Update to 2021-12-01 19:13

2025-07-27 00:05:44 +02:00 · 2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
--- a/roles/mailman/templates/hyperkitty.cfg.j2
+++ b/roles/mailman/templates/hyperkitty.cfg.j2
@@ -0,0 +1,3 @@
+[general]
+base_url: http://localhost:{{ mailman_web_port }}/hyperkitty/
+api_key: {{ mailman_hyperkitty_api_key }}
--- a/roles/mailman/templates/mailman-core.service.j2
+++ b/roles/mailman/templates/mailman-core.service.j2
@@ -0,0 +1,24 @@
+[Unit]
+Description=GNU Mailing List Manager
+After=syslog.target network.target postgresql.service
+
+[Service]
+Type=forking
+PIDFile={{ mailman_root_dir }}/tmp/master.pid
+Environment=MAILMAN_CONFIG_FILE={{ mailman_root_dir }}/etc/mailman.cfg
+User={{ mailman_user }}
+Group={{ mailman_user }}
+ExecStart={{ mailman_root_dir }}/venv/bin/mailman start
+ExecReload={{ mailman_root_dir }}/venv/bin/mailman restart
+ExecStop={{ mailman_root_dir }}/venv/bin/mailman stop
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=2048M
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/mailman/templates/mailman-digests.service.j2
+++ b/roles/mailman/templates/mailman-digests.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Mailman digests sender
+
+[Service]
+Type=oneshot
+PrivateTmp=yes
+User={{ mailman_user }}
+Group={{ mailman_user }}
+ExecStart={{ mailman_root_dir }}/venv/bin/mailman digests --periodic
--- a/roles/mailman/templates/mailman-digests.timer.j2
+++ b/roles/mailman/templates/mailman-digests.timer.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=Mailman digest sender
+
+[Timer]
+OnCalendar=daily
+
+[Install]
+WantedBy=timers.target
--- a/roles/mailman/templates/mailman-notify.service.j2
+++ b/roles/mailman/templates/mailman-notify.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=Mailman notifications
+
+[Service]
+Type=oneshot
+PrivateTmp=yes
+User={{ mailman_user }}
+Group={{ mailman_user }}
+ExecStart={{ mailman_root_dir }}/venv/bin/mailman notify
--- a/roles/mailman/templates/mailman-notify.timer.j2
+++ b/roles/mailman/templates/mailman-notify.timer.j2
@@ -0,0 +1,8 @@
+[Unit]
+Description=Mailman notifications
+
+[Timer]
+OnCalendar=*-*-* 10:00:00
+
+[Install]
+WantedBy=timers.target
--- a/roles/mailman/templates/mailman-web.service.j2
+++ b/roles/mailman/templates/mailman-web.service.j2
@@ -0,0 +1,24 @@
+[Unit]
+Description=GNU Mailman Web UI
+After=syslog.target network.target postgresql.service mailman-core.service
+
+[Service]
+Type=notify
+NotifyAccess=all
+Environment=PATH={{ mailman_root_dir }}/venv/bin:/bin:/sbin
+Environment=PYTHONPATH=/opt/mailman/etc
+RuntimeDirectory=uwsgi
+User={{ mailman_user }}
+Group={{ mailman_user }}
+ExecStart={{ mailman_root_dir }}/venv/bin/uwsgi --ini {{ mailman_root_dir }}/etc/uwsgi.ini --die-on-term
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+NoNewPrivileges=yes
+MemoryLimit=1024M
+Restart=on-failure
+StartLimitInterval=0
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/mailman/templates/mailman.cfg.j2
+++ b/roles/mailman/templates/mailman.cfg.j2
@@ -0,0 +1,56 @@
+[paths.ansible]
+bin_dir: {{ mailman_root_dir }}/venv/bin
+var_dir: {{ mailman_root_dir }}/data
+queue_dir: {{ mailman_root_dir }}/data/spool
+log_dir: {{ mailman_root_dir }}/log
+lock_dir: {{ mailman_root_dir }}/data/locks
+etc_dir: {{ mailman_root_dir }}/etc
+pid_file: {{ mailman_root_dir }}/tmp/master.pid
+
+[logging.root]
+path = /dev/stdout
+
+[mailman]
+layout: ansible
+site_owner: {{ mailman_site_owner }}
+default_language: {{ mailman_default_lang }}
+
+[database]
+{% if mailman_db_engine == 'postgres' %}
+class: mailman.database.postgresql.PostgreSQLDatabase
