diff --git a/docs/servers.md b/docs/servers.md index 0f61ee62..deb392ef 100644 --- a/docs/servers.md +++ b/docs/servers.md @@ -157,14 +157,6 @@ Prometheus, and Grafana server which receives selected performance/metrics from Online collborative markdwown editor for Arch Linux Staff. -## mailman3.archlinux.org - -This server runs mailman3 as mailman2 and mailman3 can't be installed on the same server. The HTTP and LMTP traffic is routed over WireGuard from lists.archlinux.org. - -### Services - - - mailman3 - ### Services - [hedgedoc](https://hedgedoc.org/) diff --git a/docs/ssh-hostkeys.txt b/docs/ssh-hostkeys.txt index f19b6dc2..e89944a9 100644 --- a/docs/ssh-hostkeys.txt +++ b/docs/ssh-hostkeys.txt @@ -164,15 +164,15 @@ 3072 MD5:50:c8:93:43:05:d5:73:a4:84:b1:07:66:a7:20:a5:79 root@archlinux-packer (RSA) # lists.archlinux.org -1024 SHA256:/o3BhNZ6MdfHXrqDzVxP5OgKcTmo1/e2v80Xb+Q2ypc root@archlinux-packer (DSA) -256 SHA256:Xe+YrG+IfhtQkNft+SB7UsTQCIgbqNnqMl/Pqs6uzBE root@archlinux-packer (ECDSA) -256 SHA256:fAKD+26rDZ74MOMWZI8L3k2c7RzTYd69+iwKp4zhw8c root@archlinux-packer (ED25519) -3072 SHA256:NyspEiVRnuRtL854ErcdybtjoBia+miQkpuToYZEl78 root@archlinux-packer (RSA) +1024 SHA256:U1A+NO+I+JRg0YPo+UgwGfbextnL+pVuqjWGdyokLpI root@archlinux-packer (DSA) +256 SHA256:vdEZ5/6Xxd7Azjzaf5xz5kfzQrWcq1raz5cFAIclooE root@archlinux-packer (ECDSA) +256 SHA256:iCeRz+2HK7heoapDRscHpgbEX4cbem1BZpWzrAoOxTQ root@archlinux-packer (ED25519) +3072 SHA256:sqUYYmrNXzYPL5TtsBsTnaANsZ/P7miyCAIkt0YWfBg root@archlinux-packer (RSA) -1024 MD5:fb:bb:0e:a8:0c:5c:41:5a:b1:d9:61:4d:e5:c3:bf:b1 root@archlinux-packer (DSA) -256 MD5:56:43:80:27:a7:4e:4c:1f:a4:14:dd:d1:eb:37:13:a9 root@archlinux-packer (ECDSA) -256 MD5:3c:91:d8:b0:4b:5c:36:40:79:27:8a:c7:24:d6:26:af root@archlinux-packer (ED25519) -3072 MD5:88:99:f2:47:b1:e3:3c:99:52:67:d5:d5:55:b0:af:2c root@archlinux-packer (RSA) +1024 MD5:8f:94:fe:a9:56:ee:3f:cc:a4:e7:a5:4f:2b:02:e8:c3 root@archlinux-packer (DSA) +256 MD5:ca:3e:2d:aa:8a:4b:71:3a:18:22:59:0f:6e:ff:ae:5d root@archlinux-packer (ECDSA) +256 MD5:a8:d3:f8:42:ff:ae:7d:71:1b:fe:93:4b:f7:df:38:5f root@archlinux-packer (ED25519) +3072 MD5:51:ea:a4:ec:76:87:ee:89:e7:3a:fc:80:ea:fe:2d:9c root@archlinux-packer (RSA) # mail.archlinux.org 1024 SHA256:/d3MC4NoQbPSNgNebFyzNCze4HVHPhITVWy9vWdZUp4 root@archlinux-packer (DSA) @@ -185,17 +185,6 @@ 256 MD5:dd:20:c1:f1:f2:fa:70:86:3a:e2:39:86:b1:01:2f:61 root@archlinux-packer (ED25519) 3072 MD5:b6:14:30:bd:fe:43:46:6a:20:a2:8b:b0:aa:d4:35:19 root@archlinux-packer (RSA) -# mailman3.archlinux.org -1024 SHA256:U1A+NO+I+JRg0YPo+UgwGfbextnL+pVuqjWGdyokLpI root@archlinux-packer (DSA) -256 SHA256:vdEZ5/6Xxd7Azjzaf5xz5kfzQrWcq1raz5cFAIclooE root@archlinux-packer (ECDSA) -256 SHA256:iCeRz+2HK7heoapDRscHpgbEX4cbem1BZpWzrAoOxTQ root@archlinux-packer (ED25519) -3072 SHA256:sqUYYmrNXzYPL5TtsBsTnaANsZ/P7miyCAIkt0YWfBg root@archlinux-packer (RSA) - -1024 MD5:8f:94:fe:a9:56:ee:3f:cc:a4:e7:a5:4f:2b:02:e8:c3 root@archlinux-packer (DSA) -256 MD5:ca:3e:2d:aa:8a:4b:71:3a:18:22:59:0f:6e:ff:ae:5d root@archlinux-packer (ECDSA) -256 MD5:a8:d3:f8:42:ff:ae:7d:71:1b:fe:93:4b:f7:df:38:5f root@archlinux-packer (ED25519) -3072 MD5:51:ea:a4:ec:76:87:ee:89:e7:3a:fc:80:ea:fe:2d:9c root@archlinux-packer (RSA) - # man.archlinux.org 1024 SHA256:11C7Qa1GSNBBspSlber3Sp+LEMRpfr/VWkypfu6OnhA root@archlinux-packer (DSA) 256 SHA256:fL79NVaEiwXGfUhTXWLkue/D1seSADYbui+jwQ2dvW0 root@archlinux-packer (ECDSA) diff --git a/docs/ssh-known_hosts.txt b/docs/ssh-known_hosts.txt index 6570c8db..8275c63e 100644 --- a/docs/ssh-known_hosts.txt +++ b/docs/ssh-known_hosts.txt @@ -86,20 +86,15 @@ homedir.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPxEHvFCXujU6s4eW0U79o homedir.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDuQbGoCSIPisaZeqtJhM369ugQWc8pHE8404AZu0yUgDxMl6AP5BUfdynlR6VGt4edSaEyp9BkT15YaKh5vph/9MUtZ2zbQ7WPRuvfLNG+RI458q4CYdykVMmTs1DEeAxaVMIAL3225pqh7QMcME0edX9f4PLLkQk8+AAAy24rvgwxLE0BnSLB3zp7wCJw5rm2iZAcqsKkIZw2FJKMlRuEovdvgc7A0FfkSc8muvvHET1FK/Uqv5i9R2Xk3NPFkt/bzcwOVBXCeqUrjLmD0UhRWX8J8GMmrEVPVQLBT6mn/OtlXpOiDcr9HkSLS1mqo59N9wyI4tCKjYQZMEWU36PYjXlDzqOGmdAR6Ly8vDo3BC+ByQqLf/ixkoFD/I5inGejPnAv9eXuiP8o0KoPDOALD8gqwqCoPjElE9ZVObp+NJbuQeXRZt70VKxZEWrUKxKxHM3RoYvgd3h/GHaYEGWdbvTMTVK+xnrczL+Eme4Y81zA8KTwY5qbyc5QCHvksKM= # lists.archlinux.org -lists.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKBHMlX50Jr2HiVJ/qDSH3mAjobpbBrGvBRXTKB/xXFBiVXCbJQCQ9HKXQZunLALaIm+jAgpskbXqLQMEpWzST8= -lists.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOVKwNsXUXpgNhlwPVlBRNlpvOt0U9deANS/n//nxbe1 -lists.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuKQnkGRdXyu74f92lzJcQMMDjTzVXkne/mLHiMYKQWlboIBIry3FkzyUGDLbNlZOe4PNR43D9FI0/1EjAuVV72HVQ9sidCbJR/azw3+JF8zwU1HDMOhtCNaWYNqk0DHDvHuWhL6N0duFASf+ZTKRB5Rgk3+p0FisKMCep2vJy5kHY0829INk6ORgPxYzCHCZOLEfZX0aydwscTnubKq1t9blWUdqKSm5Xq5+NEJNPKlo6TgdcBihkdAyaGnZ9KWrXycV6j0UaT/VJNuumZ9KlsvI7Xi/TVDWcLcsU/UqeEvnzUi3oRrvkADzIcoFa5/QrSRQJppKAUgjuhOuk+Px38IIvRdrwDxDoChei+qU8S2O24PP7Cu4oYZ/ecGb8wJleEWVVaYrD5JTEugg0iTe2t0LJiP6rTC1faxErZ9wru18nGNWYR2b+b1MfBzppAoikZUoqygKYYLAerHj3B9wFmw2RJG8JFZ95lMukJmDG8kCYz7eq753PYAAmpFZbdZU= +lists.