jim
/
MythicSalt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: jim:d6eac0bbfbb3ce7f800d954df6cf078cdbbc7920
Branches Tags
jim:main
..
compare: jim:61f1751416bfc81037994bb955e25c8d1de79e7d
Branches Tags
jim:main

No commits in common. "d6eac0bbfbb3ce7f800d954df6cf078cdbbc7920" and "61f1751416bfc81037994bb955e25c8d1de79e7d" have entirely different histories.
d6eac0bbfb ... 61f1751416

20 changed files with 13 additions and 1000 deletions
Show Stats Expand all files Collapse all files

44
states/email/aliases/aliases
View File

@ -1,44 +0,0 @@
# /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
www-data: root
ftp: root
abuse: root
noc: root
security: root
root:jim@lunch.org.uk
alexandra: alex
alexandra.hague: alex
bunny: alex
ali: alex
ali.hague: alex
jim.hague: jim
heather.james: heather
chrissie: chrissy
christina: chrissy
christina.hague: chrissy
toby: jim
fitzroy: jim
nthague: jim
hannah.farncombe: hannah
#hannah: hjfarncombe@me.com
wpcc: jim
ryman: jim
parents: jim,heather
jenkins: jim
clamav: root
monit: root

11
states/email/aliases/aliases.cowboybuilder.org.uk
View File

@ -1,11 +0,0 @@
# This is the aliases file for cryhavoc.org.uk. It does not permit
# file aliases.
postmaster: root
root: jim@lunch.org.uk
mailer-daemon: postmaster
mail: postmaster
webmaster: root
admin: root
woody: jim

23
states/email/aliases/aliases.cryhavoc.org.uk
View File

@ -1,23 +0,0 @@
# This is the aliases file for cryhavoc.org.uk. It does not permit
# file aliases.
postmaster: root
root: jim@lunch.org.uk
mailer-daemon: postmaster
mail: postmaster
webmaster: root
admin: root
info: jim
www-data: jim@lunch.org.uk
jim: jim@lunch.org.uk
wiki: jim@lunch.org.uk
bag: louisthurman@gmail.com, jim@lunch.org.uk
foreman: jim@lunch.org.uk
dottes: jim@lunch.org.uk
squire: jim@lunch.org.uk
treasurer: phm.day202@btinternet.com
privacy: squire,bag

77
states/email/aliases/aliases.lunch.org.uk
View File

@ -1,77 +0,0 @@
# This is the aliases file for lunch.org.uk. It does not permit
# file and pipe aliases.
postmaster: root
root: jim
mailer-daemon: postmaster
mail: postmaster
webmaster: root
nas: jim
alexandra: alex
alexandra.hague: alex
ali: alex
bunny: alex
jim.hague: jim
heather.james: heather
chrissie: chrissy
christina: chrissy
christina.hague: chrissy
toby: jim
fitzroy: jim
santa: jim
joybear: jim
#OxLUG
#oxlug: jim@lunch.org.uk,
# leonard.ian@gmail.com,
# ian@smallworld.cx,
# phil@kantaka.co.uk,
# hubert@oxyware.com,
# tim.pizey@gmail.com,
# entity@danny.id.au,
# robertbentall@gmail.com,
# chris@griggs.me.uk,
# nicholas.cole@history.ox.ac.uk,
# dom@earth.li,
# deya_sanchez@oslerdiagnostics.com,
# james@inkblotsoftware.com
# MHCC
mhcc-all: jim@bear-cave.org.uk,
MarlbHCricket@aol.com,
martin@italy-update.demon.co.uk,
em_dom@hotmail.com,
gurmej.lal@siemens.com,
Huw.Leggate@Jet.uk,
Karen.Carroll@oxmhc-tr.nhs.uk,
jondunkley@aol.com,
Marni786ms@hotmail.com,
Mike.Reeves@wallingfordsoftware.com,
mitchell_fraser-jones@hen.invesco.com,
Sally.Moore@oxon.blackwellpublishing.com,
sureshp@sterilox.com,
mshelloxford@yahoo.com,
owenslat@hotmail.com,
sundancekid69@Hotmail.com,
bigash51@yahoo.co.uk,
andrewlines@O2.co.uk,
willsyboy3@hotmail.com,
Richard.Body@WallingfordSoftware.com,
abastin@oxford.gov.uk,
Andrew.Land@atkinsglobal.com,
gwyn.jones@aeat.co.uk,
Paul.Henley@Man.ac.uk,
alberto.behar@nuffield.oxford.ac.uk,
jeremy.bowell@oup.com,
richard.coggins@magdalen.oxford.ac.uk,
gwyn.jones@aeat.co.uk,
alistair.james@eng.ox.ac.uk
# MHCC SMS
mhcc-sms: bcb7049f07f4c44cbc6497aa81f92b@dist.aql.com
jane: janestannard@hotmail.com
#jane: jim@lunch.org.uk, janestannard@hotmail.com