+url: postgres://{{ mailman_db_user }}:{{ mailman_db_pass | urlencode | regex_replace('/','%2F') }}@{{ mailman_db_server }}:{{ mailman_db_port }}/{{ mailman_db_name.core }}
+{% elif mailman_db_engine == 'mysql' %}
+class: mailman.database.mysql.MySQLDatabase
+url: mysql+pymysql://{{ mailman_db_user }}:{{ mailman_db_pass | urlencode | regex_replace('/','%2F') }}@{{ mailman_db_server }}:{{ mailman_db_port }}/{{ mailman_db_name.core }}?charset=utf8&use_unicode=1
+{% endif %}
+
+[archiver.hyperkitty]
+class: mailman_hyperkitty.Archiver
+enable: yes
+configuration: {{ mailman_root_dir }}/etc/hyperkitty.cfg
+
+[shell]
+history_file: $var_dir/history.py
+
+[mta]
+verp_confirmations: yes
+verp_personalized_deliveries: yes
+verp_delivery_interval: 1
+incoming: mailman.mta.postfix.LMTP
+outgoing: mailman.mta.deliver.deliver
+lmtp_host: 127.0.0.1
+lmtp_port: {{ mailman_lmtp_port }}
+smtp_host: {{ mailman_smtp_server }}
+smtp_port: {{ mailman_smtp_port }}
+{% if mailman_smtp_user is defined and mailman_smtp_pass is defined %}
+smtp_user: {{ mailman_smtp_user }}
+smtp_pass: {{ mailman_smtp_pass }}
+{% endif %}
+smtp_secure_mode: {{ mailman_smtp_tls | ternary('starttls','smtp') }}
+
+[webservice]
+hostname: localhost
+port: {{ mailman_rest_port }}
+use_https: no
+admin_user: mailmanapi
+admin_pass: {{ mailman_rest_pass }}
--- a/roles/mailman/templates/post-backup.sh.j2
+++ b/roles/mailman/templates/post-backup.sh.j2
@@ -0,0 +1,3 @@
+#!/bin/bash -e
+
+rm -f {{ mailman_root_dir }}/backup/*.sql.zst
--- a/roles/mailman/templates/pre-backup.sh.j2
+++ b/roles/mailman/templates/pre-backup.sh.j2
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+set -eo pipefail
+
+{% for db in mailman_db_name.keys() | list %}
+{% if mailman_db_engine == 'postgres' %}
+{% if mailman_db_server not in ['localhost', '127.0.0.1'] %}
+PGPASSWORD={{ mailman_db_pass | quote }} \
+  /usr/pgsql-14/bin/pg_dump \
+  --clean \
+  --create \
+  --username={{ mailman_db_user | quote }} \
+  --host={{ mailman_db_server | quote }} \
+  --port={{ mailman_db_port }} \
+  {{ mailman_db_name[db] }} | \
+  zstd -c > {{ mailman_root_dir }}/backup/{{ mailman_db_name[db] }}.sql.zst
+{% else %}
+su - postgres -c "/usr/pgsql-14/bin/pg_dump --clear {{ mailman_db_name[db] }}" | \
+{% endif %}
+  zstd -c > {{ mailman_root_dir }}/backup/{{ mailman_db_name[db] }}.sql.zst
+{% else %}
+/usr/bin/mysqldump \
+{% if mailman_db_server not in ['localhost', '127.0.0.1'] %}
+  --user={{ mailman_db_user | quote }} \
+  --password={{ mailman_db_pass | quote }} \
+  --host={{ mailman_db_server | quote }} \
+  --port={{ mailman_db_port }} \
+{% endif %}
+  --quick --single-transaction \
+  --add-drop-table {{ mailman_db_name[db] }} | \
+  zstd -c > {{ mailman_root_dir }}/backup/{{ mailman_db_name[db] }}.sql.zst
+{% endif %}
+{% endfor %}
--- a/roles/mailman/templates/settings.py.j2
+++ b/roles/mailman/templates/settings.py.j2
@@ -0,0 +1,101 @@
+# Mailman Web configuration file.
+
+from mailman_web.settings.base import *
+from mailman_web.settings.mailman import *
+
+#: Default list of admins who receive the emails from error logging.
+ADMINS = (
+    ('Mailman Suite Admin', '{{ mailman_site_owner }}'),
+)
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.{{ (mailman_db_engine == 'postgres') | ternary('postgresql_psycopg2','mysql') }}',
+        'NAME': '{{ mailman_db_name.web }}',
+        'USER': '{{ mailman_db_user }}',
+        'PASSWORD': '{{ mailman_db_pass }}',
+        'HOST': '{{ mailman_db_server }}',
+        'PORT': '{{ mailman_db_port }}',
+{% if mailman_db_engine != 'postgres' %}
+        'OPTIONS': {'charset': 'utf8mb4'}
+{% endif %}
+    }
+}
+
+# 'collectstatic' command will copy all the static files here.
