[mailman3] Pepcransification

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-28 17:38:12 +01:00 · 2021-02-28 17:38:12 +01:00 · 23a02adf11
parent c6ae645459
commit 23a02adf11
6 changed files with 59 additions and 34 deletions
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@ -1,4 +1,12 @@
 ---
+loc_certbot:
+  - dns_rfc2136_server: '172.16.10.147'
+    dns_rfc2136_name: certbot_challenge.
+    dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
+    mail: root@crans.org
+    certname: crans.org
+    domains: "*.crans.org"
+
 loc_nginx:
  service_name: mailman
  default_server: lists.crans.org
@ -59,3 +67,29 @@ loc_nginx:
          params:
            - "alias /var/lib/mailman/archives/public"
            - "autoindex on"
+
+glob_mailman3:
+  site_owner: root@crans.org
+  database:
+    user: "mailman3"
+    pass: "{{ vault.mailman3_database_pass }}"
+    host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
+    port: 5432
+    name: "mailman3"
+  web_database:
+    user: "mailman3web"
+    pass: "{{ vault.mailman3_web_database_pass }}"
+    host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
+    port: 5432
+    name: "mailman3web"
+  smtp:
+    host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ipv4 | first }}"
+    port: 25
+    user: ""
+    pass: ""
+  restadmin_pass: "{{ vault.mailman3_restadmin_pass }}"
+  archiver_key: "{{ vault.mailman3_archiver_key }}"
+  web_secret_key: "{{ vault.mailman3_web_secret_key }}"
+  web_domain: "mailman.crans.org"
+  default_domain: "crans.org"
+  postfix_domain: "crans.org"
--- a/host_vars/mailman.adm.crans.org.yml
+++ b/host_vars/mailman.adm.crans.org.yml
@ -2,6 +2,3 @@
 interfaces:
  adm: eth0
  srv: eth1
-
-loc_certbot:
-  domains: "*.crans.org"
--- a/plays/mailman.yml
+++ b/plays/mailman.yml
@ -23,19 +23,8 @@
 # Deploy Mailman3
 - hosts: mailman
  vars:
-    certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
-    mailman3:
-      site_owner: root@crans.org
-      database_user: "mailman3"
-      database_pass: "{{ vault_mailman3_database_pass }}"
-      database_host: "172.16.10.1"
-      database_port: 5432
-      database_name: "mailman3"
-      restadmin_pass: "{{ vault_mailman3_restadmin_pass }}"
-      archiver_key: "{{ vault_mailman3_archiver_key }}"
-      web_secret_key: "{{ vault_mailman3_web_secret_key }}"
-      web_database_pass: "{{ vault_mailman3_web_database_pass }}"
-      web_domain: "mailman.crans.org"
+    certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
+    mailman3: '{{ glob_mailman3 | default({}) | combine(loc_mailman3 | default({})) }}'
  roles:
    - certbot
    - mailman3
--- a/roles/mailman3/templates/mailman3/mailman-web.py.j2
+++ b/roles/mailman3/templates/mailman3/mailman-web.py.j2
@ -81,15 +81,15 @@ DATABASES = {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        #'ENGINE': 'django.db.backends.mysql',
        # DB name or path to database file if using sqlite3.
-        'NAME': 'mailman3web',
+        'NAME': '{{ mailman3.web_database.name }}',
        # The following settings are not used with sqlite3:
-        'USER': 'mailman3web',
-        'PASSWORD': '{{ mailman3.web_database_pass }}',
+        'USER': '{{ mailman3.web_database.user }}',
+        'PASSWORD': '{{ mailman3.web_database.pass }}',
        # HOST: empty for localhost through domain sockets or '127.0.0.1' for
        # localhost through TCP.
-        'HOST': '127.0.0.1',
+        'HOST': '{{ mailman3.web_database.host }}',
        # PORT: set to empty string for default.
-        'PORT': '',
+        'PORT': {{ mailman3.web_database.port }},
        # OPTIONS: Extra parameters to use when connecting to the database.
        'OPTIONS': {
            # Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
@ -138,21 +138,21 @@ USE_TZ = True


 # Set default domain for email addresses.
-EMAILNAME = 'crans.org'  # A changer en prod
+EMAILNAME = '{{ mailman3.default_domain }}'  # A changer en prod

