From ad3250dca738a817b61fbdada168590c5881f581 Mon Sep 17 00:00:00 2001 From: Someone Date: Fri, 4 Oct 2024 13:42:46 +0200 Subject: [PATCH] [roles/service/sympa] Mailinglist service --- .../sympa/files/default/key_dkim.private | 1 + .../service/sympa/files/default/key_dkim.txt | 1 + .../sympa/files/default/list_aliases.tt2 | 7 + roles/service/sympa/files/default/sympa.conf | 166 ++++++++++++++++++ .../service/sympa/files/default/sympa.debconf | 3 + roles/service/sympa/handlers/main.yml | 13 ++ roles/service/sympa/tasks/main.yml | 152 ++++++++++++++++ .../vars/default/vars_nginx_vhost_custom.yml | 30 ++++ 8 files changed, 373 insertions(+) create mode 100644 roles/service/sympa/files/default/key_dkim.private create mode 100644 roles/service/sympa/files/default/key_dkim.txt create mode 100644 roles/service/sympa/files/default/list_aliases.tt2 create mode 100644 roles/service/sympa/files/default/sympa.conf create mode 100644 roles/service/sympa/files/default/sympa.debconf create mode 100644 roles/service/sympa/handlers/main.yml create mode 100644 roles/service/sympa/tasks/main.yml create mode 100644 roles/service/sympa/vars/default/vars_nginx_vhost_custom.yml diff --git a/roles/service/sympa/files/default/key_dkim.private b/roles/service/sympa/files/default/key_dkim.private new file mode 100644 index 0000000..9b270b7 --- /dev/null +++ b/roles/service/sympa/files/default/key_dkim.private @@ -0,0 +1 @@ +# OVERRIDE ME! diff --git a/roles/service/sympa/files/default/key_dkim.txt b/roles/service/sympa/files/default/key_dkim.txt new file mode 100644 index 0000000..9b270b7 --- /dev/null +++ b/roles/service/sympa/files/default/key_dkim.txt @@ -0,0 +1 @@ +# OVERRIDE ME! diff --git a/roles/service/sympa/files/default/list_aliases.tt2 b/roles/service/sympa/files/default/list_aliases.tt2 new file mode 100644 index 0000000..b7cd1b1 --- /dev/null +++ b/roles/service/sympa/files/default/list_aliases.tt2 @@ -0,0 +1,7 @@ +#--- [% list.name %]@[% list.domain %]: list transport map created at [% date %] +[% list.name %]@[% list.domain %] sympa:[% list.name %]@[% list.domain %] +[% list.name %]-request@[% list.domain %] sympa:[% list.name %]-request@[% list.domain %] +[% list.name %]-editor@[% list.domain %] sympa:[% list.name %]-editor@[% list.domain %] +#[% list.name %]-subscribe@[% list.domain %] sympa:[% list.name %]-subscribe@[%list.domain %] +[% list.name %]-unsubscribe@[% list.domain %] sympa:[% list.name %]-unsubscribe@[% list.domain %] +[% list.name %][% return_path_suffix %]@[% list.domain %] sympabounce:[% list.name %]@[% list.domain %] diff --git a/roles/service/sympa/files/default/sympa.conf b/roles/service/sympa/files/default/sympa.conf new file mode 100644 index 0000000..e0ad070 --- /dev/null +++ b/roles/service/sympa/files/default/sympa.conf @@ -0,0 +1,166 @@ +###\\\\ Service description ////### + +## domain +## Primary mail domain name +## Example: domain mail.example.org +domain lists.somenet.org + +## listmaster +## Email addresses of listmasters +## Email addresses of the listmasters (users authorized to perform global +## server commands). Some error reports may also be sent to these addresses. +## Listmasters can be defined for each virtual host, however, the default +## listmasters will have privileges to manage all virtual hosts. +## Example: listmaster your_email_address@domain.tld +listmaster someone@somenet.org + +###\\\\ Database related ////### + +## db_type +## Type of the database +## Possible types are "MySQL", "PostgreSQL", "Oracle" and "SQLite". +db_type SQLite + +## db_name +## Name of the database +## With SQLite, this must be the full path to database file. +## With Oracle Database, this must be SID, net service name or easy connection +## identifier (to use net service name, db_host should be set to "none" and +## HOST, PORT and SERVICE_NAME should be defined in tnsnames.ora file). +db_name /var/lib/sympa/sympa.sqlite + +## db_timeout +## Database processing timeout +## Currently, this parameter may be used for SQLite only. +db_timeout 10 + +###\\\\ Mail server ////### + +## sendmail_aliases +## Path of the file that contains all list related aliases +## It is recommended to create a specific alias file so that Sympa never +## overwrites the standard alias file, but only a dedicated file. +## Set this parameter to "none" if you want to disable alias management in +## Sympa. +sendmail_aliases /var/lib/sympa/transport.map + +## aliases_program +## Program used to update alias database +## This may be "makemap", "newaliases", "postalias", "postmap" or full path to +## custom program. +aliases_program postmap + +## aliases_db_type +## Type of alias database +## "btree", "dbm", "hash" and so on. Available when aliases_program is +## "makemap", "postalias" or "postmap" +aliases_db_type hash + +###\\\\ List definition ////### + +## lang +## Language of the list +## This parameter defines the language used for the list. It is used to +## initialize a user's language preference; Sympa command reports are +## extracted from the associated message catalog. +lang en_US + +###\\\\ Sending/receiving setup ////### + +## max_size +## Maximum message size +## Maximum size of a message in 8-bit bytes. +## Example: max_size 2097152 +max_size 209715200 + +###\\\\ DKIM/DMARC/ARC ////### + +## dkim_parameters.private_key_path +## File path for DKIM private key +## The file must contain a PEM encoded private key +dkim_parameters.private_key_path /etc/sympa/sympa/key_dkim.private + +## dkim_parameters.selector +## Selector for DNS lookup of DKIM public key +## The selector is used in order to build the DNS query for public key. It is +## up to you to choose the value you want but verify that you can query the +## public DKIM key for "._domainkey.your_domain" +dkim_parameters.selector s20240709 + +## dkim_parameters.signer_domain +## DKIM "d=" tag, you should probably use the default value +## The DKIM "d=" tag, is the domain of the signing entity. The list domain +## MUST be included in the "d=" domain +dkim_parameters.signer_domain lists.somenet.org + +## dkim_signature_apply_on +## The categories of messages sent to the list that will be signed using DKIM. +## This parameter controls in which case messages must be signed using DKIM, +## you may sign every message choosing 'any' or a subset. The parameter value +## is a comma separated list of keywords +dkim_signature_apply_on any + +## dmarc_protection.mode +## Protection modes +## Select one or more operation modes. "Domain matching regular +## expression" (domain_regex) matches the specified Domain regular expression; +## "DKIM signature exists" (dkim_signature) matches any message with a DKIM +## signature header; "DMARC policy ..." (dmarc_*) matches messages from sender +## domains with a DMARC policy as given; "all" (all) matches all messages. +## Example: dmarc_protection.mode dmarc_reject,dkim_signature +dmarc_protection.mode all + +## dmarc_protection.phrase +## New From name format +## This is the format to be used for the sender name part of the new From +## header field. +dmarc_protection.phrase name_email_via_list + +###\\\\ Web interface parameters ////### + +## wwsympa_url +## URL prefix of web interface +## This is used to construct URLs of web interface. The protocol (either +## https:// or http://) is required. +## Example: wwsympa_url https://web.example.org/sympa +wwsympa_url http://lists.somenet.org/sympa + +## static_content_path +## Directory for static contents +static_content_path /usr/share/sympa/static_content + +## css_path +## Directory for static style sheets (CSS) +## After an upgrade, static CSS files are upgraded with the newly installed +## "css.tt2" template. Therefore, this is not a good place to store customized +## CSS files. +css_path /var/lib/sympa/css + +## css_url +## URL for style sheets (CSS) +## To use auto-generated static CSS, HTTP server have to map it with +## "css_path". +css_url /css-sympa + +## pictures_path +## Directory for subscribers pictures +pictures_path /var/lib/sympa/pictures + +## pictures_url +## URL for subscribers pictures +## HTTP server have to map it with "pictures_path" directory. +pictures_url /pictures-sympa + +###\\\\ Web interface parameters: Appearances ////### + +## review_page_size +## Size of review page +## Default number of lines of the array displaying users in the review page +review_page_size 500 + +## viewlogs_page_size +## Size of viewlogs page +## Default number of lines of the array displaying the log entries in the logs +## page. +viewlogs_page_size 500 + diff --git a/roles/service/sympa/files/default/sympa.debconf b/roles/service/sympa/files/default/sympa.debconf new file mode 100644 index 0000000..131466f --- /dev/null +++ b/roles/service/sympa/files/default/sympa.debconf @@ -0,0 +1,3 @@ +sympa sympa/dbconfig-install string false +sympa sympa/sympa_newaliases-wrapper-setuid-root string false +sympa wwsympa/webserver_type string Other diff --git a/roles/service/sympa/handlers/main.yml b/roles/service/sympa/handlers/main.yml new file mode 100644 index 0000000..ff3906b --- /dev/null +++ b/roles/service/sympa/handlers/main.yml @@ -0,0 +1,13 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: restart sympa.service + systemd: + name: sympa.service + daemon_reload: yes + state: restarted + ignore_errors: yes diff --git a/roles/service/sympa/tasks/main.yml b/roles/service/sympa/tasks/main.yml new file mode 100644 index 0000000..b607507 --- /dev/null +++ b/roles/service/sympa/tasks/main.yml @@ -0,0 +1,152 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +# Sympa is broken in debian, in that it cannot be installed with dbconfig-no-thanks. +# To work