diff --git a/type/__recycledcloud_lists/files/mailman-hyperkitty.cfg.sh b/type/__recycledcloud_lists/files/mailman-hyperkitty.cfg.sh
new file mode 100755
index 0000000..b8402dd
--- /dev/null
+++ b/type/__recycledcloud_lists/files/mailman-hyperkitty.cfg.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+cat << EOF
+# This is the mailman extension configuration file to enable HyperKitty as an
+# archiver. Remember to add the following lines in the mailman.cfg file:
+#
+# [archiver.hyperkitty]
+# class: mailman_hyperkitty.Archiver
+# enable: yes
+# configuration: /etc/mailman3/mailman-hyperkitty.cfg
+#
+
+[general]
+
+# This is your HyperKitty installation, preferably on the localhost. This
+# address will be used by Mailman to forward incoming emails to HyperKitty
+# for archiving. It does not need to be publicly available, in fact it's
+# better if it is not.
+base_url: https://${DOMAIN:?}/hyperkitty/
+
+# Shared API key, must be the identical to the value in HyperKitty's
+# settings.
+api_key: ${HYPERKITTY_API_KEY:?}
+EOF
diff --git a/type/__recycledcloud_lists/files/mailman-web.py.sh b/type/__recycledcloud_lists/files/mailman-web.py.sh
new file mode 100755
index 0000000..22228d5
--- /dev/null
+++ b/type/__recycledcloud_lists/files/mailman-web.py.sh
@@ -0,0 +1,224 @@
+#!/bin/sh
+
+cat << EOF
+# This file is imported by the Mailman Suite. It is used to override
+# the default settings from /usr/share/mailman3-web/settings.py.
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = '${DJANGO_SECRET:?}'
+
+ADMINS = (
+ ('Postmaster', 'postmaster@recycled.cloud'),
+)
+
+# Hosts/domain names that are valid for this site; required if DEBUG is False
+# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
+# Set to '*' per default in the Deian package to allow all hostnames. Mailman3
+# is meant to run behind a webserver reverse proxy anyway.
+ALLOWED_HOSTS = [
+ #"localhost", # Archiving API from Mailman, keep it.
+ # "lists.your-domain.org",
+ # Add here all production URLs you may have.
+ '*'
+]
+
+# Mailman API credentials
+MAILMAN_REST_API_URL = 'http://localhost:8001'
+MAILMAN_REST_API_USER = 'restadmin'
+MAILMAN_REST_API_PASS = '${ADMIN_PASS:?}'
+MAILMAN_ARCHIVER_KEY = '${HYPERKITTY_API_KEY}'
+MAILMAN_ARCHIVER_FROM = ${MAILMAN_ARCHIVER_FROM:?}
+
+# Application definition
+
+INSTALLED_APPS = (
+ 'hyperkitty',
+ 'postorius',
+ 'django_mailman3',
+ # Uncomment the next line to enable the admin:
+ 'django.contrib.admin',
+ # Uncomment the next line to enable admin documentation:
+ # 'django.contrib.admindocs',
+ 'django.contrib.auth',
+ 'django.contrib.contenttypes',
+ 'django.contrib.sessions',
+ 'django.contrib.sites',
+ 'django.contrib.messages',
+ 'django.contrib.staticfiles',
+ 'rest_framework',
+ 'django_gravatar',
+ 'compressor',
+ 'haystack',
+ 'django_extensions',
+ 'django_q',
+ 'allauth',
+ 'allauth.account',
+ 'allauth.socialaccount',
+ #'django_mailman3.lib.auth.fedora',
+ #'allauth.socialaccount.providers.openid',
+ #'allauth.socialaccount.providers.github',
+ #'allauth.socialaccount.providers.gitlab',
+ #'allauth.socialaccount.providers.google',
+ #'allauth.socialaccount.providers.facebook',
+ #'allauth.socialaccount.providers.twitter',
+ #'allauth.socialaccount.providers.stackexchange',
+)
+
+# Keep ModelBackend around for per-user permissions and maybe a local
+# superuser.
