diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml index fe7a0de7..c9813ae2 100644 --- a/group_vars/mailman.yml +++ b/group_vars/mailman.yml @@ -1,4 +1,12 @@ --- +loc_certbot: + - dns_rfc2136_server: '172.16.10.147' + dns_rfc2136_name: certbot_challenge. + dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}" + mail: root@crans.org + certname: crans.org + domains: "*.crans.org" + loc_nginx: service_name: mailman default_server: lists.crans.org @@ -59,3 +67,29 @@ loc_nginx: params: - "alias /var/lib/mailman/archives/public" - "autoindex on" + +glob_mailman3: + site_owner: root@crans.org + database: + user: "mailman3" + pass: "{{ vault.mailman3_database_pass }}" + host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}" + port: 5432 + name: "mailman3" + web_database: + user: "mailman3web" + pass: "{{ vault.mailman3_web_database_pass }}" + host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}" + port: 5432 + name: "mailman3web" + smtp: + host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ipv4 | first }}" + port: 25 + user: "" + pass: "" + restadmin_pass: "{{ vault.mailman3_restadmin_pass }}" + archiver_key: "{{ vault.mailman3_archiver_key }}" + web_secret_key: "{{ vault.mailman3_web_secret_key }}" + web_domain: "mailman.crans.org" + default_domain: "crans.org" + postfix_domain: "crans.org" diff --git a/host_vars/mailman.adm.crans.org.yml b/host_vars/mailman.adm.crans.org.yml index 84b3a34d..c6f8791b 100644 --- a/host_vars/mailman.adm.crans.org.yml +++ b/host_vars/mailman.adm.crans.org.yml @@ -2,6 +2,3 @@ interfaces: adm: eth0 srv: eth1 - -loc_certbot: - domains: "*.crans.org" diff --git a/plays/mailman.yml b/plays/mailman.yml index e64869f1..a115d96c 100755 --- a/plays/mailman.yml +++ b/plays/mailman.yml @@ -23,19 +23,8 @@ # Deploy Mailman3 - hosts: mailman vars: - certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}' - mailman3: - site_owner: root@crans.org - database_user: "mailman3" - database_pass: "{{ vault_mailman3_database_pass }}" - database_host: "172.16.10.1" - database_port: 5432 - database_name: "mailman3" - restadmin_pass: "{{ vault_mailman3_restadmin_pass }}" - archiver_key: "{{ vault_mailman3_archiver_key }}" - web_secret_key: "{{ vault_mailman3_web_secret_key }}" - web_database_pass: "{{ vault_mailman3_web_database_pass }}" - web_domain: "mailman.crans.org" + certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}' + mailman3: '{{ glob_mailman3 | default({}) | combine(loc_mailman3 | default({})) }}' roles: - certbot - mailman3 diff --git a/roles/mailman3/templates/mailman3/mailman-web.py.j2 b/roles/mailman3/templates/mailman3/mailman-web.py.j2 index 48c4bb10..2a09d209 100644 --- a/roles/mailman3/templates/mailman3/mailman-web.py.j2 +++ b/roles/mailman3/templates/mailman3/mailman-web.py.j2 @@ -81,15 +81,15 @@ DATABASES = { 'ENGINE': 'django.db.backends.postgresql_psycopg2', #'ENGINE': 'django.db.backends.mysql', # DB name or path to database file if using sqlite3. - 'NAME': 'mailman3web', + 'NAME': '{{ mailman3.web_database.name }}', # The following settings are not used with sqlite3: - 'USER': 'mailman3web', - 'PASSWORD': '{{ mailman3.web_database_pass }}', + 'USER': '{{ mailman3.web_database.user }}', + 'PASSWORD': '{{ mailman3.web_database.pass }}', # HOST: empty for localhost through domain sockets or '127.0.0.1' for # localhost through TCP. - 'HOST': '127.0.0.1', + 'HOST': '{{ mailman3.web_database.host }}', # PORT: set to empty string for default. - 'PORT': '', + 'PORT': {{ mailman3.web_database.port }}, # OPTIONS: Extra parameters to use when connecting to the database. 