7
states/email/dovecot_local.conf
View File

@ -18,10 +18,3 @@ protocol imap {
mail_max_userip_connections = 40
}
# Allow client auth to exim4.
service auth {
unix_listener auth-client {
mode = 0660
group = Debian-exim
}
}

32
states/email/exim4/conf.d/router/180_srs
View File

@ -1,40 +1,20 @@
fdef SRS_SECRET
.ifdef DCconfig_internet
outbound_srs:
debug_print = "R: SRS outbound for $local_part@$domain original $original_local_part@$original_domain"
outbound:
driver = dnslookup
# if outbound, and forwarding has been done, use an alternate transport
domains = ! +local_domains
condition = ${if !eq {$local_part@$domain} \
{$original_local_part@$original_domain}}
transport = {remote_forwarded_smtp}
transport = ${if eq {$local_part@$domain} \
{$original_local_part@$original_domain} \
{remote_smtp} {remote_forwarded_smtp}}
.elifdef DCconfig_smarthost DCconfig_satellite
outbound_srs_smarthost:
debug_print = "R: SRS outbound smarthost for $local_part@$domain original $original_local_part@$original_domain"
driver = dnslookup
# if outbound, and forwarding has been done, use an alternate transport
domains = ! +local_domains
condition = ${if !eq {$local_part@$domain} \
{$original_local_part@$original_domain}}
transport = {remote_forwarded_smtp_smarthost}
.endif
inbound_srs:
debug_print = "R: inbound_srs for $local_part@$domain"
driver = redirect
senders = :
domains = +local_domains
# detect inbound bounces which are SRS'd, and decode them
condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
data = $srs_recipient
inbound_srs_failure:
debug_print = "R: inbound_srs_failure for $local_part@$domain"
driver = redirect
senders = :
domains = +local_domains
@ -42,5 +22,3 @@ fdef SRS_SECRET
condition = ${if inbound_srs {$local_part} {}}
allow_fail
data = :fail: Invalid SRS recipient address
.endif

7
states/email/exim4/conf.d/transport/32_srs Normal file
View File

@ -0,0 +1,7 @@
# transport; should look like the non-forward outbound
# one, plus the max_rcpt and return_path options
remote_forwarded_smtp:
driver = smtp
# modify the envelope from, for mails that we forward
max_rcpt = 1
return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}

62
states/email/exim4/conf.d/transport/32_srs_remote_smtp
View File

@ -1,62 +0,0 @@
# transport; should look like the non-forward outbound
# one, plus the max_rcpt and return_path options
remote_forwarded_smtp:
debug_print = "T: remote_forwarded_smtp for $local_part@$domain original domain $original_domain"
driver = smtp
# modify the envelope from, for mails that we forward
max_rcpt = 1
return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
.endif
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef REMOTE_SMTP_INTERFACE
interface = REMOTE_SMTP_INTERFACE
.endif
.ifdef DKIM_DOMAIN
dkim_domain = DKIM_DOMAIN
.endif
.ifdef DKIM_SELECTOR
dkim_selector = DKIM_SELECTOR
.endif
.ifdef DKIM_PRIVATE_KEY
dkim_private_key = DKIM_PRIVATE_KEY
.endif
.ifdef DKIM_CANON
dkim_canon = DKIM_CANON
.endif
.ifdef DKIM_STRICT
dkim_strict = DKIM_STRICT
.endif
.ifdef DKIM_SIGN_HEADERS
dkim_sign_headers = DKIM_SIGN_HEADERS
.endif
.ifdef DKIM_TIMESTAMPS
dkim_timestamps = DKIM_TIMESTAMPS
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
.ifdef REMOTE_SMTP_TLS_CERTIFICATE
tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
.endif
.ifdef REMOTE_SMTP_PRIVATEKEY
tls_privatekey = REMOTE_SMTP_PRIVATEKEY
.endif
.ifdef REMOTE_SMTP_HOSTS_REQUIRE_TLS
hosts_require_tls = REMOTE_SMTP_HOSTS_REQUIRE_TLS
.endif
.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
.endif