+AUTHENTICATION_BACKENDS = (
+ "django_auth_ldap.backend.LDAPBackend",
+ "django.contrib.auth.backends.ModelBackend",
+)
+
+# Database
+# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
+
+DATABASES = {
+ 'default': {
+ # Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
+ 'ENGINE': 'django.db.backends.sqlite3',
+ #'ENGINE': 'django.db.backends.postgresql_psycopg2',
+ #'ENGINE': 'django.db.backends.mysql',
+ # DB name or path to database file if using sqlite3.
+ 'NAME': '/var/lib/mailman3/web/mailman3web.db',
+ # The following settings are not used with sqlite3:
+ 'USER': '',
+ 'PASSWORD': '',
+ # HOST: empty for localhost through domain sockets or '127.0.0.1' for
+ # localhost through TCP.
+ 'HOST': '',
+ # PORT: set to empty string for default.
+ 'PORT': '',
+ # OPTIONS: Extra parameters to use when connecting to the database.
+ 'OPTIONS': {
+ # Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
+ # https://docs.djangoproject.com/en/1.11/ref/
+ # databases/#setting-sql-mode
+ #'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
+ },
+ }
+}
+
+
+# If you're behind a proxy, use the X-Forwarded-Host header
+# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
+USE_X_FORWARDED_HOST = True
+
+# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
+# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
+# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
+
+# Other security settings
+# SECURE_SSL_REDIRECT = True
+# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT
+# contains at least this line:
+# SECURE_REDIRECT_EXEMPT = [
+# "archives/api/mailman/.*", # Request from Mailman.
+# ]
+# SESSION_COOKIE_SECURE = True
+# SECURE_CONTENT_TYPE_NOSNIFF = True
+# SECURE_BROWSER_XSS_FILTER = True
+# CSRF_COOKIE_SECURE = True
+# CSRF_COOKIE_HTTPONLY = True
+# X_FRAME_OPTIONS = 'DENY'
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/1.8/topics/i18n/
+
+LANGUAGE_CODE = 'en-us'
+
+TIME_ZONE = 'UTC'
+
+USE_I18N = True
+USE_L10N = True
+USE_TZ = True
+
+
+# Set default domain for email addresses.
+EMAILNAME = '${EMAILNAME:?}'
+
+# If you enable internal authentication, this is the address that the emails
+# will appear to be coming from. Make sure you set a valid domain name,
+# otherwise the emails may get rejected.
+# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
+# DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org"
+DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME)
+
+# If you enable email reporting for error messages, this is where those emails
+# will appear to be coming from. Make sure you set a valid domain name,
+# otherwise the emails may get rejected.
+# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
+# SERVER_EMAIL = 'root@your-domain.org'
+SERVER_EMAIL = 'root@{}'.format(EMAILNAME)
+
+
+# Django Allauth
+ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
+
+
+#
+# Social auth
+#
+SOCIALACCOUNT_PROVIDERS = {
+ #'openid': {
+ # 'SERVERS': [
+ # dict(id='yahoo',
+ # name='Yahoo',
+ # openid_url='http://me.yahoo.com'),
+ # ],
+ #},
+ #'google': {
+ # 'SCOPE': ['profile', 'email'],
+ # 'AUTH_PARAMS': {'access_type': 'online'},
+ #},
+ #'facebook': {
+ # 'METHOD': 'oauth2',
+ # 'SCOPE': ['email'],
+ # 'FIELDS': [
+ # 'email',
+ # 'name',
+ # 'first_name',
+ # 'last_name',
+ # 'locale',
+ # 'timezone',
+ # ],
+ # 'VERSION': 'v2.4',
+ #},
+}
+
+# On a production setup, setting COMPRESS_OFFLINE to True will bring a
+# significant performance improvement, as CSS files will not need to be
+# recompiled on each requests. It means running an additional "compress"
+# management command after each code upgrade.
+# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
+COMPRESS_OFFLINE = True
+
+POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'
+
+# LDAP authentication backend.
+AUTH_LDAP_SERVER_URI = "${LDAP_SERVER_URI:?}"
+AUTH_LDAP_BIND_DN = "${LDAP_BIND_DN:?}"
+AUTH_LDAP_BIND_PASSWORD = "${LDAP_BIND_PASSWORD:?}"
+
+AUTH_LDAP_USER_ATTR_MAP = {
+ "username": "uid",
+ "first_name": "givenName",
+ "last_name": "sn",
+ "email": "mail"}
+
+import ldap
+from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
+
+AUTH_LDAP_USER_SEARCH = LDAPSearch("${LDAP_USER_BASE_DN:?}", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
+
+from django_auth_ldap.config import PosixGroupType
+AUTH_LDAP_GROUP_TYPE = PosixGroupType()
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch("${LDAP_GROUP_BASE_DN:?}",ldap.SCOPE_SUBTREE, "(objectClass='posixGroup')")
+
+AUTH_LDAP_USER_FLAGS_BY_GROUP = {
+ "is_superuser": "${SUPERUSER_LDAP_DN:?}"
+}
+EOF
diff --git a/type/__recycledcloud_lists/files/mailman.cfg.sh b/type/__recycledcloud_lists/files/mailman.cfg.sh
new file mode 100755
index 0000000..7c47e1d
--- /dev/null
+++ b/type/__recycledcloud_lists/files/mailman.cfg.sh
@@ -0,0 +1,281 @@
+#!/bin/sh
+
+cat << EOF
+# Copyright (C) 2008-2017 by the Free Software Foundation, Inc.
+#
+# This file is part of GNU Mailman.
+#
+# GNU Mailman is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option)
+# any later version.
+#
+# GNU Mailman is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# GNU Mailman. If not, see .
+
+# This file contains the Debian configuration for mailman. It uses ini-style
+# formats under the lazr.config regime to define all system configuration
+# options. See for details.
+
+
+[mailman]
+# This address is the "site owner" address. Certain messages which must be
+# delivered to a human, but which can't be delivered to a list owner (e.g. a
+# bounce from a list owner), will be sent to this address. It should point to
+# a human.
+site_owner: ${SITE_OWNER:?}
+
+# This is the local-part of an email address used in the From field whenever a
+# message comes from some entity to which there is no natural reply recipient.
+# Mailman will append '@' and the host name of the list involved. This
+# address must not bounce and it must not point to a Mailman process.
+noreply_address: noreply
+
+# The default language for this server.
+default_language: en
+
+# Membership tests for posting purposes are usually performed by looking at a
+# set of headers, passing the test if any of their values match a member of
+# the list. Headers are checked in the order given in this variable. The
+# value From_ means to use the envelope sender. Field names are case
+# insensitive. This is a space separate list of headers.
+sender_headers: from from_ reply-to sender
+
+# Mail command processor will ignore mail command lines after designated max.
+email_commands_max_lines: 10
+
+# Default length of time a pending request is live before it is evicted from
+# the pending database.
+pending_request_life: 3d
+
+# How long should files be saved before they are evicted from the cache?
+cache_life: 7d
+
+# A callable to run with no arguments early in the initialization process.
+# This runs before database initialization.
+pre_hook:
+
+# A callable to run with no arguments late in the initialization process.
+# This runs after adapters are initialized.
+post_hook:
+
+# Which paths.* file system layout to use.
+# You should not change this variable.
+layout: debian
+
+# Can MIME filtered messages be preserved by list owners?
+filtered_messages_are_preservable: no
+
+# How should text/html parts be converted to text/plain when the mailing list
+# is set to convert HTML to plaintext? This names a command to be called,
+# where the substitution variable \$filename is filled in by Mailman, and
+# contains the path to the temporary file that the command should read from.
+# The command should print the converted text to stdout.
