From 80b6bcd93da61193fc04fe569f803a1fef9c2c99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Floure?= Date: Wed, 13 Jan 2021 16:35:58 +0100 Subject: [PATCH] Import mailman3 type from dot-cdist --- .../files/mailman-hyperkitty.cfg.sh | 24 ++ .../files/mailman-web.py.sh | 224 ++++++++++++++ .../files/mailman.cfg.sh | 281 ++++++++++++++++++ type/__recycledcloud_lists/files/uwsgi.ini | 50 ++++ type/__recycledcloud_lists/manifest | 98 ++++++ type/__recycledcloud_lists/parameter/required | 12 + type/__recycledcloud_lists/singleton | 0 7 files changed, 689 insertions(+) create mode 100755 type/__recycledcloud_lists/files/mailman-hyperkitty.cfg.sh create mode 100755 type/__recycledcloud_lists/files/mailman-web.py.sh create mode 100755 type/__recycledcloud_lists/files/mailman.cfg.sh create mode 100755 type/__recycledcloud_lists/files/uwsgi.ini create mode 100644 type/__recycledcloud_lists/manifest create mode 100644 type/__recycledcloud_lists/parameter/required create mode 100644 type/__recycledcloud_lists/singleton diff --git a/type/__recycledcloud_lists/files/mailman-hyperkitty.cfg.sh b/type/__recycledcloud_lists/files/mailman-hyperkitty.cfg.sh new file mode 100755 index 0000000..b8402dd --- /dev/null +++ b/type/__recycledcloud_lists/files/mailman-hyperkitty.cfg.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +cat << EOF +# This is the mailman extension configuration file to enable HyperKitty as an +# archiver. Remember to add the following lines in the mailman.cfg file: +# +# [archiver.hyperkitty] +# class: mailman_hyperkitty.Archiver +# enable: yes +# configuration: /etc/mailman3/mailman-hyperkitty.cfg +# + +[general] + +# This is your HyperKitty installation, preferably on the localhost. This +# address will be used by Mailman to forward incoming emails to HyperKitty +# for archiving. It does not need to be publicly available, in fact it's +# better if it is not. +base_url: https://${DOMAIN:?}/hyperkitty/ + +# Shared API key, must be the identical to the value in HyperKitty's +# settings. +api_key: ${HYPERKITTY_API_KEY:?} +EOF diff --git a/type/__recycledcloud_lists/files/mailman-web.py.sh b/type/__recycledcloud_lists/files/mailman-web.py.sh new file mode 100755 index 0000000..22228d5 --- /dev/null +++ b/type/__recycledcloud_lists/files/mailman-web.py.sh @@ -0,0 +1,224 @@ +#!/bin/sh + +cat << EOF +# This file is imported by the Mailman Suite. It is used to override +# the default settings from /usr/share/mailman3-web/settings.py. + +# SECURITY WARNING: keep the secret key used in production secret! +SECRET_KEY = '${DJANGO_SECRET:?}' + +ADMINS = ( + ('Postmaster', 'postmaster@recycled.cloud'), +) + +# Hosts/domain names that are valid for this site; required if DEBUG is False +# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts +# Set to '*' per default in the Deian package to allow all hostnames. Mailman3 +# is meant to run behind a webserver reverse proxy anyway. +ALLOWED_HOSTS = [ + #"localhost", # Archiving API from Mailman, keep it. + # "lists.your-domain.org", + # Add here all production URLs you may have. + '*' +] + +# Mailman API credentials +MAILMAN_REST_API_URL = 'http://localhost:8001' +MAILMAN_REST_API_USER = 'restadmin' +MAILMAN_REST_API_PASS = '${ADMIN_PASS:?}' +MAILMAN_ARCHIVER_KEY = '${HYPERKITTY_API_KEY}' +MAILMAN_ARCHIVER_FROM = ${MAILMAN_ARCHIVER_FROM:?