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLYxKdG6ntbOV/YpVbRkJiJfAPt8BTTN/hKm0uebSwpuQbbv5hxXLSOYeA0C/yJBNXXX4EJ82J88oEJQBFxiPvY= +lists.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+GtJoC+QEUyKA/ZneTBXOBs7W3JBAEb1nLDkjzsqa1 +lists.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdPJQIkN6wDk/140HS1WCIKc0Iz7Oq8c98XaLB0i9ksUxkWB4rxia/WP5RRF+g9yAqZvIg0f5W0d85pfuh+1TOccXk8r6GsH+gRIEkdmwu4Mf7iBpkQxl3n70yjNGxgbwGkVG9vREvJ4v3l/NRZrX2/N3RvcPG9TQwjFFOFYTRZNfUPvsppk572yQ8cjf7oUvJmLOwsKagO5WMUoKFAbO35/Mp2H6VbApYtIdpkFOXnaJUVduHInNa18CmKl28ZSTsigLkYb8pboS6RacJYgA5kK0vQsXCguDrA+SI9k1xW4i9FjUWsLlPuLkk9c7Tj39R95gWhxWwQ99ApNDVvZa+skSbMS7h4/d3NosyM2OO9LfqPiHn2xDsuvmpN0ScCwuocwR09EMrj4MQKzo31ITFHuSyxob0Z4yTQrKvJxdNwveXqaRHFNXUvSWtoRkk2cKB5hjsr0QCROBidYu4WG+/LfolzJQfuRqH7dvg5dvmJLrcozfcCpxspdBTIEKLG/c= # mail.archlinux.org mail.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFvJy2P8zOSKt3EocULHN85PVGW1AINk15+GilqUc5a79Zsy0FvWqV16fjxLRN3zIOkBvSKZMvsNadja+quEr9s= mail.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTOoGxsf23f6AjIHcQQuvbTOaeIt48Y0PiBj9qlJi1H mail.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPrURadxte8UJiteGa6+Q+OjTAjhvGAQFkNSXj1pr4k03uxkU6l2v2LuTygk+4SZSCyUsKvNx/ljJeHBnuecQ8rRv19ZFqy/GQKB3oEmiNYMo2dYYlJWwTVBHatmghhB1j2y40yqdKWH2xQuXC3HtnS7fHG0g1Rc4R9KB4MQlcXkwnSEMpwpWBoO7sr0M4YTdwE+nSG9aNfyPbPGp3mX4ATz5X5hPJOlSFVDV6NuKrA+5qyt4jSKdeG5IuWeEnEJesYJEvShYdY9DvMCXnZykB0emzzk+5+Cp2lTPf9LOO3wNsTgHV/CwkoAoMgr9+ASefhBr3nxmmrs9T7nwuobGCGFUqQ2D8IKCmsWGVKXYERViz3x/gYUIlHgVJpoIXCFFqbdpWwxKR1aDMug2fFe699/FzuPdqrWPFdQMF2mPQ0w3AH/62KGp+PULE2HxrlCiY/gF2m8iJLgunxVKmi/c0ufgK9QilnKcPO+W4tcISa5MYt7MSTTLV9eVsgVjGhOU= -# mailman3.archlinux.org -mailman3.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLYxKdG6ntbOV/YpVbRkJiJfAPt8BTTN/hKm0uebSwpuQbbv5hxXLSOYeA0C/yJBNXXX4EJ82J88oEJQBFxiPvY= -mailman3.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID+GtJoC+QEUyKA/ZneTBXOBs7W3JBAEb1nLDkjzsqa1 -mailman3.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDdPJQIkN6wDk/140HS1WCIKc0Iz7Oq8c98XaLB0i9ksUxkWB4rxia/WP5RRF+g9yAqZvIg0f5W0d85pfuh+1TOccXk8r6GsH+gRIEkdmwu4Mf7iBpkQxl3n70yjNGxgbwGkVG9vREvJ4v3l/NRZrX2/N3RvcPG9TQwjFFOFYTRZNfUPvsppk572yQ8cjf7oUvJmLOwsKagO5WMUoKFAbO35/Mp2H6VbApYtIdpkFOXnaJUVduHInNa18CmKl28ZSTsigLkYb8pboS6RacJYgA5kK0vQsXCguDrA+SI9k1xW4i9FjUWsLlPuLkk9c7Tj39R95gWhxWwQ99ApNDVvZa+skSbMS7h4/d3NosyM2OO9LfqPiHn2xDsuvmpN0ScCwuocwR09EMrj4MQKzo31ITFHuSyxob0Z4yTQrKvJxdNwveXqaRHFNXUvSWtoRkk2cKB5hjsr0QCROBidYu4WG+/LfolzJQfuRqH7dvg5dvmJLrcozfcCpxspdBTIEKLG/c= - # man.archlinux.org man.archlinux.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPhnsStoFw6rbVpE1S1vsXNk8de1SyMag1C+v0DWVSuNYzTylYg4322WbYzw45z2XhxrF6XmCSDMvgxvFwnfLQA= man.archlinux.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzjkN+igIxSIv5N9+ANNoo6knPa51Tj5TAXs4EQ8lY2 diff --git a/group_vars/all/root_access.yml b/group_vars/all/root_access.yml index a5f9ba67..1f6a54b7 100644 --- a/group_vars/all/root_access.yml +++ b/group_vars/all/root_access.yml @@ -26,7 +26,6 @@ root_ssh_keys: - dashboards.archlinux.org - gitlab.archlinux.org - lists.archlinux.org - - mailman3.archlinux.org - monitoring.archlinux.org # - run 'playbooks/tasks/reencrypt-vault-{super,default}-key.yml' when this diff --git a/group_vars/all/vault_mailman.yml b/group_vars/all/vault_mailman.yml index 06f7aef2..03690e65 100644 --- a/group_vars/all/vault_mailman.yml +++ b/group_vars/all/vault_mailman.yml @@ -1,9 +1,26 @@ $ANSIBLE_VAULT;1.1;AES256 -38306134633332383131393237386134643236316136333335313130663639373434643434303734 -6530323361333765393633616338333830346634363835350a363933363736393935333833313461 -66336437366666316366326566313837653934333732336532393264343663643861633639636566 -3330353837636631320a303533653661623866383230353563366166653232316635353631613836 -39306531623538656335643031623361633465366138356263663630386362626630336262303865 -31306465323730316633316534333663313565336634346164363331353962366239663035366139 -33636139666262663962396236396337666336663835633865373966386534393064323333326164 -35643530656134643565 +63633533303232373335663630346139613137616132393738383265663337636565663935386365 +3262636536383962333438653033323061306433323232610a623836643732616163383364316639 +37626134643334383432346465343734353566663261643334396563336132666133666431313563 +6365643566626635360a616139393131346566666266653737303562663664656231643836373038 +37316436643133333261313963356435353938393032313935353939613962303733623934313965 +64356635626561376130336134656436386638306538373635313638393932313337316636343533 +32666138613765326332373335366634313530656162383162633861666365333230303132346263 +63613031643230356361383638386230613231626135663763373630666362623536663165356335 +33333033376332653130626262633563336238383931393636346339333963326330373431363931 +61383733626363316539653638373562616335366363306365353166666335383037633830636263 +37313663636139666131623435383833313434396665663162623934646330626362346237363331 +65323537383536333763646431623061646337613761363861373261343638653235333038663239 +34636662663763363832643061313035316437633965346332363432653562613865623261613235 +61303239626136303736356533373739343566313464343931383962633232313263383230336438 +32653534623739616436346539616336373562376632303833323230643465666262303263383334 +64623362363863393866666461396237613934656239653262316438633338313036303436313236 +61623562376139616539646231376438636234656363666639646465663035326161346435396439 +63613839396163616135313537626535393039623866646431333239383263313931386131303464 +36353837303662343530663561363036633864346131343731643535386462316663353233636638 +36323134643230376239326637656537633337323333616630313531653239366263386238363333 +32336538613635613964366562383165616433363738623638393364363233636262643131653532 +62326363356333333563383139323366363462613031303566376365643439373163613166333339 +38353266616463396139336663353536336631666565656630396431363439333034653336316234 +61663232383136353937336431353131323933613462666233663464656166356161613039316436 +3136 diff --git a/group_vars/all/vault_mailman3.yml b/group_vars/all/vault_mailman3.yml deleted file mode 100644 index 03690e65..00000000 --- a/group_vars/all/vault_mailman3.yml +++ /dev/null @@ -1,26 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -63633533303232373335663630346139613137616132393738383265663337636565663935386365 -3262636536383962333438653033323061306433323232610a623836643732616163383364316639 -37626134643334383432346465343734353566663261643334396563336132666133666431313563 -6365643566626635360a616139393131346566666266653737303562663664656231643836373038 -37316436643133333261313963356435353938393032313935353939613962303733623934313965 -64356635626561376130336134656436386638306538373635313638393932313337316636343533 -32666138613765326332373335366634313530656162383162633861666365333230303132346263 -63613031643230356361383638386230613231626135663763373630666362623536663165356335 -33333033376332653130626262633563336238383931393636346339333963326330373431363931 -61383733626363316539653638373562616335366363306365353166666335383037633830636263 -37313663636139666131623435383833313434396665663162623934646330626362346237363331 -65323537383536333763646431623061646337613761363861373261343638653235333038663239 -34636662663763363832643061313035316437633965346332363432653562613865623261613235 -61303239626136303736356533373739343566313464343931383962633232313263383230336438 -32653534623739616436346539616336373562376632303833323230643465666262303263383334 -64623362363863393866666461396237613934656239653262316438633338313036303436313236 -61623562376139616539646231376438636234656363666639646465663035326161346435396439 -63613839396163616135313537626535393039623866646431333239383263313931386131303464 -36353837303662343530663561363036633864346131343731643535386462316663353233636638 -36323134643230376239326637656537633337323333616630313531653239366263386238363333 -32336538613635613964366562383165616433363738623638393364363233636262643131653532 -62326363356333333563383139323366363462613031303566376365643439373163613166333339 -38353266616463396139336663353536336631666565656630396431363439333034653336316234 -61663232383136353937336431353131323933613462666233663464656166356161613039316436 -3136 diff --git a/host_vars/mailman3.archlinux.org/misc b/host_vars/mailman3.archlinux.org/misc deleted file mode 100644 index 01d1a3f5..00000000 --- a/host_vars/mailman3.archlinux.org/misc +++ /dev/null @@ -1,4 +0,0 @@ -filesystem: btrfs -ipv4_address: 65.21.106.94 -wireguard_address: 10.0.0.37 -wireguard_public_key: obBFreFGNDLB17+PaJspE4qNeVX4o7ZPcJj3ZmJhahg= diff --git a/host_vars/mailman3.archlinux.org/vault_wireguard.yml b/host_vars/mailman3.archlinux.org/vault_wireguard.yml deleted file mode 100644 index e8e3b3fc..00000000 --- a/host_vars/mailman3.archlinux.org/vault_wireguard.yml +++ /dev/null @@ -1,9 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -32363065633737653663623334663139323638366462343630623765396636353932653932356261 -6239356162633731656330383436363861376231616462390a356432316532333632653839333230 -63636434373462643231323532633362363434646230323636333264393032373632343932616361 -6536383038313134300a363139313337646533626334333666326535623039323332666338306532 -33643430313864663833343765623138393165386564343636306363626232666436353665353235 -34623064363764336139633334663530376332633536383033313438613035303662333435313536 -34366663643130633064646161613065373532653235373730316439643165383635353761396639 -61656462333035666437 diff --git a/hosts b/hosts index 4c4d84ab..3cf03bfc 100644 --- a/hosts +++ b/hosts @@ -51,7 +51,6 @@ security.archlinux.org md.archlinux.org lists.archlinux.org gluebuddy.archlinux.org -mailman3.archlinux.org [public_html] homedir.archlinux.org @@ -138,7 +137,6 @@ gluebuddy.archlinux.org homedir.archlinux.org lists.archlinux.org