+html_to_plain_text_command: /usr/bin/lynx -dump \$filename
+
+# Specify what characters are allowed in list names. Characters outside of
+# the class [-_.+=!\$*{}~0-9a-z] matched case insensitively are never allowed,
+# but this specifies a subset as the only allowable characters. This must be
+# a valid character class regexp or the effect on list creation is
+# unpredictable.
+listname_chars: [-_.0-9a-z]
+
+
+[shell]
+# \`mailman shell\` (also \`withlist\`) gives you an interactive prompt that you
+# can use to interact with an initialized and configured Mailman system. Use
+# --help for more information. This section allows you to configure certain
+# aspects of this interactive shell.
+
+# Customize the interpreter prompt.
+prompt: >>>
+
+# Banner to show on startup.
+banner: Welcome to the GNU Mailman shell
+
+# Use IPython as the shell, which must be found on the system. Valid values
+# are \`no\`, \`yes\`, and \`debug\` where the latter is equivalent to \`yes\` except
+# that any import errors will be displayed to stderr.
+use_ipython: no
+
+# Set this to allow for command line history if readline is available. This
+# can be as simple as \$var_dir/history.py to put the file in the var directory.
+history_file:
+
+
+[paths.debian]
+# Important directories for Mailman operation. These are defined here so that
+# different layouts can be supported. For example, a developer layout would
+# be different from a FHS layout. Most paths are based off the var_dir, and
+# often just setting that will do the right thing for all the other paths.
+# You might also have to set spool_dir though.
+#
+# Substitutions are allowed, but must be of the form \$var where 'var' names a
+# configuration variable in the paths.* section. Substitutions are expanded
+# recursively until no more $-variables are present. Beware of infinite
+# expansion loops!
+#
+# This is the root of the directory structure that Mailman will use to store
+# its run-time data.
+var_dir: /var/lib/mailman3
+# This is where the Mailman queue files directories will be created.
+queue_dir: \$var_dir/queue
+# This is the directory containing the Mailman 'runner' and 'master' commands
+# if set to the string '\$argv', it will be taken as the directory containing
+# the 'mailman' command.
+bin_dir: /usr/lib/mailman3/bin
+# All list-specific data.
+list_data_dir: \$var_dir/lists
+# Directory where log files go.
+log_dir: /var/log/mailman3
+# Directory for system-wide locks.
+lock_dir: \$var_dir/locks
+# Directory for system-wide data.
+data_dir: \$var_dir/data
+# Cache files.
+cache_dir: \$var_dir/cache
+# Directory for configuration files and such.
+etc_dir: /etc/mailman3
+# Directory containing Mailman plugins.
+ext_dir: \$var_dir/ext
+# Directory where the default IMessageStore puts its messages.
+messages_dir: \$var_dir/messages
+# Directory for archive backends to store their messages in. Archivers should
+# create a subdirectory in here to store their files.
+archive_dir: \$var_dir/archives
+# Root directory for site-specific template override files.
+template_dir: \$var_dir/templates
+# There are also a number of paths to specific file locations that can be
+# defined. For these, the directory containing the file must already exist,
+# or be one of the directories created by Mailman as per above.
+#
+# This is where PID file for the master runner is stored.
+pid_file: /run/mailman3/master.pid
+# Lock file.
+lock_file: \$lock_dir/master.lck
+
+
+[database]
+# The class implementing the IDatabase.
+class: mailman.database.sqlite.SQLiteDatabase
+#class: mailman.database.mysql.MySQLDatabase
+#class: mailman.database.postgresql.PostgreSQLDatabase
+
+# Use this to set the Storm database engine URL. You generally have one
+# primary database connection for all of Mailman. List data and most rosters
+# will store their data in this database, although external rosters may access
+# other databases in their own way. This string supports standard
+# 'configuration' substitutions.
