org - description: Public mailing list for AUR package deletion/merge/orphan requests - display_name: Aur-requests - pacman-contrib: - description: Discussion list for pacman-contrib development - display_name: Pacman-contrib - info: This list is used by pacman-contrib developers to coordinate, share patches, etc. - pacman-dev: - description: Discussion list for pacman development - display_name: Pacman-dev - info: This list is used by pacman developers and contributors to coordinate, fix problems, share patches, etc. - staff: - advertised: false - archive_policy: private - description: Internal list that includes all Arch Linux staff members (devs, TUs, support staff) - display_name: Staff - subscription_policy: confirm_then_moderate diff --git a/roles/mailman3/files/postfix.cfg b/roles/mailman3/files/postfix.cfg deleted file mode 100644 index 6068f1cc..00000000 --- a/roles/mailman3/files/postfix.cfg +++ /dev/null @@ -1,13 +0,0 @@ -[postfix] -# Additional configuration variables for the postfix MTA. - -# This variable describe the program to use for regenerating the transport map -# db file, from the associated plain text files. The file being updated will -# be appended to this string (with a separating space), so it must be -# appropriate for os.system(). -postmap_command: /usr/bin/true - -# This variable describes the type of transport maps that will be generated by -# mailman to be used with postfix for LMTP transport. By default, it is set to -# hash, but mailman also supports `regex` tables. -transport_file_type: hash diff --git a/roles/mailman3/handlers/main.yml b/roles/mailman3/handlers/main.yml deleted file mode 100644 index f56cbaed..00000000 --- a/roles/mailman3/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: Reload mailman - service: name=mailman3 state=reloaded - -- name: Restart mailman-web - service: name=uwsgi@mailman\\x2dweb.service state=restarted diff --git a/roles/mailman3/tasks/main.yml b/roles/mailman3/tasks/main.yml deleted file mode 100644 index 8f8dd7fb..00000000 --- a/roles/mailman3/tasks/main.yml +++ /dev/null @@ -1,81 +0,0 @@ -- name: Install mailman3 and related packages - pacman: name=mailman3,mailman3-hyperkitty,python-psycopg2,mailman-web,python-xapian-haystack,uwsgi-plugin-python state=present - register: install - -- name: Install {mailman,mailman-web} configuration - template: src={{ item.src }} dest={{ item.dest }} owner=root group={{ item.group }} mode=0640 - loop: - - {src: mailman.cfg.j2, dest: /etc/mailman.cfg, group: mailman} - - {src: mailman-hyperkitty.cfg.j2, dest: /etc/mailman-hyperkitty.cfg, group: mailman} - - {src: settings.py.j2, dest: /etc/webapps/mailman-web/settings.py, group: mailman-web} - - {src: urls.py.j2, dest: /etc/webapps/mailman-web/urls.py, group: mailman-web} - notify: - - Reload mailman - - Restart mailman-web - -- name: Install mailman postfix.cfg configuration - copy: src=postfix.cfg dest=/etc/postfix.cfg owner=root group=root mode=0644 - notify: Reload mailman - -- name: Make nginx log dir - file: path=/var/log/nginx/{{ lists_domain }} state=directory owner=root group=root mode=0755 - -- name: Set up nginx - template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/mailman.conf" owner=root group=root mode=644 - notify: Reload nginx - tags: ['nginx'] - -- name: Create postgres {mailman,mailman-web} user - postgresql_user: name={{ item.username }} password={{ item.password }} - loop: - - {username: "{{ vault_mailman_db_user }}", password: "{{ vault_mailman_db_password }}"} - - {username: "{{ vault_mailman_web_db_user }}", password: "{{ vault_mailman_web_db_password }}"} - become: true - become_user: postgres - become_method: su - no_log: true - -- name: Create {mailman,mailman-web} db - postgresql_db: name={{ item.db }} owner={{ item.owner }} - loop: - - {db: mailman, owner: "{{ vault_mailman_db_user }}"} - - {db: mailman-web, owner: "{{ vault_mailman_web_db_user }}"} - become: true - become_user: postgres - become_method: su - -- name: Run Django management tasks - command: django-admin {{ item }} --pythonpath /etc/webapps/mailman-web --settings settings - loop: - - migrate - - loaddata - - collectstatic - - compress - become: true - become_user: mailman-web - when: install.changed - -- name: Open LMTP ipv4 port for lists.archlinux.org - ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes - rich_rule="rule family=ipv4 source address={{ hostvars['lists.