} + +# Application definition + +INSTALLED_APPS = ( + 'hyperkitty', + 'postorius', + 'django_mailman3', + # Uncomment the next line to enable the admin: + 'django.contrib.admin', + # Uncomment the next line to enable admin documentation: + # 'django.contrib.admindocs', + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + 'django.contrib.sites', + 'django.contrib.messages', + 'django.contrib.staticfiles', + 'rest_framework', + 'django_gravatar', + 'compressor', + 'haystack', + 'django_extensions', + 'django_q', + 'allauth', + 'allauth.account', + 'allauth.socialaccount', + #'django_mailman3.lib.auth.fedora', + #'allauth.socialaccount.providers.openid', + #'allauth.socialaccount.providers.github', + #'allauth.socialaccount.providers.gitlab', + #'allauth.socialaccount.providers.google', + #'allauth.socialaccount.providers.facebook', + #'allauth.socialaccount.providers.twitter', + #'allauth.socialaccount.providers.stackexchange', +) + +# Keep ModelBackend around for per-user permissions and maybe a local +# superuser. +AUTHENTICATION_BACKENDS = ( + "django_auth_ldap.backend.LDAPBackend", + "django.contrib.auth.backends.ModelBackend", +) + +# Database +# https://docs.djangoproject.com/en/1.8/ref/settings/#databases + +DATABASES = { + 'default': { + # Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'. + 'ENGINE': 'django.db.backends.sqlite3', + #'ENGINE': 'django.db.backends.postgresql_psycopg2', + #'ENGINE': 'django.db.backends.mysql', + # DB name or path to database file if using sqlite3. + 'NAME': '/var/lib/mailman3/web/mailman3web.db', + # The following settings are not used with sqlite3: + 'USER': '', + 'PASSWORD': '', + # HOST: empty for localhost through domain sockets or '127.0.0.1' for + # localhost through TCP. + 'HOST': '', + # PORT: set to empty string for default. + 'PORT': '', + # OPTIONS: Extra parameters to use when connecting to the database. + 'OPTIONS': { + # Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See + # https://docs.djangoproject.com/en/1.11/ref/ + # databases/#setting-sql-mode + #'init_command': "SET sql_mode='STRICT_TRANS_TABLES'", + }, + } +} + + +# If you're behind a proxy, use the X-Forwarded-Host header +# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host +USE_X_FORWARDED_HOST = True + +# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER +# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header +# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') +# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https') + +# Other security settings +# SECURE_SSL_REDIRECT = True +# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT +# contains at least this line: +# SECURE_REDIRECT_EXEMPT = [ +# "archives/api/mailman/.*", # Request from Mailman. +# ] +# SESSION_COOKIE_SECURE = True +# SECURE_CONTENT_TYPE_NOSNIFF = True +# SECURE_BROWSER_XSS_FILTER = True +# CSRF_COOKIE_SECURE = True +# CSRF_COOKIE_HTTPONLY = True +# X_FRAME_OPTIONS = 'DENY' + + +# Internationalization +# https://docs.djangoproject.com/en/1.8/topics/i18n/ + +LANGUAGE_CODE = 'en-us' + +TIME_ZONE = 'UTC' + +USE_I18N = True +USE_L10N = True +USE_TZ = True + + +# Set default domain for email addresses. +EMAILNAME = '${EMAILNAME:?}' + +# If you enable internal authentication, this is the address that the emails +# will appear to be coming from. Make sure you set a valid domain name, +# otherwise the emails may get rejected. +# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email +# DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org" +DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME) + +# If you enable email reporting for error messages, this is where those emails +# will appear to be coming from. Make sure you set a valid domain name, +# otherwise the emails may get rejected. +# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL +# SERVER_EMAIL = 'root@your-domain.org' +SERVER_EMAIL = 'root@{}'.format(EMAILNAME) + + +# Django Allauth +ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https" + + +# +# Social auth +# +SOCIALACCOUNT_PROVIDERS = { + #'openid': { + # 'SERVERS': [ + # dict(id='yahoo', + # name='Yahoo', + # openid_url='http://me.yahoo.com'), + # ], + #}, + #'google': { + # 