 # If you enable internal authentication, this is the address that the emails
 # will appear to be coming from. Make sure you set a valid domain name,
 # otherwise the emails may get rejected.
 # https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
 # DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org"
-DEFAULT_FROM_EMAIL = 'contact@{}'.format(EMAILNAME)
+DEFAULT_FROM_EMAIL = f'contact@{EMAILNAME}'

 # If you enable email reporting for error messages, this is where those emails
 # will appear to be coming from. Make sure you set a valid domain name,
 # otherwise the emails may get rejected.
 # https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
 # SERVER_EMAIL = 'root@your-domain.org'
-SERVER_EMAIL = 'root@{}'.format(EMAILNAME)
+SERVER_EMAIL = f'root@{EMAILNAME}'


 # Django Allauth
@ -195,6 +195,11 @@ SOCIALACCOUNT_PROVIDERS = {
 # recompiled on each requests. It means running an additional "compress"
 # management command after each code upgrade.
 # http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
+COMPRESS_PRECOMPILERS = (
+  ('text/less', 'lessc {infile} {outfile}'),
+  ('text/x-scss', 'sassc -t compressed {infile} {outfile}'),
+  ('text/x-sass', 'sassc -t compressed {infile} {outfile}'),
+)
 COMPRESS_OFFLINE = True

 POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'
--- a/roles/mailman3/templates/mailman3/mailman.cfg.j2
+++ b/roles/mailman3/templates/mailman3/mailman.cfg.j2
@ -172,7 +172,7 @@ class: mailman.database.postgresql.PostgreSQLDatabase
 # 'configuration' substitutions.
 #url: sqlite:///$DATA_DIR/mailman.db
 #url: mysql+pymysql://mailman3:mmpass@localhost/mailman3?charset=utf8&use_unicode=1
-url: postgres://{{ mailman3.database_user }}:{{ mailman3.database_pass }}@{{ mailman3.database_host }}:{{ mailman3.database_port }}/{{ mailman3.database_name }}
+url: postgres://{{ mailman3.database.user }}:{{ mailman3.database.pass }}@{{ mailman3.database.host }}:{{ mailman3.database.port }}/{{ mailman3.database.name }}

 debug: no

@ -252,10 +252,10 @@ outgoing: mailman.mta.deliver.deliver

 # How to connect to the outgoing MTA.  If smtp_user and smtp_pass is given,
 # then Mailman will attempt to log into the MTA when making a new connection.
-smtp_host: localhost
-smtp_port: 25
-smtp_user:
-smtp_pass:
+smtp_host: {{ mailman3.smtp.host }}
+smtp_port: {{ mailman3.smtp.port }}
+smtp_user: {{ mailman3.smtp.user }}
+smtp_pass: {{ mailman3.smtp.pass }}

 # Where the LMTP server listens for connections.  Use 127.0.0.1 instead of
 # localhost for Postfix integration, because Postfix only consults DNS
--- a/roles/postfix-mailman3/templates/postfix/main.cf.j2
+++ b/roles/postfix-mailman3/templates/postfix/main.cf.j2
@ -3,7 +3,7 @@
 # This postfix configuration set up a MTA only to send and receive mailing list mails

 # When a mail is sent to @localhost, this domain will be used
-myorigin = crans.org
+myorigin = {{ mailman3.postfix_domain }}

 smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
 biff = no
@ -16,8 +16,8 @@ delay_warning_time = 4h
 compatibility_level = 2

 # TLS parameters
-smtpd_tls_cert_file=/etc/letsencrypt/live/crans.org/fullchain.pem
-smtpd_tls_key_file=/etc/letsencrypt/live/crans.org/privkey.pem
+smtpd_tls_cert_file=/etc/letsencrypt/live/{{ mailman3.postfix_domain }}/fullchain.pem
+smtpd_tls_key_file=/etc/letsencrypt/live/{{ mailman3.postfix_domain }}/privkey.pem
 smtpd_use_tls=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
@ -40,8 +40,8 @@ inet_interfaces = all
 inet_protocols = all

 # Do not use gethostname
-myhostname = {{ ansible_hostname }}.crans.org
-mydomain = crans.org
+myhostname = {{ ansible_hostname }}.{{ mailman3.postfix_domain }}
+mydomain = {{ mailman3.postfix_domain }}

 # Softbounce, ask remote mail server to send the mail again if error
 # Do not keep it active in production!