+url: sqlite:///\$DATA_DIR/mailman.db
+#url: mysql+pymysql://mailman3:mmpass@localhost/mailman3?charset=utf8&use_unicode=1
+#url: postgres://mailman3:mmpass@localhost/mailman3
+
+debug: no
+
+
+[logging.debian]
+# This defines various log settings. The options available are:
+#
+# - level -- Overrides the default level; this may be any of the
+# standard Python logging levels, case insensitive.
+# - format -- Overrides the default format string
+# - datefmt -- Overrides the default date format string
+# - path -- Overrides the default logger path. This may be a relative
+# path name, in which case it is relative to Mailman's LOG_DIR,
+# or it may be an absolute path name. You cannot change the
+# handler class that will be used.
+# - propagate -- Boolean specifying whether to propagate log message from this
+# logger to the root "mailman" logger. You cannot override
+# settings for the root logger.
+#
+# In this section, you can define defaults for all loggers, which will be
+# prefixed by 'mailman.'. Use subsections to override settings for specific
+# loggers. The names of the available loggers are:
+#
+# - archiver -- All archiver output
+# - bounce -- All bounce processing logs go here
+# - config -- Configuration issues
+# - database -- Database logging (SQLAlchemy and Alembic)
+# - debug -- Only used for development
+# - error -- All exceptions go to this log
+# - fromusenet -- Information related to the Usenet to Mailman gateway
+# - http -- Internal wsgi-based web interface
+# - locks -- Lock state changes
+# - mischief -- Various types of hostile activity
+# - runner -- Runner process start/stops
+# - smtp -- Successful SMTP activity
+# - smtp-failure -- Unsuccessful SMTP activity
+# - subscribe -- Information about leaves/joins
+# - vette -- Message vetting information
+format: %(asctime)s (%(process)d) %(message)s
+datefmt: %b %d %H:%M:%S %Y
+propagate: no
+level: info
+path: mailman.log
+
+[webservice]
+# The hostname at which admin web service resources are exposed.
+hostname: localhost
+
+# The port at which the admin web service resources are exposed.
+port: 8001
+
+# Whether or not requests to the web service are secured through SSL.
+use_https: ${USE_HTTPS:?}
+
+# Whether or not to show tracebacks in an HTTP response for a request that
+# raised an exception.
+show_tracebacks: ${SHOW_TRACEBACKS:?}
+
+# The API version number for the current (highest) API.
+api_version: 3.1
+
+# The administrative username.
+admin_user: restadmin
+
+# The administrative password.
+admin_pass: ${ADMIN_PASS:?}
+
+[mta]
+# The class defining the interface to the incoming mail transport agent.
+#incoming: mailman.mta.exim4.LMTP
+incoming: mailman.mta.postfix.LMTP
+
+# The callable implementing delivery to the outgoing mail transport agent.
+# This must accept three arguments, the mailing list, the message, and the
+# message metadata dictionary.
+outgoing: mailman.mta.deliver.deliver
+
+# How to connect to the outgoing MTA. If smtp_user and smtp_pass is given,
+# then Mailman will attempt to log into the MTA when making a new connection.
+smtp_host: localhost
+smtp_port: 25
+smtp_user:
+smtp_pass:
+
+# Where the LMTP server listens for connections. Use 127.0.0.1 instead of
+# localhost for Postfix integration, because Postfix only consults DNS
+# (e.g. not /etc/hosts).
+lmtp_host: 127.0.0.1
+lmtp_port: 8024
+
+# Where can we find the mail server specific configuration file? The path can
+# be either a file system path or a Python import path. If the value starts
+# with python: then it is a Python import path, otherwise it is a file system
+# path. File system paths must be absolute since no guarantees are made about
+# the current working directory. Python paths should not include the trailing
+# .cfg, which the file must end with.
