infrastructure/roles/mailman/tasks/main.yml

- name: Create ssl cert
  include_role:
    name: certificate
  vars:
    domains: ["{{ lists_domain }}"]

- name: Install mailman3 and related packages
  pacman: name=mailman3,mailman3-hyperkitty,python-psycopg2,mailman-web,python-xapian-haystack,uwsgi-plugin-python,postfix,postfix-pcre state=present
  register: install

- name: Install {mailman,mailman-web} configuration
  template: src={{ item.src }} dest={{ item.dest }} owner=root group={{ item.group }} mode=0640
  loop:
    - {src: mailman.cfg.j2, dest: /etc/mailman.cfg, group: mailman}
    - {src: mailman-hyperkitty.cfg.j2, dest: /etc/mailman-hyperkitty.cfg, group: mailman}
    - {src: settings.py.j2, dest: /etc/webapps/mailman-web/settings.py, group: mailman-web}
  notify:
    - Reload mailman
    - Restart mailman-web

- name: Install postfix configuration
  template: src=main.cf.j2 dest=/etc/postfix/main.cf owner=root group=root mode=0644
  notify: Reload postfix

- name: Install postfix maps
  copy: src={{ item }} dest=/etc/postfix/ owner=root group=root mode=0644
  loop:
    - aliases
    - milter_header_checks
  notify: Run postmap

- name: Open firewall holes for postfix
  ansible.posix.firewalld: service=smtp permanent=true state=enabled immediate=yes
  tags:
    - firewall

- name: Make nginx log dir
  file: path=/var/log/nginx/{{ lists_domain }} state=directory owner=root group=root mode=0755

- name: Set up nginx
  template: src=nginx.d.conf.j2 dest="/etc/nginx/nginx.d/mailman.conf" owner=root group=root mode=644
  notify: Reload nginx

- name: Create postgres {mailman,mailman-web} user
  postgresql_user: name={{ item.username }} password={{ item.password }}
  loop:
    - {username: "{{ vault_mailman_db_user }}", password: "{{ vault_mailman_db_password }}"}
    - {username: "{{ vault_mailman_web_db_user }}", password: "{{ vault_mailman_web_db_password }}"}
  become: true
  become_user: postgres
  become_method: su
  no_log: true

- name: Create {mailman,mailman-web} db
  postgresql_db: name={{ item.db }} owner={{ item.owner }}
  loop:
    - {db: mailman, owner: "{{ vault_mailman_db_user }}"}
    - {db: mailman-web, owner: "{{ vault_mailman_web_db_user }}"}
  become: true
  become_user: postgres
  become_method: su

- name: Run Django management tasks
  command: django-admin {{ item }} --pythonpath /etc/webapps/mailman-web --settings settings
  loop:
    - migrate
    - loaddata
    - collectstatic
    - compress
  become: true
  become_user: mailman-web
  when: false

- name: Start and enable postfix
  systemd: name=postfix.service enabled=yes daemon_reload=yes state=started

- name: Start and enable mailman{.service,-*.timer}
  systemd: name={{ item }} enabled=yes daemon_reload=yes state=started
  loop:
    - mailman3.service
    - mailman3-digests.timer
    - mailman3-notify.timer
    - uwsgi@mailman\x2dweb.service

- name: Update list configurations
  uri:
    url: http://localhost:8001/3.1/lists/{{ item }}.lists.archlinux.org/config
    user: "{{ vault_mailman_admin_user }}"
    password: "{{ vault_mailman_admin_pass }}"
    method: PUT
    body_format: json
    status_code: 204
    body: "{{ lookup('file', 'list_base_configuration.json') | from_json | combine(lists[item]) | to_json }}"
  loop: "{{ lists.keys() }}"