mail.archlinux.org -mailman3.archlinux.org man.archlinux.org matrix.archlinux.org md.archlinux.org diff --git a/playbooks/lists.archlinux.org.yml b/playbooks/lists.archlinux.org.yml index 0629ec0b..6669dd30 100644 --- a/playbooks/lists.archlinux.org.yml +++ b/playbooks/lists.archlinux.org.yml @@ -8,7 +8,7 @@ - { role: sshd } - { role: root_ssh } - { role: hardening } - - { role: borg_client, tags: ["borg"], when: "'borg_clients' in group_names" } + - { role: borg_client, tags: ["borg"] } - { role: prometheus_exporters } - { role: promtail } - { role: certbot } @@ -17,4 +17,5 @@ - { role: rspamd, rspamd_dkim_domain: lists.archlinux.org, rspamd_dkim_use_esld: false, tags: ["mail"] } - { role: unbound, unbound_port: 5353, tags: ["mail"] } - { role: uwsgi } + - { role: postgres } - { role: mailman } diff --git a/playbooks/mailman3.archlinux.org.yml b/playbooks/mailman3.archlinux.org.yml deleted file mode 100644 index 171eb42d..00000000 --- a/playbooks/mailman3.archlinux.org.yml +++ /dev/null @@ -1,17 +0,0 @@ -- name: Setup mailman3 server - hosts: mailman3.archlinux.org - remote_user: root - roles: - - { role: common } - - { role: firewalld } - - { role: wireguard } - - { role: sshd } - - { role: root_ssh } - - { role: hardening } - - { role: borg_client, tags: ["borg"] } - - { role: prometheus_exporters } - - { role: promtail } - - { role: nginx, nginx_firewall_zone: wireguard } - - { role: uwsgi } - - { role: postgres } - - { role: mailman3 } diff --git a/roles/mailman/defaults/main.yml b/roles/mailman/defaults/main.yml index b2d2b3fd..7ac12333 100644 --- a/roles/mailman/defaults/main.yml +++ b/roles/mailman/defaults/main.yml @@ -1 +1,135 @@ lists_domain: lists.archlinux.org +lists: + arch-announce: + allow_list_posts: false + bounce_info_stale_after: 60d + default_member_action: reject + default_nonmember_action: reject + description: This mailing list is for official announcements for the Arch Linux distribution. + display_name: Arch-announce + moderator_password: "{{ vault_archweb_mailman_password }}" + arch-commits: + allow_list_posts: false + accept_these_nonmembers: + - ^.+@(.+\.)?archlinux\.org + archive_policy: never + default_member_action: reject + default_nonmember_action: reject + description: Arch Linux packaging commits + display_name: Arch-commits + info: This list contains all commits to the package repositories, including diffs for newest changes. + max_message_size: 200 + arch-dev: + advertised: false + archive_policy: private + description: Development Discussion for Arch Linux + display_name: Arch-dev + info: This list is for development discussion about Arch Linux. This list is closed to the general public and only used by internal Arch Linux developers. + subscription_policy: confirm_then_moderate + arch-devops: + display_name: Arch-devops + description: Arch Linux Infrastructure development discussion + arch-devops-private: + advertised: false + archive_policy: private + description: List for internal discussion of the devops team + display_name: Arch-devops-private + subscription_policy: confirm_then_moderate + arch-dev-public: + default_member_action: hold + description: Public mailing list for Arch Linux development + display_name: Arch-dev-public + arch-events: + description: Arch Linux Events + display_name: Arch-events + arch-general: + description: General Discussion about Arch Linux + display_name: Arch-general + info: | + This mailing list hosts general discusson about the Arch Linux distribution. Questions, problems, and new development ideas can be posted here. + + You must be subscribed to the list in order to post to it. + arch-mirrors-announce: + description: List for mirror admins to send announcements (like downtime notifications) to our users + display_name: Arch-mirrors-announce + info: | + This list is intended for admins of Arch Linux mirrors that want to notify our users about downtime of their mirror. + + This list also accepts mails from non-subscribers. + arch-mirrors: + description: Arch Linux Mirroring Discussion and Announcements + display_name: Arch-mirrors + info: This list is intended for admins of Arch Linux mirrors. Discussion and announcements regarding mirroring will use this list. + arch-multilib: + description: Arch Linux Multilib (32bit libs on 64bit OSes) + display_name: Arch-multilib + arch-ports: + description: Discussion regarding the porting of Arch Linux to non-x86_64 architectures + display_name: Arch-ports + info: This list is primarily used to talk about porting Arch Linux to non-x86_64 platforms, such as PPC, ARM, i586, i686, etc. + arch-proaudio: + description: Discussion about real-time multimedia, including (semi-)pro audio and video + display_name: Arch-proaudio + arch-projects: + description: Arch Linux projects development discussion + display_name: Arch-projects + info: | + Announcements, development discussion, patches and pull requests for the Arch Linux projects:
[devtools]
). If no project matches, use [projects]
.