+#configuration: python:mailman.config.exim4
+configuration: python:mailman.config.postfix
+
+
+[archiver.hyperkitty]
+class: mailman_hyperkitty.Archiver
+enable: yes
+configuration: /etc/mailman3/mailman-hyperkitty.cfg
+EOF
diff --git a/type/__recycledcloud_lists/files/uwsgi.ini b/type/__recycledcloud_lists/files/uwsgi.ini
new file mode 100755
index 0000000..7152068
--- /dev/null
+++ b/type/__recycledcloud_lists/files/uwsgi.ini
@@ -0,0 +1,50 @@
+[uwsgi]
+# Port on which uwsgi will be listening.
+uwsgi-socket = /run/mailman3-web/uwsgi.sock
+
+#Enable threading for python
+enable-threads = true
+
+# Move to the directory wher the django files are.
+chdir = /usr/share/mailman3-web
+
+# Use the wsgi file provided with the django project.
+wsgi-file = wsgi.py
+
+# Setup default number of processes and threads per process.
+master = true
+process = 2
+threads = 2
+
+# Drop privielges and don't run as root.
+uid = www-data
+gid = www-data
+
+plugins = python3,logfile
+
+# Setup the django_q related worker processes.
+attach-daemon = python3 manage.py qcluster
+
+# Setup hyperkitty's cron jobs.
+unique-cron = -1 -1 -1 -1 -1 ./manage.py runjobs minutely
+unique-cron = -15 -1 -1 -1 -1 ./manage.py runjobs quarter_hourly
+unique-cron = 0 -1 -1 -1 -1 ./manage.py runjobs hourly
+unique-cron = 0 0 -1 -1 -1 ./manage.py runjobs daily
+unique-cron = 0 0 1 -1 -1 ./manage.py runjobs monthly
+unique-cron = 0 0 -1 -1 0 ./manage.py runjobs weekly
+unique-cron = 0 0 1 1 -1 ./manage.py runjobs yearly
+
+# Setup the request log.
+req-logger = file:/var/log/mailman3/web/mailman-web.log
+
+# Log cron seperately.
+logger = cron file:/var/log/mailman3/web/mailman-web-cron.log
+log-route = cron uwsgi-cron
+
+# Log qcluster commands seperately.
+logger = qcluster file:/var/log/mailman3/web/mailman-web-qcluster.log
+log-route = qcluster uwsgi-daemons
+
+# Last log and it logs the rest of the stuff.
+#logger = file:/var/log/mailman3/web/mailman-web-error.log
+logto = /var/log/mailman3/web/mailman-web.log
diff --git a/type/__recycledcloud_lists/manifest b/type/__recycledcloud_lists/manifest
new file mode 100644
index 0000000..06f2554
--- /dev/null
+++ b/type/__recycledcloud_lists/manifest
@@ -0,0 +1,98 @@
+#!/bin/sh
+
+os=$(cat "${__global:?}/explorer/os")
+if [ "$os" != "debian" ]; then
+ echo "This type does not support $os. Exiting." >&2
+ exit 1
+fi
+
+DOMAIN=$(cat "${__object:?}/parameter/domain")
+export DOMAIN
+
+__recycledcloud_nginx "$DOMAIN" \
+ --config - <<- EOF
+ location / {
+ uwsgi_pass unix:/run/mailman3-web/uwsgi.sock;
+ include /etc/nginx/uwsgi_params;
+ }
+
+ location /mailman3/static {
+ alias /var/lib/mailman3/web/static;
+ }
+
+ location /mailman3/static/favicon.ico {
+ alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
+ }
+ EOF
+
+
+# TLS is handled by proxy (nginx).
