mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-05-25 17:16:12 +02:00
893a95f329
With the final lists migrated to mailman3[1], the mailman2 server can finally be killed. When the mailman3 server was initially setup[2], it was done on a separate server because the mailman and mailman3 packages conflicted, and the traffic was routed over wireguard (HTTP, LMTP and SMTP). Instead of installing mailman3 on the original lists.al.org server and transferring the data, it was easier just to install the missing pieces (basically Postfix and adjusting the Nginx configuration) on the ml3 server and move the IPs (to keep the IP mail reputation). So basically the following was done: - The IPs for the original lists.al.org was moved to the mailman3.al.org server - The mailman2 datadir was transferred to mailman3.al.org server, so we can keep the pipermail links alive, and import missing mails if needed - The original lists.al.org server was decommissioned - The mailman3.al.org server was renamed to lists.al.org - The missing pieces was added to the mailman3 role (basically Postfix + Nginx adjustments) - The mailman role was deleted and the mailman3 role renamed to mailman [1]75ac7d09
("mailman: Fourth and final batch of mailman3 migrated lists") [2]9294828f
("Setup mailman3 server") Fix #59
95 lines
3.2 KiB
YAML
95 lines
3.2 KiB
YAML
- name: Create ssl cert
|
|
include_role:
|
|
name: certificate
|
|
vars:
|
|
domains: ["{{ lists_domain }}"]
|
|
|
|
- name: Install mailman3 and related packages
|
|
pacman: name=mailman3,mailman3-hyperkitty,python-psycopg2,mailman-web,python-xapian-haystack,uwsgi-plugin-python,postfix,postfix-pcre state=present
|
|
register: install
|
|
|
|
- name: Install {mailman,mailman-web} configuration
|
|
template: src={{ item.src }} dest={{ item.dest }} owner=root group={{ item.group }} mode=0640
|
|
loop:
|
|
- {src: mailman.cfg.j2, dest: /etc/mailman.cfg, group: mailman}
|
|
- {src: mailman-hyperkitty.cfg.j2, dest: /etc/mailman-hyperkitty.cfg, group: mailman}
|
|
- {src: settings.py.j2, dest: /etc/webapps/mailman-web/settings.py, group: mailman-web}
|
|
notify:
|
|
- Reload mailman
|
|
- Restart mailman-web
|
|
|
|
- name: Install postfix configuration
|
|
template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0644
|
|
notify: Reload postfix
|
|
|
|
- name: Install postfix maps
|
|
copy: src={{ item }} dest=/etc/postfix/ owner=root group=root mode=0644
|
|
loop:
|
|
- aliases
|
|
- milter_header_checks
|
|
notify: Run postmap
|
|
|
|
- name: Open firewall holes for postfix
|
|
ansible.posix.firewalld: service=smtp permanent=true state=enabled immediate=yes
|
|
tags:
|
|
- firewall
|
|
|
|
- name: Make nginx log dir
|
|
file: path=/var/log/nginx/{{ lists_domain }} state=directory owner=root group=root mode=0755
|
|
|
|
- name: Set up nginx
|
|
template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/mailman.conf" owner=root group=root mode=644
|
|
notify: Reload nginx
|
|
|
|
- name: Create postgres {mailman,mailman-web} user
|
|
postgresql_user: name={{ item.username }} password={{ item.password }}
|
|
loop:
|
|
- {username: "{{ vault_mailman_db_user }}", password: "{{ vault_mailman_db_password }}"}
|
|
- {username: "{{ vault_mailman_web_db_user }}", password: "{{ vault_mailman_web_db_password }}"}
|
|
become: true
|
|
become_user: postgres
|
|
become_method: su
|
|
no_log: true
|
|
|
|
- name: Create {mailman,mailman-web} db
|
|
postgresql_db: name={{ item.db }} owner={{ item.owner }}
|
|
loop:
|
|
- {db: mailman, owner: "{{ vault_mailman_db_user }}"}
|
|
- {db: mailman-web, owner: "{{ vault_mailman_web_db_user }}"}
|
|
become: true
|
|
become_user: postgres
|
|
become_method: su
|
|
|
|
- name: Run Django management tasks
|
|
command: django-admin {{ item }} --pythonpath /etc/webapps/mailman-web --settings settings
|
|
loop:
|
|
- migrate
|
|
- loaddata
|
|
- collectstatic
|
|
- compress
|
|
become: true
|
|
become_user: mailman-web
|
|
when: false
|
|
|
|
- name: Start and enable postfix
|
|
systemd: name=postfix.service enabled=yes daemon_reload=yes state=started
|
|
|
|
- name: Start and enable mailman{.service,-*.timer}
|
|
systemd: name={{ item }} enabled=yes daemon_reload=yes state=started
|
|
loop:
|
|
- mailman3.service
|
|
- mailman3-digests.timer
|
|
- mailman3-notify.timer
|
|
- uwsgi@mailman\x2dweb.service
|
|
|
|
- name: Update list configurations
|
|
uri:
|
|
url: http://localhost:8001/3.1/lists/{{ item }}.lists.archlinux.org/config
|
|
user: "{{ vault_mailman_admin_user }}"
|
|
password: "{{ vault_mailman_admin_pass }}"
|
|
method: PUT
|
|
body_format: json
|
|
status_code: 204
|
|
body: "{{ lookup('file', 'list_base_configuration.json') | from_json | combine(lists[item]) | to_json }}"
|
|
loop: "{{ lists.keys() }}"
|