Configure the list manager (Sympa).

4 files changed, 154 insertions, 13 deletions

diff --git a/roles/lists/tasks/mail.yml b/roles/lists/tasks/mail.yml
index 15d381d..6d1a4f5 100644
--- a/roles/lists/tasks/mail.yml
+++ b/roles/lists/tasks/mail.yml
@@ -12,22 +12,43 @@
   notify:
     - Reload Postfix
 
-- name: Create directory /etc/postfix-.../virtual
-  file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
-        state=directory
-        owner=root group=root
-        mode=0755
-
-- name: Copy lookup tables
-  copy: src=etc/postfix/virtual/{{ item }}
-        dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }}
+- name: Copy the transport maps
+  copy: src=etc/postfix/transport
+        dest=/etc/postfix-{{ postfix_instance[inst].name }}/transport
         owner=root group=root
         mode=0644
-  with_items:
-    - domains.cf
-    - transport_list.cf
+  # no need to reload upon change, as cleanup(8) is short-running
+
+- name: Copy the Postfix relay clientcerts map
+  template: src=etc/postfix/relay_clientcerts.j2
+            dest=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts
+            owner=root group=root
+            mode=0644
+  tags:
+    - tls_policy
+
+- name: Compile the Postfix relay clientcerts map
+  postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts db=cdb
+           owner=root group=root
+           mode=0644
+  tags:
+    - tls_policy
+
+- name: Compile the Postfix transport maps
+  # trivial-rewrite(8) is a long-running process, so it's safer to reload
+  postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=cdb
+           owner=root group=root
+           mode=0644
+  notify:
+    - Reload Postfix
 
 - meta: flush_handlers
 
 - name: Start Postfix
   service: name=postfix state=started
+
+- name: Copy the 'sympa-queue' wrapper
+  copy: src=usr/local/bin/sympa-queue
+        dest=/usr/local/bin/sympa-queue
+        owner=root group=root
+        mode=0755
diff --git a/roles/lists/tasks/main.yml b/roles/lists/tasks/main.yml
index 13d3451..f0e8e26 100644
--- a/roles/lists/tasks/main.yml
+++ b/roles/lists/tasks/main.yml
@@ -1,2 +1,3 @@
 - include: mail.yml      tags=postfix,mail
-- include: mlmmj.yml     tags=mlmmj,lists
+- include: nginx.yml     tags=nginx,www,web
+- include: sympa.yml     tags=sympa,lists
diff --git a/roles/lists/tasks/nginx.yml b/roles/lists/tasks/nginx.yml
new file mode 100644
index 0000000..a0aab68
--- /dev/null
+++ b/roles/lists/tasks/nginx.yml
@@ -0,0 +1,40 @@
+- name: Install Nginx
+  apt: pkg=nginx
+
+- name: Generate a private key and a X.509 certificate for Nginx
+  command: genkeypair.sh x509
+                         --pubkey=/etc/nginx/ssl/lists.fripost.org.pem
+                         --privkey=/etc/nginx/ssl/lists.fripost.org.key
+                         --ou=WWW --cn=lists.fripost.org --dns=lists.fripost.org
+                         -t rsa -b 4096 -h sha512
+  register: r1
+  changed_when: r1.rc == 0
+  failed_when: r1.rc > 1
+  notify:
+    - Restart Nginx
+  tags:
+    - genkey
+
+- name: Copy /etc/nginx/sites-available/sympa
+  copy: src=etc/nginx/sites-available/sympa
+        dest=/etc/nginx/sites-available/sympa
+        owner=root group=root
+        mode=0644
+  register: r2
+  notify:
+    - Restart Nginx
+
+- name: Create /etc/nginx/sites-enabled/sympa
+  file: src=../sites-available/sympa
+        dest=/etc/nginx/sites-enabled/sympa
+        owner=root group=root
+        state=link
+  register: r3
+  notify:
+    - Restart Nginx
+
+- name: Start nginx
+  service: name=nginx state=started
+  when: not (r1.changed or r2.changed or r3.changed)
+
+- meta: flush_handlers
diff --git a/roles/lists/tasks/sympa.yml b/roles/lists/tasks/sympa.yml
new file mode 100644
index 0000000..d1ae505
--- /dev/null
+++ b/roles/lists/tasks/sympa.yml
@@ -0,0 +1,79 @@
+- apt: pkg={{ item }} install_recommends=no
+  with_items:
+    - mysql-server
+    - sympa
+
+- name: Make the 'sympa' MySQL user use auth_socket
+  mysql_user: name=sympa auth_plugin=auth_socket
+              state=present
+
+- name: Configure Sympa
+  copy: src=etc/sympa/{{ item }}
+        dest=/etc/sympa/{{ item }}
+        owner=root group=sympa
+        mode=0644
+  with_items:
+    - sympa.conf
+    - wwsympa.conf
+    - topics.conf
+  register: r1
+  notify:
+    - Restart Sympa
+
+- name: Create Virtual hosts for Sympa (1)
+  file: path=/etc/sympa/{{ item }}
+        state=directory
+        owner=root group=root
+        mode=0755
+  with_items:
+    - lists.fripost.org
+  register: r2
+  notify:
+    - Restart Sympa
+
+- name: Create Virtual hosts for Sympa (2)
+  file: path=/var/lib/sympa/list_data/{{ item }}
+        state=directory
+        owner=sympa group=sympa
+        mode=0770
+  with_items:
+    - lists.fripost.org
+  register: r3
+  notify:
+    - Restart Sympa
+
+- name: Install robot.conf
+  template: src=etc/sympa/robot.conf.j2
+            dest=/etc/sympa/{{ item }}/robot.conf
+            owner=root group=root
+            mode=0644
+  with_items:
+    - lists.fripost.org
+  register: r4
+  notify:
+    - Restart Sympa
+
+- name: Start Sympa
+  service: name=sympa state=started
+  when: not (r1.changed or r2.changed or r3.changed or r4.changed)
+
+- meta: flush_handlers
+
+- name: Copy wwsympa.{service,socket}
+  copy: src=lib/systemd/system/{{ item }}
+        dest=/lib/systemd/system/{{ item }}
+        owner=root group=root
+        mode=0644
+  notify:
+    - systemctl daemon-reload
+  with_items:
+    - wwsympa.service
+    - wwsympa.socket
+
+- meta: flush_handlers
+
+- name: Enable WWSympa
+  service: name=wwsympa enabled=yes
+
+- name: Start WWSympa
+  service: name=wwsympa state=started