From 166804e99e33c8ec5760e88ba1f52d4fc301334c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 14 May 2015 22:00:36 +0200 Subject: Configure the list manager (Sympa). --- roles/lists/tasks/mail.yml | 45 +++++++++++++++++++------- roles/lists/tasks/main.yml | 3 +- roles/lists/tasks/nginx.yml | 40 +++++++++++++++++++++++ roles/lists/tasks/sympa.yml | 79 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 154 insertions(+), 13 deletions(-) create mode 100644 roles/lists/tasks/nginx.yml create mode 100644 roles/lists/tasks/sympa.yml (limited to 'roles/lists/tasks') diff --git a/roles/lists/tasks/mail.yml b/roles/lists/tasks/mail.yml index 15d381d..6d1a4f5 100644 --- a/roles/lists/tasks/mail.yml +++ b/roles/lists/tasks/mail.yml @@ -12,22 +12,43 @@ notify: - Reload Postfix -- name: Create directory /etc/postfix-.../virtual - file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual - state=directory - owner=root group=root - mode=0755 - -- name: Copy lookup tables - copy: src=etc/postfix/virtual/{{ item }} - dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }} +- name: Copy the transport maps + copy: src=etc/postfix/transport + dest=/etc/postfix-{{ postfix_instance[inst].name }}/transport owner=root group=root mode=0644 - with_items: - - domains.cf - - transport_list.cf + # no need to reload upon change, as cleanup(8) is short-running + +- name: Copy the Postfix relay clientcerts map + template: src=etc/postfix/relay_clientcerts.j2 + dest=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts + owner=root group=root + mode=0644 + tags: + - tls_policy + +- name: Compile the Postfix relay clientcerts map + postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/relay_clientcerts db=cdb + owner=root group=root + mode=0644 + tags: + - tls_policy + +- name: Compile the Postfix transport maps + # trivial-rewrite(8) is a long-running process, so it's safer to reload + postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=cdb + owner=root group=root + mode=0644 + notify: + - Reload Postfix - meta: flush_handlers - name: Start Postfix service: name=postfix state=started + +- name: Copy the 'sympa-queue' wrapper + copy: src=usr/local/bin/sympa-queue + dest=/usr/local/bin/sympa-queue + owner=root group=root + mode=0755 diff --git a/roles/lists/tasks/main.yml b/roles/lists/tasks/main.yml index 13d3451..f0e8e26 100644 --- a/roles/lists/tasks/main.yml +++ b/roles/lists/tasks/main.yml @@ -1,2 +1,3 @@ - include: mail.yml tags=postfix,mail -- include: mlmmj.yml tags=mlmmj,lists +- include: nginx.yml tags=nginx,www,web +- include: sympa.yml tags=sympa,lists diff --git a/roles/lists/tasks/nginx.yml b/roles/lists/tasks/nginx.yml new file mode 100644 index 0000000..a0aab68 --- /dev/null +++ b/roles/lists/tasks/nginx.yml @@ -0,0 +1,40 @@ +- name: Install Nginx + apt: pkg=nginx + +- name: Generate a private key and a X.509 certificate for Nginx + command: genkeypair.sh x509 + --pubkey=/etc/nginx/ssl/lists.fripost.org.pem + --privkey=/etc/nginx/ssl/lists.fripost.org.key + --ou=WWW --cn=lists.fripost.org --dns=lists.fripost.org + -t rsa -b 4096 -h sha512 + register: r1 + changed_when: r1.rc == 0 + failed_when: r1.rc > 1 + notify: + - Restart Nginx + tags: + - genkey + +- name: Copy /etc/nginx/sites-available/sympa + copy: src=etc/nginx/sites-available/sympa + dest=/etc/nginx/sites-available/sympa + owner=root group=root + mode=0644 + register: r2 + notify: + - Restart Nginx + +- name: Create /etc/nginx/sites-enabled/sympa + file: src=../sites-available/sympa + dest=/etc/nginx/sites-enabled/sympa + owner=root group=root + state=link + register: r3 + notify: + - Restart Nginx + +- name: Start nginx + service: name=nginx state=started + when: not (r1.changed or r2.changed or r3.changed) + +- meta: flush_handlers diff --git a/roles/lists/tasks/sympa.yml b/roles/lists/tasks/sympa.yml new file mode 100644 index 0000000..d1ae505 --- /dev/null +++ b/roles/lists/tasks/sympa.yml @@ -0,0 +1,79 @@ +- apt: pkg={{ item }} install_recommends=no + with_items: + - mysql-server + - sympa + +- name: Make the 'sympa' MySQL user use auth_socket + mysql_user: name=sympa auth_plugin=auth_socket + state=present + +- name: Configure Sympa + copy: src=etc/sympa/{{ item }} + dest=/etc/sympa/{{ item }} + owner=root group=sympa + mode=0644 + with_items: + - sympa.conf + - wwsympa.conf + - topics.conf + register: r1 + notify: + - Restart Sympa + +- name: Create Virtual hosts for Sympa (1) + file: path=/etc/sympa/{{ item }} + state=directory + owner=root group=root + mode=0755 + with_items: + - lists.fripost.org + register: r2 + notify: + - Restart Sympa + +- name: Create Virtual hosts for Sympa (2) + file: path=/var/lib/sympa/list_data/{{ item }} + state=directory + owner=sympa group=sympa + mode=0770 + with_items: + - lists.fripost.org + register: r3 + notify: + - Restart Sympa + +- name: Install robot.conf + template: src=etc/sympa/robot.conf.j2 + dest=/etc/sympa/{{ item }}/robot.conf + owner=root group=root + mode=0644 + with_items: + - lists.fripost.org + register: r4 + notify: + - Restart Sympa + +- name: Start Sympa + service: name=sympa state=started + when: not (r1.changed or r2.changed or r3.changed or r4.changed) + +- meta: flush_handlers + +- name: Copy wwsympa.{service,socket} + copy: src=lib/systemd/system/{{ item }} + dest=/lib/systemd/system/{{ item }} + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + with_items: + - wwsympa.service + - wwsympa.socket + +- meta: flush_handlers + +- name: Enable WWSympa + service: name=wwsympa enabled=yes + +- name: Start WWSympa + service: name=wwsympa state=started -- cgit v1.2.3