ansible/group_vars/mailman.yml

---
loc_certbot:
  - dns_rfc2136_server: '172.16.10.147'
    dns_rfc2136_name: certbot_challenge.
    dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
    mail: root@crans.org
    certname: crans.org
    domains: "*.crans.org"

loc_nginx:
  service_name: mailman3
  upstreams:
    - name: mailman3
      server: "unix:/run/mailman3-web/uwsgi.sock fail_timeout=0"
  servers:
    - ssl: false
      server_name:
        - "localhost"
      locations:
        - filter: "/"
          params:
            - "uwsgi_pass mailman3"
            - "include /etc/nginx/uwsgi_params"

    - ssl: crans.org
      default: true
      server_name:
        - "mailman.crans.org"
      locations:
        - filter: "/"
          params:
            - "uwsgi_pass mailman3"
            - "include /etc/nginx/uwsgi_params"
            - "satisfy any"
            - "allow 185.230.76.0/22"
            - "allow 2a0c:700:0::/40"
            - "deny all"
            - "auth_basic \"On n'aime pas les spambots, donc on a mis un mot de passe. Le login est Stop et le mot de passe est Spam.\""
            - "auth_basic_user_file /etc/nginx/passwd"
            - "error_page 401 /error/401.html"

        - filter: "/mailman3/static"
          params:
            - "alias /var/lib/mailman3/web/static"

        - filter: "/mailman3/static/favicon.ico"
          params:
            - "alias /var/lib/mailman3/web/static/postorius/img/favicon.ico"

        - filter: "/error/"
          params:
            - "internal"
            - "alias /var/www/"

        - filter: "/robots.txt"
          params:
            - "alias /var/www/robots.txt"

  auth_passwd:
    Stop: "$apr1$NXaV5H7Q$J3ora3Jo5h775Y1nm93PN1"  # Spam
  deploy_robots_file: true

glob_mailman3:
  site_owner: root@crans.org
  database:
    user: "mailman3"
    pass: "{{ vault.mailman3_database_pass }}"
    host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
    port: 5432
    name: "mailman3"
  web_database:
    user: "mailman3web"
    pass: "{{ vault.mailman3_web_database_pass }}"
    host: "{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}"
    port: 5432
    name: "mailman3web"
  smtp:
    host: "{{ query('ldap', 'ip', 'redisdead', 'adm') | ipv4 | first }}"
    port: 25
    user: ""
    pass: ""
  restadmin_pass: "{{ vault.mailman3_restadmin_pass }}"
  archiver_key: "{{ vault.mailman3_archiver_key }}"
  web_secret_key: "{{ vault.mailman3_web_secret_key }}"
  web_domain: "mailman.crans.org"
  default_domain: "crans.org"
  postfix_domain: "crans.org"