'SCOPE': ['profile', 'email'], + # 'AUTH_PARAMS': {'access_type': 'online'}, + #}, + #'facebook': { + # 'METHOD': 'oauth2', + # 'SCOPE': ['email'], + # 'FIELDS': [ + # 'email', + # 'name', + # 'first_name', + # 'last_name', + # 'locale', + # 'timezone', + # ], + # 'VERSION': 'v2.4', + #}, +} + +# On a production setup, setting COMPRESS_OFFLINE to True will bring a +# significant performance improvement, as CSS files will not need to be +# recompiled on each requests. It means running an additional "compress" +# management command after each code upgrade. +# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression +COMPRESS_OFFLINE = True + +POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/' + +# LDAP authentication backend. +AUTH_LDAP_SERVER_URI = "${LDAP_SERVER_URI:?}" +AUTH_LDAP_BIND_DN = "${LDAP_BIND_DN:?}" +AUTH_LDAP_BIND_PASSWORD = "${LDAP_BIND_PASSWORD:?}" + +AUTH_LDAP_USER_ATTR_MAP = { + "username": "uid", + "first_name": "givenName", + "last_name": "sn", + "email": "mail"} + +import ldap +from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion + +AUTH_LDAP_USER_SEARCH = LDAPSearch("${LDAP_USER_BASE_DN:?}", ldap.SCOPE_SUBTREE, "(uid=%(user)s)") + +from django_auth_ldap.config import PosixGroupType +AUTH_LDAP_GROUP_TYPE = PosixGroupType() +AUTH_LDAP_GROUP_SEARCH = LDAPSearch("${LDAP_GROUP_BASE_DN:?}",ldap.SCOPE_SUBTREE, "(objectClass='posixGroup')") + +AUTH_LDAP_USER_FLAGS_BY_GROUP = { + "is_superuser": "${SUPERUSER_LDAP_DN:?}" +} +EOF diff --git a/type/__recycledcloud_lists/files/mailman.cfg.sh b/type/__recycledcloud_lists/files/mailman.cfg.sh new file mode 100755 index 0000000..7c47e1d --- /dev/null +++ b/type/__recycledcloud_lists/files/mailman.cfg.sh @@ -0,0 +1,281 @@ +#!/bin/sh + +cat << EOF +# Copyright (C) 2008-2017 by the Free Software Foundation, Inc. +# +# This file is part of GNU Mailman. +# +# GNU Mailman is free software: you can redistribute it and/or modify it under +# the terms of the GNU General Public License as published by the Free +# Software Foundation, either version 3 of the License, or (at your option) +# any later version. +# +# GNU Mailman is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for +# more details. +# +# You should have received a copy of the GNU General Public License along with +# GNU Mailman. If not, see . + +# This file contains the Debian configuration for mailman. It uses ini-style +# formats under the lazr.config regime to define all system configuration +# options. See for details. + + +[mailman] +# This address is the "site owner" address. Certain messages which must be +# delivered to a human, but which can't be delivered to a list owner (e.g. a +# bounce from a list owner), will be sent to this address. It should point to +# a human. +site_owner: ${SITE_OWNER:?} + +# This is the local-part of an email address used in the From field whenever a +# message comes from some entity to which there is no natural reply recipient. +# Mailman will append '@' and the host name of the list involved. This +# address must not bounce and it must not point to a Mailman process. +noreply_address: noreply + +# The default language for this server. +default_language: en + +# Membership tests for posting purposes are usually performed by looking at a +# set of headers, passing the test if any of their values match a member of +# the list. Headers are checked in the order given in this variable. The +# value From_ means to use the envelope sender. Field names are case +# insensitive. This is a space separate list of headers. +sender_headers: from from_ reply-to sender + +# Mail command processor will ignore mail command lines after designated max. +email_commands_max_lines: 10 + +# Default length of time a pending request is live before it is evicted from +# the pending database. +pending_request_life: 3d + +# How long should files be saved before they are evicted from the cache? +cache_life: 7d + +# A callable to run with no arguments early in the initialization process. +# This runs before database initialization. +pre_hook: + +# A callable to run with no arguments late in the initialization process. +# This runs after adapters are initialized. +post_hook: + +# Which paths.