around this, we have to first debconf-preseed some config values and deploy the config file before AND after installing the sympa package. +# todo: move to sertvices? +--- +- name: create /etc/sympa + file: + path: "/etc/sympa" + state: directory + mode: 0755 + owner: "sympa" + group: "sympa" + +- name: create /etc/sympa/sympa + file: + path: "/etc/sympa/sympa" + state: directory + mode: 0755 + owner: "sympa" + group: "sympa" + + +- name: copy sympa.debconf + copy: + src: "{{item}}" + dest: "/etc/sympa/sympa/sympa.debconf" + mode: 0644 + owner: "sympa" + group: "sympa" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/sympa.debconf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/sympa.debconf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/sympa.debconf" + - "default/sympa.debconf" + notify: restart sympa.service + + +- name: preseed sympa.debconf + shell: 'debconf-set-selections /etc/sympa/sympa/sympa.debconf' + + +- name: copy sympa config + copy: + src: "{{item}}" + dest: "/etc/sympa/sympa/sympa.conf" + mode: 0644 + owner: "sympa" + group: "sympa" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/sympa.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/sympa.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/sympa.conf" + - "default/sympa.conf" + notify: restart sympa.service + + +- name: install sympa + apt: + pkg: + - sympa + state: present + policy_rc_d: 101 + tags: "online" + ignore_errors: "{{ignore_online_errors | bool}}" + register: result + + +- name: copy sympa config again + copy: + src: "{{item}}" + dest: "/etc/sympa/sympa/sympa.conf" + mode: 0644 + owner: "sympa" + group: "sympa" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/sympa.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/sympa.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/sympa.conf" + - "default/sympa.conf" + notify: restart sympa.service + when: result.changed + + +- name: copy key_dkim.private + copy: + src: "{{item}}" + dest: "/etc/sympa/sympa/key_dkim.private" + mode: 0640 + owner: "sympa" + group: "sympa" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/key_dkim.private" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/key_dkim.private" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/key_dkim.private" + - "default/key_dkim.private" + notify: restart sympa.service + + +- name: copy list_aliases.tt2 + copy: + src: "{{item}}" + dest: "/etc/sympa/list_aliases.tt2" + mode: 0644 + owner: "sympa" + group: "sympa" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/list_aliases.tt2" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/list_aliases.tt2" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/list_aliases.tt2" + - "default/list_aliases.tt2" + notify: restart sympa.service + + +- name: include vars_nginx_vhost_custom + include_vars: + file: "{{item}}" + name: vars_nginx_vhost_custom + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{sympa_main_host_name}}-vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{sympa_main_host_name}}-vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{sympa_main_host_name}}-vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/vars_nginx_vhost_custom.yml" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/vars_nginx_vhost_custom.yml" + - "default/vars_nginx_vhost_custom.yml" + + +- name: configure vhost for "{{sympa_main_host_name}}" + include_role: + name: server/nginx/vhost-unified + vars: + vhost_type: "custom" + vhost_name: "{{sympa_main_host_name}}" + vhost_custom: + vhost_custom_pre_server: "{{vars_nginx_vhost_custom.vhost_custom_pre_server}}" + vhost_custom: "{{vars_nginx_vhost_custom.vhost_custom}}" + + +- name: enable and start sympa.service + include_role: name="base/systemd/enable-and-start" + vars: + service_name: sympa.service + +- name: enable and start wwsympa.socket + include_role: name="base/systemd/enable-and-start" + vars: + service_name: wwsympa.socket diff --git a/roles/service/sympa/vars/default/vars_nginx_vhost_custom.yml b/roles/service/sympa/vars/default/vars_nginx_vhost_custom.yml new file mode 100644 index 0000000..413f81b --- /dev/null +++ b/roles/service/sympa/vars/default/vars_nginx_vhost_custom.yml @@ -0,0 +1,30 @@ +##################################### +### someone"s ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +vhost_custom_pre_server: |- + +vhost_custom: |- + location = / {return 301 /sympa;} + location /sympa { + include fastcgi_params; + fastcgi_pass unix:/run/sympa/wwsympa.socket; + } + location /sympasoap { + include fastcgi_params; + fastcgi_pass unix:/run/sympa/wwsympa.socket; + } + location /css-sympa { + alias /var/lib/sympa/css; + } + + # below maybe needs fixing + location /static-sympa/pictures { + alias /var/lib/sympa/pictures; + } + location /static-sympa { + alias /usr/share/sympa/static_content; + } -- 2.43.0