From acb8e3f972aff50c79f82036496b2f9774d82df3 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Tue, 14 Jul 2020 20:07:50 +0200
Subject: [PATCH] Add mailman3 fix

---
 .../templates/mailman3/mailman-web.py.j2      |  9 ++++++++
 .../nginx/sites-available/mailman3.j2         | 21 +++++++++++++++++--
 .../templates/postfix/main.cf.j2              | 13 ++++++------
 3 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/roles/mailman3/templates/mailman3/mailman-web.py.j2 b/roles/mailman3/templates/mailman3/mailman-web.py.j2
index f98e104e..48c4bb10 100644
--- a/roles/mailman3/templates/mailman3/mailman-web.py.j2
+++ b/roles/mailman3/templates/mailman3/mailman-web.py.j2
@@ -198,3 +198,12 @@ SOCIALACCOUNT_PROVIDERS = {
 COMPRESS_OFFLINE = True
 
 POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'
+
+# Add translations, this will be useless in Debian Bullseye
+LANGUAGES = [
+    ('en', 'English'),
+    ('fr', 'Français'),
+]
+LOCALE_PATHS = [
+    '/etc/mailman3/locale',
+]
diff --git a/roles/mailman3/templates/nginx/sites-available/mailman3.j2 b/roles/mailman3/templates/nginx/sites-available/mailman3.j2
index 12193caf..47ae1ebe 100644
--- a/roles/mailman3/templates/nginx/sites-available/mailman3.j2
+++ b/roles/mailman3/templates/nginx/sites-available/mailman3.j2
@@ -4,12 +4,29 @@ upstream mailman3 {
     server unix:/run/mailman3-web/uwsgi.sock fail_timeout=0;
 }
 
+# Local hyperkitty API
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name localhost;
+
+    location / {
+        uwsgi_pass mailman3;
+        include /etc/nginx/uwsgi_params;
+    }
+
+    # Log into separate log files
+    access_log /var/log/nginx/mailman3_access.log combined;
+    error_log /var/log/nginx/mailman3_error.log;
+}
+
 # Redirect http://mailman.crans.org to https://mailman.crans.org
 server {
     listen 80;
     listen [::]:80;
 
-    server_name mailman.crans.org localhost;
+    server_name mailman.crans.org;
 
     location / {
         return 302 https://$host$request_uri;
@@ -21,7 +38,7 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
 
-    server_name mailman.crans.org localhost;
+    server_name mailman.crans.org;
     server_tokens off;
 
     # SSL common conf
diff --git a/roles/postfix-mailman3/templates/postfix/main.cf.j2 b/roles/postfix-mailman3/templates/postfix/main.cf.j2
index eb312ebf..3cc7c11d 100644
--- a/roles/postfix-mailman3/templates/postfix/main.cf.j2
+++ b/roles/postfix-mailman3/templates/postfix/main.cf.j2
@@ -9,16 +9,15 @@ smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
 biff = no
 
 # Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
+delay_warning_time = 4h
 
 # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
 # fresh installs.
 compatibility_level = 2
 
-# Use self-signed Debian generated cert for local TLS
 # TLS parameters
-smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
-smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
+smtpd_tls_cert_file=/etc/letsencrypt/live/mailman.crans.org/fullchain.pem
+smtpd_tls_key_file=/etc/letsencrypt/live/mailman.crans.org/privkey.pem
 smtpd_use_tls=yes
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
@@ -26,13 +25,13 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.
 
+# Limit to 200Mo by message
+message_size_limit = 209715200
+
 # Default aliases
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 
-# All non local mail is sent to domain MX
-relayhost = $mydomain
-
 # Only localhost
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128