+export USE_HTTPS=no
+export SHOW_TRACEBACKS=no
+export EMAILNAME=$DOMAIN
+
+SITE_OWNER=$(cat "${__object:?}/parameter/site-owner")
+ADMIN_PASS=$(cat "${__object:?}/parameter/mailman3-api-admin-pass")
+HYPERKITTY_API_KEY=$(cat "${__object:?}/parameter/hyperkitty-api-key")
+MAILMAN_ARCHIVER_FROM=$(cat "${__object:?}/parameter/archiver-from")
+export ADMIN_PASS HYPERKITTY_API_KEY SITE_OWNER MAILMAN_ARCHIVER_FROM
+
+DJANGO_SECRET=$(cat "${__object:?}/parameter/django-secret")
+export DJANGO_SECRET
+
+LDAP_SERVER_URI=$(cat "${__object:?}/parameter/ldap-server-uri")
+LDAP_BIND_DN=$(cat "${__object:?}/parameter/ldap-bind-dn")
+LDAP_BIND_PASSWORD=$(cat "${__object:?}/parameter/ldap-bind-pw")
+LDAP_USER_BASE_DN=$(cat "${__object:?}/parameter/ldap-user-base")
+LDAP_GROUP_BASE_DN=$(cat "${__object:?}/parameter/ldap-group-base")
+SUPERUSER_LDAP_DN=$(cat "${__object:?}/parameter/superuser-ldap-dn")
+export LDAP_SERVER_URI LDAP_BIND_DN LDAP_BIND_PASSWORD LDAP_USER_BASE_DN \
+ LDAP_GROUP_BASE_DN SUPERUSER_LDAP_DN
+
+# Install mailman3 and related mail services.
+__package python3-ldap
+__package python3-django-auth-ldap
+require="__recycledcloud_nginx/$DOMAIN __package/python3-ldap \
+ __package/python3-django-auth-ldap" __package mailman3-full
+
+# Install & configure MTA.
+__package postfix
+
+export require='__package/postfix'
+__postfix_postconf inet_interfaces --value 'all'
+__postfix_postconf recipient_delimiter --value '+'
+__postfix_postconf unknown_local_recipient_reject_code --value '500'
+__postfix_postconf owner_request_special --value 'no'
+
+mailman_datadir=/var/lib/mailman3/data
+__postfix_postconf transport_maps --value "hash:$mailman_datadir/postfix_lmtp"
+__postfix_postconf local_recipient_maps --value "hash:$mailman_datadir/postfix_lmtp"
+__postfix_postconf relay_domains --value "hash:$mailman_datadir/postfix_domains"
+unset require
+
+# Generate and deploy configuration.
+mkdir -p "${__object:?}/files"
+for file in mailman.cfg mailman-web.py mailman-hyperkitty.cfg; do
+ "${__type:?}/files/$file.sh" > "${__object:?}/files/$file"
+done
+
+require="__package/mailman3-full" __file /etc/mailman3/mailman.cfg \
+ --source "${__object:?}/files/mailman.cfg" \
+ --owner list \
+ --mode 0640 \
+ --onchange 'service mailman3 restart'
+
+require="__package/mailman3-full" __file /etc/mailman3/mailman-hyperkitty.cfg \
+ --source "${__object:?}/files/mailman-hyperkitty.cfg" \
+ --owner list \
+ --mode 0640
+
+require="__package/mailman3-full" __file /etc/mailman3/mailman-web.py \
+ --source "${__object:?}/files/mailman-web.py" \
+ --group www-data \
+ --mode 0640 \
+ --onchange 'service mailman3-web restart'
+
+require="__package/mailman3-full" __file /etc/mailman3/uwsgi.ini \
+ --source "${__type:?}/files/uwsgi.ini" \
+ --mode 0644
diff --git a/type/__recycledcloud_lists/parameter/required b/type/__recycledcloud_lists/parameter/required
new file mode 100644
index 0000000..1ab28f4
--- /dev/null
+++ b/type/__recycledcloud_lists/parameter/required
@@ -0,0 +1,12 @@
+domain
+site-owner
+mailman3-api-admin-pass
+hyperkitty-api-key
+ldap-server-uri
+ldap-bind-dn
+ldap-bind-pw
+ldap-user-base
+ldap-group-base
+superuser-ldap-dn
+archiver-from
+django-secret
diff --git a/type/__recycledcloud_lists/singleton b/type/__recycledcloud_lists/singleton
new file mode 100644
index 0000000..e69de29