crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Mailman3 web config

certbot_on_virtu
Alexandre Iooss 2020-07-11 15:12:32 +02:00
parent 1fcf1fa8b3
commit ae36169565
No known key found for this signature in database
GPG Key ID: 6C79278F3FCDCC02
4 changed files with 211 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plays/mailman.yml
View File

@ -29,5 +29,9 @@
site_owner: root@crans.org
database_pass: "{{ vault_mailman3_database_pass }}"
restadmin_pass: "{{ vault_mailman3_restadmin_pass }}"
archiver_key: "{{ vault_mailman3_archiver_key }}"
web_secret_key: "{{ vault_mailman3_web_secret_key }}"
web_database_pass: "{{ vault_mailman3_web_database_pass }}"
web_domain: "mailman.crans.org"
roles:
- mailman3

19
roles/mailman3/tasks/main.yml
View File

@ -13,7 +13,7 @@
until: apt_result is succeeded
# You will need to setup postgres
# sudo -u postgres createuser -W mailman3
# sudo -u postgres createuser -P mailman3
# sudo -u postgres createdb -O mailman3 mailman3
# Test with : psql -U mailman3 -W -d mailman3 -h localhost
- name: Configure mailman3
@ -25,11 +25,18 @@
group: list
notify: Restart mailman3
#- name: Configure mailman3-web
# template:
# src: mailman3/mailman3-web.py.j2
# dest: /etc/mailman3/mailman3-web.py
# notify: Restart mailman3-web
# You will need to setup postgres
# sudo -u postgres createuser -P mailman3web
# sudo -u postgres createdb -O mailman3web mailman3web
# Test with : psql -U mailman3web -W -d mailman3web -h localhost
- name: Configure mailman3-web
template:
src: mailman3/mailman-web.py.j2
dest: /etc/mailman3/mailman-web.py
mode: 0640
owner: root
group: www-data
notify: Restart mailman3-web
- name: Configure nginx site
template:

193
roles/mailman3/templates/mailman3/mailman-web.py.j2 100644
View File

@ -0,0 +1,193 @@
{{ ansible_header | comment }}
# This file is imported by the Mailman Suite. It is used to override
# the default settings from /usr/share/mailman3-web/settings.py.
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = '{{ mailman3.web_secret_key }}'
ADMINS = (
('Mailman Suite Admin', '{{ mailman3.site_owner }}'),
)
# Hosts/domain names that are valid for this site; required if DEBUG is False
# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
# Set to '*' per default in the Deian package to allow all hostnames. Mailman3
# is meant to run behind a webserver reverse proxy anyway.
ALLOWED_HOSTS = [
"localhost", # Archiving API from Mailman, keep it.
"{{ mailman3.web_domain }}",
# Add here all production URLs you may have.
#'*'
]
# Mailman API credentials
MAILMAN_REST_API_URL = 'http://localhost:8001'
MAILMAN_REST_API_USER = 'restadmin'
MAILMAN_REST_API_PASS = '{{ mailman3.restadmin_pass }}'
MAILMAN_ARCHIVER_KEY = '{{ mailman3.archiver_key }}'
MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
# Application definition
INSTALLED_APPS = (
'hyperkitty',
'postorius',
'django_mailman3',
# Uncomment the next line to enable the admin:
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
# 'django.contrib.admindocs',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'django_gravatar',
'compressor',
'haystack',
'django_extensions',
'django_q',
'allauth',
'allauth.account',
'allauth.socialaccount',
#'django_mailman3.lib.auth.fedora',
#'allauth.socialaccount.providers.openid',
#'allauth.socialaccount.providers.github',
#'allauth.socialaccount.providers.gitlab',
#'allauth.socialaccount.providers.google',
#'allauth.socialaccount.providers.facebook',
#'allauth.socialaccount.providers.twitter',
#'allauth.socialaccount.providers.stackexchange',
)
# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
DATABASES = {
'default': {
# Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
#'ENGINE': 'django.db.backends.sqlite3',
'ENGINE': 'django.db.backends.postgresql_psycopg2',
#'ENGINE': 'django.db.backends.mysql',
# DB name or path to database file if using sqlite3.
'NAME': 'mailman3web',
# The following settings are not used with sqlite3:
'USER': 'mailman3web',
'PASSWORD': '{{ mailman3.web_database_pass }}',
# HOST: empty for localhost through domain sockets or '127.0.0.1' for
# localhost through TCP.
'HOST': '127.0.0.1',
# PORT: set to empty string for default.
'PORT': '',
# OPTIONS: Extra parameters to use when connecting to the database.
'OPTIONS': {
# Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
# https://docs.djangoproject.com/en/1.11/ref/
# databases/#setting-sql-mode
#'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
},
}
}
# If you're behind a proxy, use the X-Forwarded-Host header
# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
USE_X_FORWARDED_HOST = True
# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
# Other security settings
# SECURE_SSL_REDIRECT = True
# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT
# contains at least this line:
# SECURE_REDIRECT_EXEMPT = [
# "archives/api/mailman/.*", # Request from Mailman.
# ]
# SESSION_COOKIE_SECURE = True
# SECURE_CONTENT_TYPE_NOSNIFF = True
# SECURE_BROWSER_XSS_FILTER = True
# CSRF_COOKIE_SECURE = True
# CSRF_COOKIE_HTTPONLY = True
# X_FRAME_OPTIONS = 'DENY'
# Internationalization
# https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Set default domain for email addresses.
EMAILNAME = 'crans.org' # A changer en prod
# If you enable internal authentication, this is the address that the emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
# DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org"
DEFAULT_FROM_EMAIL = 'contact@{}'.format(EMAILNAME)
# If you enable email reporting for error messages, this is where those emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
# SERVER_EMAIL = 'root@your-domain.org'
SERVER_EMAIL = 'root@{}'.format(EMAILNAME)
# Django Allauth
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
#
# Social auth
#
SOCIALACCOUNT_PROVIDERS = {
#'openid': {
# 'SERVERS': [
# dict(id='yahoo',
# name='Yahoo',
# openid_url='http://me.yahoo.com'),
# ],
#},
#'google': {
# 'SCOPE': ['profile', 'email'],
# 'AUTH_PARAMS': {'access_type': 'online'},
#},
#'facebook': {
# 'METHOD': 'oauth2',
# 'SCOPE': ['email'],
# 'FIELDS': [
# 'email',
# 'name',
# 'first_name',
# 'last_name',
# 'locale',
# 'timezone',
# ],
# 'VERSION': 'v2.4',
#},
}
# On a production setup, setting COMPRESS_OFFLINE to True will bring a
# significant performance improvement, as CSS files will not need to be
# recompiled on each requests. It means running an additional "compress"
# management command after each code upgrade.
# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
COMPRESS_OFFLINE = True
POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'

2
roles/mailman3/templates/nginx/sites-available/mailman3.j2
View File

@ -1,6 +1,6 @@
{{ ansible_header | comment }}
stream mailman3 {
upstream mailman3 {
server unix:/run/mailman3-web/uwsgi.sock fail_timeout=0;
}