+
+ Note: No user discussion!
+ arch-releng:
+ description: Arch Linux Release Engineering
+ display_name: Arch-releng
+ arch-security:
+ description: Announcements about security issues in Arch Linux and its packages
+ display_name: Arch-security
+ info: Discussion about announcements should happen on arch-general.
+ arch-tu:
+ advertised: false
+ archive_policy: private
+ description: Trusted Users Discussion for Arch Linux
+ display_name: Arch-tu
+ info: This list is for trusted users discussion about Arch Linux. This list is closed to the general public and only used by internal Arch Linux trusted users.
+ subscription_policy: confirm_then_moderate
+ arch-wiki-admins:
+ advertised: false
+ archive_policy: private
+ default_nonmember_action: defer
+ display_name: Arch-wiki-admins
+ subscription_policy: confirm_then_moderate
+ arch-women:
+ description: Mailing list for the Arch Women project
+ display_name: Arch-women
+ info: |
+ Arch Women is an all inclusive organization of Arch Linux enthusiasts with a focus on helping more women become involved in the Arch Linux community and FOSS.
+
+ Mailing list graciously hosted by the Arch Linux™ project.
+ aur-dev:
+ description: Arch User Repository (AUR) Development
+ display_name: Aur-dev
+ info: This list is intended for discussion of AUR and community based code and development.
+ aur-general:
+ description: Discussion about the Arch User Repository (AUR)
+ display_name: Aur-general
+ info: This list is for Trusted Users, Arch Linux developers, and the general public to discuss issues surrounding the Trusted User structure and the Arch User Repository (AUR).
+ aur-requests:
+ accept_these_nonmembers:
+ - notify@aur.archlinux.org
+ description: Public mailing list for AUR package deletion/merge/orphan requests
+ display_name: Aur-requests
+ pacman-contrib:
+ description: Discussion list for pacman-contrib development
+ display_name: Pacman-contrib
+ info: This list is used by pacman-contrib developers to coordinate, share patches, etc.
+ pacman-dev:
+ description: Discussion list for pacman development
+ display_name: Pacman-dev
+ info: This list is used by pacman developers and contributors to coordinate, fix problems, share patches, etc.
+ staff:
+ advertised: false
+ archive_policy: private
+ description: Internal list that includes all Arch Linux staff members (devs, TUs, support staff)
+ display_name: Staff
+ subscription_policy: confirm_then_moderate
diff --git a/roles/mailman3/files/list_base_configuration.json b/roles/mailman/files/list_base_configuration.json
similarity index 100%
rename from roles/mailman3/files/list_base_configuration.json
rename to roles/mailman/files/list_base_configuration.json
diff --git a/roles/mailman/files/mailman.ini b/roles/mailman/files/mailman.ini
deleted file mode 100644
index fe6d040f..00000000
--- a/roles/mailman/files/mailman.ini
+++ /dev/null
@@ -1,10 +0,0 @@
-[uwsgi]
-plugins = cgi
-socket = /run/uwsgi/%n.sock
-chmod-socket = 770
-threads = 2
-
-cgi = /=/usr/lib/mailman/cgi-bin/
-cgi-index = listinfo
-uid = mailman
-gid = http
diff --git a/roles/mailman/files/migrated-lists.map b/roles/mailman/files/migrated-lists.map
deleted file mode 100644
index 5e9c72c0..00000000
--- a/roles/mailman/files/migrated-lists.map
+++ /dev/null
@@ -1,25 +0,0 @@
-/listinfo/arch-announce /mailman3/lists/arch-announce@lists.archlinux.org/;
-/listinfo/arch-commits /mailman3/lists/arch-commits@lists.archlinux.org/;
-/listinfo/arch-dev /mailman3/lists/arch-dev@lists.archlinux.org/;
-/listinfo/arch-dev-public /mailman3/lists/arch-dev-public@lists.archlinux.org/;
-/listinfo/arch-devops /mailman3/lists/arch-devops@lists.archlinux.org/;
-/listinfo/arch-devops-private /mailman3/lists/arch-devops-private@lists.archlinux.org/;
-/listinfo/arch-events /mailman3/lists/arch-events@lists.archlinux.org/;
-/listinfo/arch-general /mailman3/lists/arch-general@lists.archlinux.org/;
-/listinfo/arch-mirrors /mailman3/lists/arch-mirrors@lists.archlinux.org/;
-/listinfo/arch-mirrors-announce /mailman3/lists/arch-mirrors-announce@lists.archlinux.org/;
-/listinfo/arch-multilib /mailman3/lists/arch-multilib@lists.archlinux.org/;
-/listinfo/arch-ports /mailman3/lists/arch-ports@lists.archlinux.org/;
-/listinfo/arch-proaudio /mailman3/lists/arch-proaudio@lists.archlinux.org/;
-/listinfo/arch-projects /mailman3/lists/arch-projects@lists.archlinux.org/;
-/listinfo/arch-releng /mailman3/lists/arch-releng@lists.archlinux.org/;
-/listinfo/arch-security /mailman3/lists/arch-security@lists.archlinux.org/;
-/listinfo/arch-tu /mailman3/lists/arch-tu@lists.archlinux.org/;
-/listinfo/arch-wiki-admins /mailman3/lists/arch-wiki-admins@lists.archlinux.org/;
-/listinfo/arch-women /mailman3/lists/arch-women@lists.archlinux.org/;
-/listinfo/aur-dev /mailman3/lists/aur-dev@lists.archlinux.org/;
-/listinfo/aur-general /mailman3/lists/aur-general@lists.archlinux.org/;
-/listinfo/aur-requests /mailman3/lists/aur-requests@lists.archlinux.org/;
-/listinfo/pacman-contrib /mailman3/lists/pacman-contrib@lists.archlinux.org/;
-/listinfo/pacman-dev /mailman3/lists/pacman-dev@lists.archlinux.org/;
-/listinfo/staff /mailman3/lists/staff@lists.archlinux.org/;
diff --git a/roles/mailman/files/override.conf b/roles/mailman/files/override.conf
deleted file mode 100644
index 8a764e34..00000000
--- a/roles/mailman/files/override.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[Service]
-Restart=always
diff --git a/roles/mailman/handlers/main.yml b/roles/mailman/handlers/main.yml