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8024 accept" - tags: - - firewall - -- name: Start and enable mailman{.service,-*.timer} - systemd: name={{ item }} enabled=yes daemon_reload=yes state=started - loop: - - mailman3.service - - mailman3-digests.timer - - mailman3-notify.timer - - uwsgi@mailman\x2dweb.service - -- name: Update list configurations - uri: - url: http://localhost:8001/3.1/lists/{{ item }}.lists.archlinux.org/config - user: "{{ vault_mailman_admin_user }}" - password: "{{ vault_mailman_admin_pass }}" - method: PUT - body_format: json - status_code: 204 - body: "{{ lookup('file', 'list_base_configuration.json') | from_json | combine(lists[item]) | to_json }}" - loop: "{{ lists.keys() }}" diff --git a/roles/mailman3/templates/nginx.d.conf.j2 b/roles/mailman3/templates/nginx.d.conf.j2 deleted file mode 100644 index 62fb9011..00000000 --- a/roles/mailman3/templates/nginx.d.conf.j2 +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name {{ lists_domain }} localhost; - - set_real_ip_from {{ hostvars['lists.archlinux.org']['wireguard_address'] }}/32; - real_ip_header X-Forwarded-For; - - access_log /var/log/nginx/{{ lists_domain }}/access.log main; - access_log /var/log/nginx/{{ lists_domain }}/access.log.json json_main; - error_log /var/log/nginx/{{ lists_domain }}/error.log; - - location /static/ { - alias /var/lib/mailman-web/static/; - } - - # include uwsgi_params - location / { - include /etc/nginx/uwsgi_params; - uwsgi_pass unix:/run/mailman-web/mailman-web.sock; - } -} diff --git a/roles/mailman3/templates/urls.py.j2 b/roles/mailman3/templates/urls.py.j2 deleted file mode 100644 index 4121553c..00000000 --- a/roles/mailman3/templates/urls.py.j2 +++ /dev/null @@ -1,35 +0,0 @@ -# -*- coding: utf-8 -*- -# Copyright (C) 1998-2016 by the Free Software Foundation, Inc. -# -# This file is part of Postorius. -# -# Postorius is free software: you can redistribute it and/or modify it under -# the terms of the GNU General Public License as published by the Free -# Software Foundation, either version 3 of the License, or (at your option) -# any later version. -# -# Postorius is distributed in the hope that it will be useful, but WITHOUT -# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for -# more details. -# -# You should have received a copy of the GNU General Public License along with -# Postorius. If not, see . - - -from django.conf.urls import include -from django.contrib import admin -from django.urls import path, reverse_lazy -from django.views.generic import RedirectView - -urlpatterns = [ - path( - '', - RedirectView.as_view(url=reverse_lazy('list_index'), permanent=True), - ), - path('mailman3/', include('postorius.urls')), - path('archives/', include('hyperkitty.urls')), - path('', include('django_mailman3.urls')), - path('accounts/', include('allauth.urls')), - path('admin3/', admin.site.urls), -] diff --git a/tf-stage1/archlinux.tf b/tf-stage1/archlinux.tf index e9eae05d..5c042697 100644 --- a/tf-stage1/archlinux.tf +++ b/tf-stage1/archlinux.tf @@ -93,17 +93,13 @@ locals { domain = "homedir" } "lists.archlinux.org" = { - server_type = "cpx11" + server_type = "cx21" domain = "lists" } "mail.archlinux.org" = { server_type = "cx11" domain = "mail" } - "mailman3.archlinux.org" = { - server_type = "cx21" - domain = "mailman3" - } "man.archlinux.org" = { server_type = "cx11" domain = "man"