ansible/group_vars/mailman.yml

---
loc_certbot:
  - dns_rfc2136_server: '172.16.10.147'
    dns_rfc2136_name: certbot_challenge.
    dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
    mail: root@crans.org
    certname: crans.org
    domains: "*.crans.org"

loc_nginx:
  service_name: mailman
  default_server: lists.crans.org
  default_ssl_server: lists.crans.org
  auth_passwd:
    Stop: "$apr1$NXaV5H7Q$J3ora3Jo5h775Y1nm93PN1"
  deploy_robots_file: true
  servers:
    - server_name:
      - lists.crans.org
      ssl: crans.org
      root: "/usr/lib/cgi-bin/mailman/"
      index:
        - index.htm
        - index.html
      locations:
        - filter: "/error/"
          params:
            - "internal"
            - "alias /var/www/html/"
        - filter: "/create"
          params:
            - "default_type text/html"
            - "alias /etc/mailman/create.html"
        - filter: "~ ^/$"
          params:
            - "return 302 https://lists.crans.org/listinfo"
        - filter: "/"
          params:
            - "include \"/etc/nginx/snippets/fastcgi-mailman.conf\""
        - filter: "~ ^/listinfo"
          params:
            - "satisfy any"
            - "include \"/etc/nginx/snippets/fastcgi-mailman.conf\""
            - "allow 185.230.76.0/22"
            - "allow 2a0c:700:0::/40"
            - "deny all"
            - "auth_basic \"On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.\""
            - "auth_basic_user_file /etc/nginx/passwd"
            - "error_page 401 /error/401.html"
        - filter: "~ ^/admin"
          params:
            - "satisfy any"
            - "include \"/etc/nginx/snippets/fastcgi-mailman.conf\""
            - "allow 185.230.76.0/22"
            - "allow 2a0c:700:0::/40"
            - "deny all"
            - "auth_basic \"On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.\""
            - "auth_basic_user_file /etc/nginx/passwd"
            - "error_page 401 /error/401.html"
        - filter: "/images/mailman"
          params:
            - "alias /usr/share/images/mailman"
        - filter: "/robots.txt"
          params:
            - "alias /var/www/robots.txt"
        - filter: "/archives"
          params:
            - "alias /var/lib/mailman/archives/public"
            - "autoindex on"

glob_mailman3:
  site_owner: root@crans.org
  database:
    user: "mailman3"
    pass: "{{ vault.mailman3_database_pass }}"
    host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
    port: 5432
    name: "mailman3"
  web_database:
    user: "mailman3web"
    pass: "{{ vault.mailman3_web_database_pass }}"
    host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
    port: 5432
    name: "mailman3web"
  smtp:
    host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ipv4 | first }}"
    port: 25
    user: ""
    pass: ""
  restadmin_pass: "{{ vault.mailman3_restadmin_pass }}"
  archiver_key: "{{ vault.mailman3_archiver_key }}"
  web_secret_key: "{{ vault.mailman3_web_secret_key }}"
  web_domain: "mailman.crans.org"
  default_domain: "crans.org"
  postfix_domain: "crans.org"