+# Alias this location from your webserver to `/static`
+STATIC_ROOT = '{{ mailman_root_dir }}/web/static'
+
+LOGGING = {
+  'version': 1,
+  'disable_existing_loggers': False,
+  'handlers': {
+    'console': {
+      'class': 'logging.StreamHandler',
+    },
+  },
+  'root': {
+    'handlers': ['console'],
+    'level': 'WARNING',
+  }
+}
+
+#: See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
+ALLOWED_HOSTS = [
+    'localhost',  # Archiving API from Mailman
+    '{{ mailman_public_url | urlsplit("hostname") }}'
+]
+
+# Set this to a new secret value.
+SECRET_KEY = '{{ mailman_secret_key }}'
+
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+EMAIL_HOST = '{{ mailman_smtp_server }}'
+EMAIL_PORT = {{ mailman_smtp_port }}
+{% if mailman_smtp_user is defined and mailman_smtp_pass is defined %}
+EMAIL_HOST_USER='{{ mailman_smtp_user }}'
+EMAIL_HOST_PASS='{{ mailman_smtp_pass }}'
+{% endif %}
+{% if mailman_smtp_tls %}
+EMAIL_USE_TLS=True
+{% endif %}
+DEFAULT_FROM_EMAIL = '{{ mailman_email_from }}'
+
+HAYSTACK_CONNECTIONS = {
+  'default': {
+    'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine',
+    'PATH': '{{ mailman_root_dir }}/data/fulltext_index',
+  },
+}
+
+MAILMAN_REST_API_URL = 'http://localhost:{{ mailman_rest_port }}'
+MAILMAN_REST_API_USER = 'mailmanapi'
+MAILMAN_REST_API_PASS = '{{ mailman_rest_pass }}'
+MAILMAN_ARCHIVER_KEY = '{{ mailman_hyperkitty_api_key }}'
+MAILMAN_ARCHIVER_FROM = ('127.0.0.1')
+
+ROOT_URLCONF = 'urls'
+
+USE_X_FORWARDED_HOST = True
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+SESSION_COOKIE_SECURE = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_BROWSER_XSS_FILTER = True
+CSRF_COOKIE_SECURE = True
+CSRF_COOKIE_HTTPONLY = True
+X_FRAME_OPTIONS = 'DENY'
+
+TIME_ZONE = '{{ (system_tz is defined) | ternary(system_tz, 'UTC') }}'
+
+ACCOUNT_AUTHENTICATION_METHOD = "username_email"
+ACCOUNT_EMAIL_REQUIRED = True
+ACCOUNT_EMAIL_VERIFICATION = "mandatory"
+ACCOUNT_UNIQUE_EMAIL  = True
+
+Q_CLUSTER = {
+    'timeout': 300,
+    'save_limit': 100,
+    'orm': 'default',
+    'retry': 360,
+}
+
--- a/roles/mailman/templates/urls.py.j2
+++ b/roles/mailman/templates/urls.py.j2
@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+# Copyright (C) 1998-2016 by the Free Software Foundation, Inc.
+#
+# This file is part of Postorius.
+#
+# Postorius is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option)
+# any later version.
+#
+# Postorius is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+# more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# Postorius.  If not, see <http://www.gnu.org/licenses/>.
+
+from django.conf.urls import include, url
+from django.contrib import admin
+from django.urls import reverse_lazy
+from django.views.generic import RedirectView
+
+urlpatterns = [
+    url(r'^$', RedirectView.as_view(
+        url=reverse_lazy('list_index'),
+        permanent=True)),
+    url(r'^postorius/', include('postorius.urls')),
+    url(r'^hyperkitty/', include('hyperkitty.urls')),
+    url(r'', include('django_mailman3.urls')),
+    url(r'^accounts/', include('allauth.urls')),
+    # Django admin
+    url(r'^admin/', admin.site.urls),
+]
+
--- a/roles/mailman/templates/uwsgi.ini.j2
+++ b/roles/mailman/templates/uwsgi.ini.j2
@@ -0,0 +1,27 @@
+[uwsgi]
+http-socket = 0.0.0.0:{{ mailman_web_port }}
+virtualenv = {{ mailman_root_dir }}/venv/
+
+module=mailman_web.wsgi:application
+env = DJANGO_SETTINGS_MODULE=settings
+
+# Setup default number of processes and threads per process.
+master = true
+process = 2
+threads = 2
+
+# Setup the django_q related worker processes.
+attach-daemon = mailman-web qcluster
+
+# Setup the request log.
+req-logger = file:{{ mailman_root_dir }}/log/uwsgi.log
+
+# Log qcluster commands seperately.
+logger = qcluster syslog:mailman-web
+log-route = qcluster uwsgi-daemons
+
+# Last log and it logs the rest of the stuff.
+logger = syslog:mailman-web
+
+# Static assets
+check-static = {{ mailman_root_dir }}/web