* file system layout to use. +# You should not change this variable. +layout: debian + +# Can MIME filtered messages be preserved by list owners? +filtered_messages_are_preservable: no + +# How should text/html parts be converted to text/plain when the mailing list +# is set to convert HTML to plaintext? This names a command to be called, +# where the substitution variable \$filename is filled in by Mailman, and +# contains the path to the temporary file that the command should read from. +# The command should print the converted text to stdout. +html_to_plain_text_command: /usr/bin/lynx -dump \$filename + +# Specify what characters are allowed in list names. Characters outside of +# the class [-_.+=!\$*{}~0-9a-z] matched case insensitively are never allowed, +# but this specifies a subset as the only allowable characters. This must be +# a valid character class regexp or the effect on list creation is +# unpredictable. +listname_chars: [-_.0-9a-z] + + +[shell] +# \`mailman shell\` (also \`withlist\`) gives you an interactive prompt that you +# can use to interact with an initialized and configured Mailman system. Use +# --help for more information. This section allows you to configure certain +# aspects of this interactive shell. + +# Customize the interpreter prompt. +prompt: >>> + +# Banner to show on startup. +banner: Welcome to the GNU Mailman shell + +# Use IPython as the shell, which must be found on the system. Valid values +# are \`no\`, \`yes\`, and \`debug\` where the latter is equivalent to \`yes\` except +# that any import errors will be displayed to stderr. +use_ipython: no + +# Set this to allow for command line history if readline is available. This +# can be as simple as \$var_dir/history.py to put the file in the var directory. +history_file: + + +[paths.debian] +# Important directories for Mailman operation. These are defined here so that +# different layouts can be supported. For example, a developer layout would +# be different from a FHS layout. Most paths are based off the var_dir, and +# often just setting that will do the right thing for all the other paths. +# You might also have to set spool_dir though. +# +# Substitutions are allowed, but must be of the form \$var where 'var' names a +# configuration variable in the paths.* section. Substitutions are expanded +# recursively until no more $-variables are present. Beware of infinite +# expansion loops! +# +# This is the root of the directory structure that Mailman will use to store +# its run-time data. +var_dir: /var/lib/mailman3 +# This is where the Mailman queue files directories will be created. +queue_dir: \$var_dir/queue +# This is the directory containing the Mailman 'runner' and 'master' commands +# if set to the string '\$argv', it will be taken as the directory containing +# the 'mailman' command. +bin_dir: /usr/lib/mailman3/bin +# All list-specific data. +list_data_dir: \$var_dir/lists +# Directory where log files go. +log_dir: /var/log/mailman3 +# Directory for system-wide locks. +lock_dir: \$var_dir/locks +# Directory for system-wide data. +data_dir: \$var_dir/data +# Cache files. +cache_dir: \$var_dir/cache +# Directory for configuration files and such. +etc_dir: /etc/mailman3 +# Directory containing Mailman