index 61ce4bee..2f46b762 100644
--- a/roles/mailman/handlers/main.yml
+++ b/roles/mailman/handlers/main.yml
@@ -1,8 +1,8 @@
-- name: Restart mailman
- service: name=mailman daemon_reload=yes state=restarted
-
- name: Reload mailman
- service: name=mailman state=reloaded
+ service: name=mailman3 state=reloaded
+
+- name: Restart mailman-web
+ service: name=uwsgi@mailman\\x2dweb.service state=restarted
- name: Reload postfix
service: name=postfix state=reloaded
@@ -11,4 +11,3 @@
command: postmap /etc/postfix/{{ item }}
loop:
- aliases
- - transport
diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml
index 450bfd81..22419224 100644
--- a/roles/mailman/tasks/main.yml
+++ b/roles/mailman/tasks/main.yml
@@ -4,12 +4,19 @@
vars:
domains: ["{{ lists_domain }}"]
-- name: Install mailman, uwsgi-plugin-cgi and postfx
- pacman: name=mailman,uwsgi-plugin-cgi,postfix,postfix-pcre state=present
+- name: Install mailman3 and related packages
+ pacman: name=mailman3,mailman3-hyperkitty,python-psycopg2,mailman-web,python-xapian-haystack,uwsgi-plugin-python,postfix,postfix-pcre state=present
+ register: install
-- name: Install mailman configuration
- template: src=mm_cfg.py.j2 dest=/etc/mailman/mm_cfg.py follow=yes owner=root group=root mode=0644
- notify: Reload mailman
+- name: Install {mailman,mailman-web} configuration
+ template: src={{ item.src }} dest={{ item.dest }} owner=root group={{ item.group }} mode=0640
+ loop:
+ - {src: mailman.cfg.j2, dest: /etc/mailman.cfg, group: mailman}
+ - {src: mailman-hyperkitty.cfg.j2, dest: /etc/mailman-hyperkitty.cfg, group: mailman}
+ - {src: settings.py.j2, dest: /etc/webapps/mailman-web/settings.py, group: mailman-web}
+ notify:
+ - Reload mailman
+ - Restart mailman-web
- name: Install postfix configuration
template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0644
@@ -22,59 +29,66 @@
- milter_header_checks
notify: Run postmap
-- name: Install postfix templated maps
- template: src={{ item }}.j2 dest=/etc/postfix/{{ item }} owner=root group=root mode=0644
- loop:
- - transport
- notify: Run postmap
-
- name: Open firewall holes for postfix
- ansible.posix.firewalld: service=smtp zone={{ item }} permanent=true state=enabled immediate=yes
- loop:
- -
- - wireguard
- when: configure_firewall
+ ansible.posix.firewalld: service=smtp permanent=true state=enabled immediate=yes
tags:
- firewall
-- name: Create mailman list
- command: /usr/lib/mailman/bin/newlist -a mailman root@{{ lists_domain }} meG0n5Wq6dEWCA6s
- args:
- creates: /var/lib/mailman/lists/mailman
-
-- name: Configure mailman uwsgi service
- copy: src=mailman.ini dest=/etc/uwsgi/vassals/ owner=mailman group=http mode=0644
-
- name: Make nginx log dir
file: path=/var/log/nginx/{{ lists_domain }} state=directory owner=root group=root mode=0755
-- name: Install nginx mailman2->mailman3 redirect map
- copy: src=migrated-lists.map dest=/etc/nginx/maps/ owner=root group=root mode=0644
- notify: Reload nginx
-
- name: Set up nginx
template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/mailman.conf" owner=root group=root mode=644
notify: Reload nginx
- tags: ['nginx']
+
+- name: Create postgres {mailman,mailman-web} user
+ postgresql_user: name={{ item.username }} password={{ item.password }}
+ loop:
+ - {username: "{{ vault_mailman_db_user }}", password: "{{ vault_mailman_db_password }}"}
+ - {username: "{{ vault_mailman_web_db_user }}", password: "{{ vault_mailman_web_db_password }}"}
+ become: true
+ become_user: postgres
+ become_method: su
+ no_log: true
+
+- name: Create {mailman,mailman-web} db
+ postgresql_db: name={{ item.db }} owner={{ item.owner }}
+ loop:
+ - {db: mailman, owner: "{{ vault_mailman_db_user }}"}
+ - {db: mailman-web, owner: "{{ vault_mailman_web_db_user }}"}
+ become: true
+ become_user: postgres
+ become_method: su
+
+- name: Run Django management tasks
+ command: django-admin {{ item }} --pythonpath /etc/webapps/mailman-web --settings settings
+ loop:
+ - migrate
+ - loaddata
+ - collectstatic
+ - compress
+ become: true
+ become_user: mailman-web
+ when: false
- name: Start and enable postfix
systemd: name=postfix.service enabled=yes daemon_reload=yes state=started
-- name: Create drop-in directory for mailman.service
- file: path=/etc/systemd/system/mailman.service.d state=directory owner=root group=root mode=0755
-
-- name: Install drop-in for mailman.service
- copy: src=override.conf dest=/etc/systemd/system/mailman.service.d/ owner=root group=root mode=0644
- notify: Restart mailman
-
- name: Start and enable mailman{.service,-*.timer}
systemd: name={{ item }} enabled=yes daemon_reload=yes state=started
loop:
- - mailman.service
- - mailman-senddigests.timer
- - mailman-nightlygzip.timer
- - mailman-mailpasswds.timer
- - mailman-gatenews.timer
- - mailman-disabled.timer
- - mailman-cullbadshunt.timer
- - mailman-checkdbs.timer
+ - mailman3.service
+ - mailman3-digests.timer
+ - mailman3-notify.timer
+ - uwsgi@mailman\x2dweb.service
+
+- name: Update list configurations
+ uri:
+ url: http://localhost:8001/3.1/lists/{{ item }}.lists.archlinux.org/config
+ user: "{{ vault_mailman_admin_user }}"
+ password: "{{ vault_mailman_admin_pass }}"
+ method: PUT
+ body_format: json
+ status_code: 204
+ body: "{{ lookup('file', 'list_base_configuration.json') | from_json | combine(lists[item]) | to_json }}"
+ loop: "{{ lists.keys() }}"
diff --git a/roles/mailman3/templates/mailman-hyperkitty.cfg.j2 b/roles/mailman/templates/mailman-hyperkitty.cfg.j2