'OPTIONS': { # Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See @@ -138,21 +138,21 @@ USE_TZ = True # Set default domain for email addresses. -EMAILNAME = 'crans.org' # A changer en prod +EMAILNAME = '{{ mailman3.default_domain }}' # A changer en prod # If you enable internal authentication, this is the address that the emails # will appear to be coming from. Make sure you set a valid domain name, # otherwise the emails may get rejected. # https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email # DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org" -DEFAULT_FROM_EMAIL = 'contact@{}'.format(EMAILNAME) +DEFAULT_FROM_EMAIL = f'contact@{EMAILNAME}' # If you enable email reporting for error messages, this is where those emails # will appear to be coming from. Make sure you set a valid domain name, # otherwise the emails may get rejected. # https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL # SERVER_EMAIL = 'root@your-domain.org' -SERVER_EMAIL = 'root@{}'.format(EMAILNAME) +SERVER_EMAIL = f'root@{EMAILNAME}' # Django Allauth @@ -195,6 +195,11 @@ SOCIALACCOUNT_PROVIDERS = { # recompiled on each requests. It means running an additional "compress" # management command after each code upgrade. # http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression +COMPRESS_PRECOMPILERS = ( + ('text/less', 'lessc {infile} {outfile}'), + ('text/x-scss', 'sassc -t compressed {infile} {outfile}'), + ('text/x-sass', 'sassc -t compressed {infile} {outfile}'), +) COMPRESS_OFFLINE = True POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/' diff --git a/roles/mailman3/templates/mailman3/mailman.cfg.j2 b/roles/mailman3/templates/mailman3/mailman.cfg.j2 index 00f723ef..0d670df9 100644 --- a/roles/mailman3/templates/mailman3/mailman.cfg.j2 +++ b/roles/mailman3/templates/mailman3/mailman.cfg.j2 @@ -172,7 +172,7 @@ class: mailman.database.postgresql.PostgreSQLDatabase # 'configuration' substitutions. #url: sqlite:///$DATA_DIR/mailman.db #url: mysql+pymysql://mailman3:mmpass@localhost/mailman3?charset=utf8&use_unicode=1 -url: postgres://{{ mailman3.database_user }}:{{ mailman3.database_pass }}@{{ mailman3.database_host }}:{{ mailman3.database_port }}/{{ mailman3.database_name }} +url: postgres://{{ mailman3.database.user }}:{{ mailman3.database.pass }}@{{ mailman3.database.host }}:{{ mailman3.database.port }}/{{ mailman3.database.name }} debug: no @@ -252,10 +252,10 @@ outgoing: mailman.mta.deliver.deliver # How to connect to the outgoing MTA. If smtp_user and smtp_pass is given, # then Mailman will attempt to log into the MTA when making a new connection. -smtp_host: localhost -smtp_port: 25 -smtp_user: -smtp_pass: +smtp_host: {{ mailman3.smtp.host }} +smtp_port: {{ mailman3.smtp.port }} +smtp_user: {{ mailman3.smtp.user }} +smtp_pass: {{ mailman3.smtp.pass }} # Where the LMTP server listens for connections. Use 127.0.0.1 instead of # localhost for Postfix integration, because Postfix only consults DNS diff --git a/roles/postfix-mailman3/templates/postfix/main.cf.j2 b/roles/postfix-mailman3/templates/postfix/main.cf.j2 index 805159d5..5dc3a1ec 100644 --- a/roles/postfix-mailman3/templates/postfix/main.cf.j2 +++ b/roles/postfix-mailman3/templates/postfix/main.cf.j2 @@ -3,7 +3,7 @@ # This postfix configuration set up a MTA only to send and receive mailing list mails # When a mail is sent to @localhost, this domain will be used -myorigin = crans.org +myorigin = {{ mailman3.postfix_domain }} smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no @@ -16,8 +16,8 @@ delay_warning_time = 4h compatibility_level = 2 # TLS parameters -smtpd_tls_cert_file=/etc/letsencrypt/live/crans.org/fullchain.pem -smtpd_tls_key_file=/etc/letsencrypt/live/crans.org/privkey.pem +smtpd_tls_cert_file=/etc/letsencrypt/live/{{ mailman3.postfix_domain }}/fullchain.pem +smtpd_tls_key_file=/etc/letsencrypt/live/{{ mailman3.postfix_domain }}/privkey.pem smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache @@ -40,8 +40,8 @@ inet_interfaces = all inet_protocols = all # Do not use gethostname -myhostname = {{ ansible_hostname }}.crans.org -mydomain = crans.org +myhostname = {{ ansible_hostname }}.{{ mailman3.postfix_domain }} +mydomain = {{ mailman3.postfix_domain }} # Softbounce, ask remote mail server to send the mail again if error # Do not keep it active in production!