plugins. +ext_dir: \$var_dir/ext +# Directory where the default IMessageStore puts its messages. +messages_dir: \$var_dir/messages +# Directory for archive backends to store their messages in. Archivers should +# create a subdirectory in here to store their files. +archive_dir: \$var_dir/archives +# Root directory for site-specific template override files. +template_dir: \$var_dir/templates +# There are also a number of paths to specific file locations that can be +# defined. For these, the directory containing the file must already exist, +# or be one of the directories created by Mailman as per above. +# +# This is where PID file for the master runner is stored. +pid_file: /run/mailman3/master.pid +# Lock file. +lock_file: \$lock_dir/master.lck + + +[database] +# The class implementing the IDatabase. +class: mailman.database.sqlite.SQLiteDatabase +#class: mailman.database.mysql.MySQLDatabase +#class: mailman.database.postgresql.PostgreSQLDatabase + +# Use this to set the Storm database engine URL. You generally have one +# primary database connection for all of Mailman. List data and most rosters +# will store their data in this database, although external rosters may access +# other databases in their own way. This string supports standard +# 'configuration' substitutions. +url: sqlite:///\$DATA_DIR/mailman.db +#url: mysql+pymysql://mailman3:mmpass@localhost/mailman3?charset=utf8&use_unicode=1 +#url: postgres://mailman3:mmpass@localhost/mailman3 + +debug: no + + +[logging.debian] +# This defines various log settings. The options available are: +# +# - level -- Overrides the default level; this may be any of the +# standard Python logging levels, case insensitive. +# - format -- Overrides the default format string +# - datefmt -- Overrides the default date format string +# - path -- Overrides the default logger path. This may be a relative +# path name, in which case it is relative to Mailman's LOG_DIR, +# or it may be an absolute path name. You cannot change the +# handler class that will be used. +# - propagate -- Boolean specifying whether to propagate log message from this +# logger to the root "mailman" logger. You cannot override +# settings for the root logger. +# +# In this section, you can define defaults for all loggers, which will be +# prefixed by 'mailman.'. Use subsections to override settings for specific +# loggers. The names of the available loggers are: +# +# - archiver -- All archiver output +# - bounce -- All bounce processing logs go here +# - config -- Configuration issues +# - database -- Database logging (SQLAlchemy and Alembic) +# - debug -- Only used for development +# - error -- All exceptions go to this log +# - fromusenet -- Information related to the Usenet to Mailman gateway +# - http -- Internal wsgi-based web interface +# - locks -- Lock state changes +# - mischief -- Various types of hostile activity +# - runner -- Runner process start/stops +# - smtp -- Successful SMTP activity +# - smtp-failure -- Unsuccessful SMTP activity +# - subscribe -- Information about leaves/joins +# - vette -- Message vetting information +format: %(asctime)s (%(process)d) %(message)s +datefmt: %b %d %H:%M:%S %Y +propagate: no +level: info +path: mailman.log + +[webservice] +# The hostname at which admin web service resources are exposed. +hostname: localhost + +# The port at which the admin web service resources are exposed. +port: 8001 + +# Whether or not requests to the web service are secured through SSL. +use_https: ${USE_HTTPS:?} + +# Whether or not to show tracebacks in an HTTP response for a request that +# raised an exception. +show_tracebacks: ${SHOW_TRACEBACKS:?