similarity index 95%
rename from roles/mailman3/templates/mailman-hyperkitty.cfg.j2
rename to roles/mailman/templates/mailman-hyperkitty.cfg.j2
index d85fc57f..a2ab2a8a 100644
--- a/roles/mailman3/templates/mailman-hyperkitty.cfg.j2
+++ b/roles/mailman/templates/mailman-hyperkitty.cfg.j2
@@ -15,7 +15,7 @@
# better if it is not.
# However, if your Mailman installation is accessed via HTTPS, the URL needs
# to match your SSL certificate (e.g. https://lists.example.com/hyperkitty).
-base_url: http://localhost/archives/
+base_url: http://localhost:8000/archives/
# Shared API key, must be the identical to the value in HyperKitty's
# settings.
diff --git a/roles/mailman3/templates/mailman.cfg.j2 b/roles/mailman/templates/mailman.cfg.j2
similarity index 66%
rename from roles/mailman3/templates/mailman.cfg.j2
rename to roles/mailman/templates/mailman.cfg.j2
index 82b4c47e..2eca990e 100644
--- a/roles/mailman3/templates/mailman.cfg.j2
+++ b/roles/mailman/templates/mailman.cfg.j2
@@ -10,13 +10,6 @@ url: postgres://{{ vault_mailman_db_user }}:{{ vault_mailman_db_password }}@/mai
admin_user: {{ vault_mailman_admin_user }}
admin_pass: {{ vault_mailman_admin_pass }}
-[mta]
-configuration: /etc/postfix.cfg
-lmtp_host: {{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}
-lmtp_port: 8024
-smtp_host: {{ hostvars['lists.archlinux.org']['wireguard_address'] }}
-smtp_port: 25
-
[archiver.hyperkitty]
class: mailman_hyperkitty.Archiver
enable: yes
diff --git a/roles/mailman/templates/main.cf.j2 b/roles/mailman/templates/main.cf.j2
index 5d29e60b..c6f6c4fe 100644
--- a/roles/mailman/templates/main.cf.j2
+++ b/roles/mailman/templates/main.cf.j2
@@ -22,7 +22,6 @@ mynetworks =
127.0.0.0/8
[::1]/128
[fe80::]/64
- {{ hostvars['mailman3.archlinux.org']['wireguard_address'] }}
# fatal: configuration error: mailbox_size_limit is smaller than message_size_limit
message_size_limit = 104857600
@@ -46,10 +45,10 @@ smtpd_reject_footer = For assistance contact [devtools]
). If no project matches, use [projects]
.
-
- Note: No user discussion!
- arch-releng:
- description: Arch Linux Release Engineering
- display_name: Arch-releng
- arch-security:
- description: Announcements about security issues in Arch Linux and its packages
- display_name: Arch-security
- info: Discussion about announcements should happen on arch-general.
- arch-tu:
- advertised: false
- archive_policy: private
- description: Trusted Users Discussion for Arch Linux
- display_name: Arch-tu
- info: This list is for trusted users discussion about Arch Linux. This list is closed to the general public and only used by internal Arch Linux trusted users.
- subscription_policy: confirm_then_moderate
- arch-wiki-admins:
- advertised: false
- archive_policy: private
- default_nonmember_action: defer
- display_name: Arch-wiki-admins
- subscription_policy: confirm_then_moderate
- arch-women:
- description: Mailing list for the Arch Women project
- display_name: Arch-women
- info: |
- Arch Women is an all inclusive organization of Arch Linux enthusiasts with a focus on helping more women become involved in the Arch Linux community and FOSS.
-
- Mailing list graciously hosted by the Arch Linux™ project.
- aur-dev:
- description: Arch User Repository (AUR) Development
- display_name: Aur-dev
- info: This list is intended for discussion of AUR and community based code and development.
- aur-general:
- description: Discussion about the Arch User Repository (AUR)
- display_name: Aur-general
- info: This list is for Trusted Users, Arch Linux developers, and the general public to discuss issues surrounding the Trusted User structure and the Arch User Repository (AUR).
- aur-requests:
- accept_these_nonmembers:
- - notify@aur.archlinux.org
- description: Public mailing list for AUR package deletion/merge/orphan requests
- display_name: Aur-requests
- pacman-contrib:
- description: Discussion list for pacman-contrib development
- display_name: Pacman-contrib
- info: This list is used by pacman-contrib developers to coordinate, share patches, etc.
- pacman-dev:
- description: Discussion list for pacman development
- display_name: Pacman-dev
- info: This list is used by pacman developers and contributors to coordinate, fix problems, share patches, etc.
- staff:
- advertised: false
- archive_policy: private
- description: Internal list that includes all Arch Linux staff members (devs, TUs, support staff)
- display_name: Staff
- subscription_policy: confirm_then_moderate
diff --git a/roles/mailman3/files/postfix.cfg b/roles/mailman3/files/postfix.cfg
deleted file mode 100644
index 6068f1cc..00000000
--- a/roles/mailman3/files/postfix.cfg
+++ /dev/null
@@ -1,13 +0,0 @@
-[postfix]
-# Additional configuration variables for the postfix MTA.
