summaryrefslogtreecommitdiffstats
path: root/roles/lists/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2015-05-14 22:00:36 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:53:27 +0200
commit166804e99e33c8ec5760e88ba1f52d4fc301334c (patch)
tree706ca108db27e2e6f1c696bdd3f72e6d1f2ce5fa /roles/lists/tasks
parent334b7604727810c02ecb8942f3753dee15466691 (diff)
Configure the list manager (Sympa).
Diffstat (limited to 'roles/lists/tasks')
-rw-r--r--roles/lists/tasks/mail.yml45
-rw-r--r--roles/lists/tasks/main.yml3
-rw-r--r--roles/lists/tasks/nginx.yml40
-rw-r--r--roles/lists/tasks/sympa.yml79
4 files changed, 154 insertions, 13 deletions
diff --git a/roles/lists/tasks/mail.yml b/roles/lists/tasks/mail.yml
index 15d381d..6d1a4f5 100644
--- a/roles/lists/tasks/mail.yml
+++ b/roles/lists/tasks/mail.yml
@@ -12,22 +12,43 @@
notify:
- Reload Postfix
-- name: Create directory /etc/postfix-.../virtual
- file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
- state=directory
- owner=root group=root
- mode=0755
-
-- name: Copy lookup tables
- copy: src=etc/postfix/virtual/{{ item }}
- dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }}
+- name: Copy the transport maps
+ copy: src=etc/postfix/transport
+ dest=/etc/postfix-{{ postfix_instance[inst].name }}/transport
owner=root group=root
mode=0644
- with_items:
- - domains.cf
- - transport_list.cf
+ # no need to reload upon change, as cleanup(8) is short-running
+
+- name: Copy the Postfix relay clientcerts map
+ template: src=etc/postfix/relay_clientcerts.j2
+ dest=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts
+ owner=root group=root
+ mode=0644
+ tags:
+ - tls_policy
+
+- name: Compile the Postfix relay clientcerts map
+ postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts db=cdb
+ owner=root group=root
+ mode=0644
+ tags:
+ - tls_policy
+
+- name: Compile the Postfix transport maps
+ # trivial-rewrite(8) is a long-running process, so it's safer to reload
+ postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=cdb
+ owner=root group=root
+ mode=0644
+ notify:
+ - Reload Postfix
- meta: flush_handlers
- name: Start Postfix
service: name=postfix state=started
+
+- name: Copy the 'sympa-queue' wrapper
+ copy: src=usr/local/bin/sympa-queue
+ dest=/usr/local/bin/sympa-queue
+ owner=root group=root
+ mode=0755
diff --git a/roles/lists/tasks/main.yml b/roles/lists/tasks/main.yml
index 13d3451..f0e8e26 100644
--- a/roles/lists/tasks/main.yml
+++ b/roles/lists/tasks/main.yml
@@ -1,2 +1,3 @@
- include: mail.yml tags=postfix,mail
-- include: mlmmj.yml tags=mlmmj,lists
+- include: nginx.yml tags=nginx,www,web
+- include: sympa.yml tags=sympa,lists
diff --git a/roles/lists/tasks/nginx.yml b/roles/lists/tasks/nginx.yml
new file mode 100644
index 0000000..a0aab68
--- /dev/null
+++ b/roles/lists/tasks/nginx.yml
@@ -0,0 +1,40 @@
+- name: Install Nginx
+ apt: pkg=nginx
+
+- name: Generate a private key and a X.509 certificate for Nginx
+ command: genkeypair.sh x509
+ --pubkey=/etc/nginx/ssl/lists.fripost.org.pem
+ --privkey=/etc/nginx/ssl/lists.fripost.org.key
+ --ou=WWW --cn=lists.fripost.org --dns=lists.fripost.org
+ -t rsa -b 4096 -h sha512
+ register: r1
+ changed_when: r1.rc == 0
+ failed_when: r1.rc > 1
+ notify:
+ - Restart Nginx
+ tags:
+ - genkey
+
+- name: Copy /etc/nginx/sites-available/sympa
+ copy: src=etc/nginx/sites-available/sympa
+ dest=/etc/nginx/sites-available/sympa
+ owner=root group=root
+ mode=0644
+ register: r2
+ notify:
+ - Restart Nginx
+
+- name: Create /etc/nginx/sites-enabled/sympa
+ file: src=../sites-available/sympa
+ dest=/etc/nginx/sites-enabled/sympa
+ owner=root group=root
+ state=link
+ register: r3
+ notify:
+ - Restart Nginx
+
+- name: Start nginx
+ service: name=nginx state=started
+ when: not (r1.changed or r2.changed or r3.changed)
+
+- meta: flush_handlers
diff --git a/roles/lists/tasks/sympa.yml b/roles/lists/tasks/sympa.yml
new file mode 100644
index 0000000..d1ae505
--- /dev/null
+++ b/roles/lists/tasks/sympa.yml
@@ -0,0 +1,79 @@
+- apt: pkg={{ item }} install_recommends=no
+ with_items:
+ - mysql-server
+ - sympa
+
+- name: Make the 'sympa' MySQL user use auth_socket
+ mysql_user: name=sympa auth_plugin=auth_socket
+ state=present
+
+- name: Configure Sympa
+ copy: src=etc/sympa/{{ item }}
+ dest=/etc/sympa/{{ item }}
+ owner=root group=sympa
+ mode=0644
+ with_items:
+ - sympa.conf
+ - wwsympa.conf
+ - topics.conf
+ register: r1
+ notify:
+ - Restart Sympa
+
+- name: Create Virtual hosts for Sympa (1)
+ file: path=/etc/sympa/{{ item }}
+ state=directory
+ owner=root group=root
+ mode=0755
+ with_items:
+ - lists.fripost.org
+ register: r2
+ notify:
+ - Restart Sympa
+
+- name: Create Virtual hosts for Sympa (2)
+ file: path=/var/lib/sympa/list_data/{{ item }}
+ state=directory
+ owner=sympa group=sympa
+ mode=0770
+ with_items:
+ - lists.fripost.org
+ register: r3
+ notify:
+ - Restart Sympa
+
+- name: Install robot.conf
+ template: src=etc/sympa/robot.conf.j2
+ dest=/etc/sympa/{{ item }}/robot.conf
+ owner=root group=root
+ mode=0644
+ with_items:
+ - lists.fripost.org
+ register: r4
+ notify:
+ - Restart Sympa
+
+- name: Start Sympa
+ service: name=sympa state=started
+ when: not (r1.changed or r2.changed or r3.changed or r4.changed)
+
+- meta: flush_handlers
+
+- name: Copy wwsympa.{service,socket}
+ copy: src=lib/systemd/system/{{ item }}
+ dest=/lib/systemd/system/{{ item }}
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+ with_items:
+ - wwsympa.service
+ - wwsympa.socket
+
+- meta: flush_handlers
+
+- name: Enable WWSympa
+ service: name=wwsympa enabled=yes
+
+- name: Start WWSympa
+ service: name=wwsympa state=started