} + +# The API version number for the current (highest) API. +api_version: 3.1 + +# The administrative username. +admin_user: restadmin + +# The administrative password. +admin_pass: ${ADMIN_PASS:?} + +[mta] +# The class defining the interface to the incoming mail transport agent. +#incoming: mailman.mta.exim4.LMTP +incoming: mailman.mta.postfix.LMTP + +# The callable implementing delivery to the outgoing mail transport agent. +# This must accept three arguments, the mailing list, the message, and the +# message metadata dictionary. +outgoing: mailman.mta.deliver.deliver + +# How to connect to the outgoing MTA. If smtp_user and smtp_pass is given, +# then Mailman will attempt to log into the MTA when making a new connection. +smtp_host: localhost +smtp_port: 25 +smtp_user: +smtp_pass: + +# Where the LMTP server listens for connections. Use 127.0.0.1 instead of +# localhost for Postfix integration, because Postfix only consults DNS +# (e.g. not /etc/hosts). +lmtp_host: 127.0.0.1 +lmtp_port: 8024 + +# Where can we find the mail server specific configuration file? The path can +# be either a file system path or a Python import path. If the value starts +# with python: then it is a Python import path, otherwise it is a file system +# path. File system paths must be absolute since no guarantees are made about +# the current working directory. Python paths should not include the trailing +# .cfg, which the file must end with. +#configuration: python:mailman.config.exim4 +configuration: python:mailman.config.postfix + + +[archiver.hyperkitty] +class: mailman_hyperkitty.Archiver +enable: yes +configuration: /etc/mailman3/mailman-hyperkitty.cfg +EOF diff --git a/type/__recycledcloud_lists/files/uwsgi.ini b/type/__recycledcloud_lists/files/uwsgi.ini new file mode 100755 index 0000000..7152068 --- /dev/null +++ b/type/__recycledcloud_lists/files/uwsgi.ini @@ -0,0 +1,50 @@ +[uwsgi] +# Port on which uwsgi will be listening. +uwsgi-socket = /run/mailman3-web/uwsgi.sock + +#Enable threading for python +enable-threads = true + +# Move to the directory wher the django files are. +chdir = /usr/share/mailman3-web + +# Use the wsgi file provided with the django project. +wsgi-file = wsgi.py + +# Setup default number of processes and threads per process. +master = true +process = 2 +threads = 2 + +# Drop privielges and don't run as root. +uid = www-data +gid = www-data + +plugins = python3,logfile + +# Setup the django_q related worker processes. +attach-daemon = python3 manage.py qcluster + +# Setup hyperkitty's cron jobs. +unique-cron = -1 -1 -1 -1 -1 ./manage.py runjobs minutely +unique-cron = -15 -1 -1 -1 -1 ./manage.py runjobs quarter_hourly +unique-cron = 0 -1 -1 -1 -1 ./manage.py runjobs hourly +unique-cron = 0 0 -1 -1 -1 ./manage.py runjobs daily +unique-cron = 0 0 1 -1 -1 ./manage.py runjobs monthly +unique-cron = 0 0 -1 -1 0 ./manage.py runjobs weekly +unique-cron = 0 0 1 1 -1 ./manage.py runjobs yearly + +# Setup the request log. +req-logger = file:/var/log/mailman3/web/mailman-web.log + +# Log cron seperately. +logger = cron file:/var/log/mailman3/web/mailman-web-cron.log +log-route = cron uwsgi-cron + +# Log qcluster commands seperately. +logger = qcluster file:/var/log/mailman3/web/mailman-web-qcluster.log +log-route = qcluster uwsgi-daemons + +# Last log and it logs the rest of the stuff. +#logger = file:/var/log/mailman3/web/mailman-web-error.log +logto = /var/log/mailman3/web/mailman-web.log diff --git a/type/__recycledcloud_lists/manifest b/type/__recycledcloud_lists/manifest new file mode 100644 index 0000000..06f2554 --- /dev/null +++ b/type/__recycledcloud_lists/manifest @@ -0,0 +1,98 @@ +#!/bin/sh + +os=$(cat "${__global:?}/explorer/os") +if [ "$os" != "debian" ]; then + echo "This type does not support $os. Exiting." >&2 + exit 1 +fi + +DOMAIN=$(cat "${__object:?