-
-# This variable describe the program to use for regenerating the transport map
-# db file, from the associated plain text files. The file being updated will
-# be appended to this string (with a separating space), so it must be
-# appropriate for os.system().
-postmap_command: /usr/bin/true
-
-# This variable describes the type of transport maps that will be generated by
-# mailman to be used with postfix for LMTP transport. By default, it is set to
-# hash, but mailman also supports `regex` tables.
-transport_file_type: hash
diff --git a/roles/mailman3/handlers/main.yml b/roles/mailman3/handlers/main.yml
deleted file mode 100644
index f56cbaed..00000000
--- a/roles/mailman3/handlers/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- name: Reload mailman
- service: name=mailman3 state=reloaded
-
-- name: Restart mailman-web
- service: name=uwsgi@mailman\\x2dweb.service state=restarted
diff --git a/roles/mailman3/tasks/main.yml b/roles/mailman3/tasks/main.yml
deleted file mode 100644
index 8f8dd7fb..00000000
--- a/roles/mailman3/tasks/main.yml
+++ /dev/null
@@ -1,81 +0,0 @@
-- name: Install mailman3 and related packages
- pacman: name=mailman3,mailman3-hyperkitty,python-psycopg2,mailman-web,python-xapian-haystack,uwsgi-plugin-python state=present
- register: install
-
-- name: Install {mailman,mailman-web} configuration
- template: src={{ item.src }} dest={{ item.dest }} owner=root group={{ item.group }} mode=0640
- loop:
- - {src: mailman.cfg.j2, dest: /etc/mailman.cfg, group: mailman}
- - {src: mailman-hyperkitty.cfg.j2, dest: /etc/mailman-hyperkitty.cfg, group: mailman}
- - {src: settings.py.j2, dest: /etc/webapps/mailman-web/settings.py, group: mailman-web}
- - {src: urls.py.j2, dest: /etc/webapps/mailman-web/urls.py, group: mailman-web}
- notify:
- - Reload mailman
- - Restart mailman-web
-
-- name: Install mailman postfix.cfg configuration
- copy: src=postfix.cfg dest=/etc/postfix.cfg owner=root group=root mode=0644
- notify: Reload mailman
-
-- name: Make nginx log dir
- file: path=/var/log/nginx/{{ lists_domain }} state=directory owner=root group=root mode=0755
-
-- name: Set up nginx
- template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/mailman.conf" owner=root group=root mode=644
- notify: Reload nginx
- tags: ['nginx']
-
-- name: Create postgres {mailman,mailman-web} user
- postgresql_user: name={{ item.username }} password={{ item.password }}
- loop:
- - {username: "{{ vault_mailman_db_user }}", password: "{{ vault_mailman_db_password }}"}
- - {username: "{{ vault_mailman_web_db_user }}", password: "{{ vault_mailman_web_db_password }}"}
- become: true
- become_user: postgres
- become_method: su
- no_log: true
-
-- name: Create {mailman,mailman-web} db
- postgresql_db: name={{ item.db }} owner={{ item.owner }}
- loop:
- - {db: mailman, owner: "{{ vault_mailman_db_user }}"}
- - {db: mailman-web, owner: "{{ vault_mailman_web_db_user }}"}
- become: true
- become_user: postgres
- become_method: su
-
-- name: Run Django management tasks
- command: django-admin {{ item }} --pythonpath /etc/webapps/mailman-web --settings settings
- loop:
- - migrate
- - loaddata
- - collectstatic
- - compress
- become: true
- become_user: mailman-web
- when: install.changed
-
-- name: Open LMTP ipv4 port for lists.archlinux.org
- ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
- rich_rule="rule family=ipv4 source address={{ hostvars['lists.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8024 accept"
- tags:
- - firewall
-
-- name: Start and enable mailman{.service,-*.timer}
- systemd: name={{ item }} enabled=yes daemon_reload=yes state=started
- loop:
- - mailman3.service
- - mailman3-digests.timer
- - mailman3-notify.timer
- - uwsgi@mailman\x2dweb.service
-
-- name: Update list configurations
- uri:
- url: http://localhost:8001/3.1/lists/{{ item }}.lists.archlinux.org/config
- user: "{{ vault_mailman_admin_user }}"
- password: "{{ vault_mailman_admin_pass }}"
- method: PUT
- body_format: json
- status_code: 204
- body: "{{ lookup('file', 'list_base_configuration.json') | from_json | combine(lists[item]) | to_json }}"
- loop: "{{ lists.keys() }}"
diff --git a/roles/mailman3/templates/nginx.d.conf.j2 b/roles/mailman3/templates/nginx.d.conf.j2
deleted file mode 100644
index 62fb9011..00000000
--- a/roles/mailman3/templates/nginx.d.conf.j2
+++ /dev/null
@@ -1,22 +0,0 @@
-server {
- listen 80;
- listen [::]:80;
- server_name {{ lists_domain }} localhost;
-
- set_real_ip_from {{ hostvars['lists.archlinux.org']['wireguard_address'] }}/32;
- real_ip_header X-Forwarded-For;
-
- access_log /var/log/nginx/{{ lists_domain }}/access.log main;
- access_log /var/log/nginx/{{ lists_domain }}/access.log.json json_main;
- error_log /var/log/nginx/{{ lists_domain }}/error.log;
-
- location /static/ {
- alias /var/lib/mailman-web/static/;
- }
-
- # include uwsgi_params
- location / {
- include /etc/nginx/uwsgi_params;
- uwsgi_pass unix:/run/mailman-web/mailman-web.sock;
- }
-}
diff --git a/roles/mailman3/templates/urls.py.j2 b/roles/mailman3/templates/urls.py.j2
deleted file mode 100644
index 4121553c..00000000
--- a/roles/mailman3/templates/urls.py.j2
+++ /dev/null
@@ -1,35 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright (C) 1998-2016 by the Free Software Foundation, Inc.
-#
-# This file is part of Postorius.
-#
-# Postorius is free software: you can redistribute it and/or modify it under
-# the terms of the GNU General Public License as published by the Free
-# Software Foundation, either version 3 of the License, or (at your option)
-# any later version.
-#
-# Postorius is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
-# more details.
-#
-# You should have received a copy of the GNU General Public License along with
-# Postorius. If not, see