}/parameter/domain") +export DOMAIN + +__recycledcloud_nginx "$DOMAIN" \ + --config - <<- EOF + location / { + uwsgi_pass unix:/run/mailman3-web/uwsgi.sock; + include /etc/nginx/uwsgi_params; + } + + location /mailman3/static { + alias /var/lib/mailman3/web/static; + } + + location /mailman3/static/favicon.ico { + alias /var/lib/mailman3/web/static/postorius/img/favicon.ico; + } + EOF + + +# TLS is handled by proxy (nginx). +export USE_HTTPS=no +export SHOW_TRACEBACKS=no +export EMAILNAME=$DOMAIN + +SITE_OWNER=$(cat "${__object:?}/parameter/site-owner") +ADMIN_PASS=$(cat "${__object:?}/parameter/mailman3-api-admin-pass") +HYPERKITTY_API_KEY=$(cat "${__object:?}/parameter/hyperkitty-api-key") +MAILMAN_ARCHIVER_FROM=$(cat "${__object:?}/parameter/archiver-from") +export ADMIN_PASS HYPERKITTY_API_KEY SITE_OWNER MAILMAN_ARCHIVER_FROM + +DJANGO_SECRET=$(cat "${__object:?}/parameter/django-secret") +export DJANGO_SECRET + +LDAP_SERVER_URI=$(cat "${__object:?}/parameter/ldap-server-uri") +LDAP_BIND_DN=$(cat "${__object:?}/parameter/ldap-bind-dn") +LDAP_BIND_PASSWORD=$(cat "${__object:?}/parameter/ldap-bind-pw") +LDAP_USER_BASE_DN=$(cat "${__object:?}/parameter/ldap-user-base") +LDAP_GROUP_BASE_DN=$(cat "${__object:?}/parameter/ldap-group-base") +SUPERUSER_LDAP_DN=$(cat "${__object:?}/parameter/superuser-ldap-dn") +export LDAP_SERVER_URI LDAP_BIND_DN LDAP_BIND_PASSWORD LDAP_USER_BASE_DN \ + LDAP_GROUP_BASE_DN SUPERUSER_LDAP_DN + +# Install mailman3 and related mail services. +__package python3-ldap +__package python3-django-auth-ldap +require="__recycledcloud_nginx/$DOMAIN __package/python3-ldap \ + __package/python3-django-auth-ldap" __package mailman3-full + +# Install & configure MTA. +__package postfix + +export require='__package/postfix' +__postfix_postconf inet_interfaces --value 'all' +__postfix_postconf recipient_delimiter --value '+' +__postfix_postconf unknown_local_recipient_reject_code --value '500' +__postfix_postconf owner_request_special --value 'no' + +mailman_datadir=/var/lib/mailman3/data +__postfix_postconf transport_maps --value "hash:$mailman_datadir/postfix_lmtp" +__postfix_postconf local_recipient_maps --value "hash:$mailman_datadir/postfix_lmtp" +__postfix_postconf relay_domains --value "hash:$mailman_datadir/postfix_domains" +unset require + +# Generate and deploy configuration. +mkdir -p "${__object:?}/files" +for file in mailman.cfg mailman-web.py mailman-hyperkitty.cfg; do + "${__type:?}/files/$file.sh" > "${__object:?}/files/$file" +done + +require="__package/mailman3-full" __file /etc/mailman3/mailman.cfg \ + --source "${__object:?}/files/mailman.cfg" \ + --owner list \ + --mode 0640 \ + --onchange 'service mailman3 restart' + +require="__package/mailman3-full" __file /etc/mailman3/mailman-hyperkitty.cfg \ + --source "${__object:?}/files/mailman-hyperkitty.cfg" \ + --owner list \ + --mode 0640 + +require="__package/mailman3-full" __file /etc/mailman3/mailman-web.py \ + --source "${__object:?}/files/mailman-web.py" \ + --group www-data \ + --mode 0640 \ + --onchange 'service mailman3-web restart' + +require="__package/mailman3-full" __file /etc/mailman3/uwsgi.ini \ + --source "${__type:?}/files/uwsgi.ini" \ + --mode 0644 diff --git a/type/__recycledcloud_lists/parameter/required b/type/__recycledcloud_lists/parameter/required new file mode 100644 index 0000000..1ab28f4 --- /dev/null +++ b/type/__recycledcloud_lists/parameter/required @@ -0,0 +1,12 @@ +domain +site-owner +mailman3-api-admin-pass +hyperkitty-api-key +ldap-server-uri +ldap-bind-dn +ldap-bind-pw +ldap-user-base +ldap-group-base +superuser-ldap-dn +archiver-from +django-secret diff --git a/type/__recycledcloud_lists/singleton b/type/__recycledcloud_lists/singleton new file mode 100644 index 0000000..e69de29