51
states/email/exim4/conf.d/transport/32_srs_remote_smtp_smarthost
View File

@ -1,51 +0,0 @@
# transport; should look like the non-forward outbound
# one, plus the max_rcpt and return_path options
remote_forwarded_smtp_smarthost:
debug_print = "T: remote_forwarded_smtp_smarthost for $local_part@$domain original domain $original_domain"
driver = smtp
# modify the envelope from, for mails that we forward
max_rcpt = 1
return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}
multi_domain
.ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
.endif
hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
}\
{} \
}
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
.endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
return_path = REMOTE_SMTP_RETURN_PATH
.endif
.ifdef REMOTE_SMTP_HELO_DATA
helo_data=REMOTE_SMTP_HELO_DATA
.endif
.ifdef TLS_DH_MIN_BITS
tls_dh_min_bits = TLS_DH_MIN_BITS
.endif
.ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
.endif
.ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY
tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY
.endif
.ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
.endif

1
states/email/init.sls
View File

@ -2,4 +2,3 @@ include:
- email/dovecot
- email/rspamd
- email/exim4
- email/mailboxes

48
states/email/mailboxes.sls
View File

@ -1,48 +0,0 @@
# Mailboxes that need to exist, and supporting files.
heather:
group.present:
- gid: 1001
user.present:
- fullname: 'Heather James'
- home: /home/heather
- shell: /bin/bash
- uid: 1001
- gid: 1001
alex:
group.present:
- gid: 1002
user.present:
- fullname: 'Alexandra Hague'
- home: /home/alex
- shell: /bin/bash
- uid: 1002
- gid: 1002
chrissy:
group.present:
- gid: 1003
user.present:
- fullname: 'Christina Hague'
- home: /home/chrissy
- shell: /bin/bash
- uid: 1003
- gid: 1003
hannah:
group.present:
- gid: 1007
user.present:
- fullname: 'Hannah Farncombe'
- home: /home/hannah
- shell: /bin/bash
- uid: 1005
- gid: 1007
email_aliases:
file.recurse:
- name: /etc
- file_mode: '0644'
- source: salt://email/aliases

190
states/mailman/etc/mailman-web.py
View File

@ -1,190 +0,0 @@
# This file is imported by the Mailman Suite. It is used to override
# the default settings from /usr/share/mailman3-web/settings.py.
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'PMjOqXpDCJkloOvDJoutsV4ZqNNzI8hXyLN6KCLalLresPaA'
ADMINS = (
('Mailman Suite Admin', 'root@localhost'),
)
# Hosts/domain names that are valid for this site; required if DEBUG is False
# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
# Set to '*' per default in the Deian package to allow all hostnames. Mailman3
# is meant to run behind a webserver reverse proxy anyway.
ALLOWED_HOSTS = [
#"localhost", # Archiving API from Mailman, keep it.
# "lists.your-domain.org",
# Add here all production URLs you may have.
'*'
]
# Mailman API credentials
MAILMAN_REST_API_URL = 'http://localhost:8001'
MAILMAN_REST_API_USER = 'restadmin'
MAILMAN_REST_API_PASS = 'JLXqquLV2xJyuC9XpwuGrg9wVnrADgc8LA4UKdGXFudEJ5FM'
MAILMAN_ARCHIVER_KEY = 'yecyDwdMl5Sl5LnIfQbLWdhlpEeNGSUx'
MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
# Application definition
INSTALLED_APPS = (
'hyperkitty',
'postorius',
'django_mailman3',
# Uncomment the next line to enable the admin:
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
# 'django.contrib.admindocs',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'django_gravatar',
'compressor',
'haystack',
'django_extensions',
'django_q',
'allauth',
'allauth.account',
'allauth.socialaccount',
#'django_mailman3.lib.auth.fedora',
#'allauth.socialaccount.providers.openid',
#'allauth.socialaccount.providers.github',
#'allauth.socialaccount.providers.gitlab',
#'allauth.socialaccount.providers.google',
#'allauth.socialaccount.providers.facebook',
#'allauth.socialaccount.providers.twitter',
#'allauth.socialaccount.providers.stackexchange',
)
# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
DATABASES = {
'default': {
# Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
'ENGINE': 'django.db.backends.sqlite3',
#'ENGINE': 'django.db.backends.postgresql_psycopg2',
#'ENGINE': 'django.db.backends.mysql',
# DB name or path to database file if using sqlite3.
'NAME': '/var/lib/mailman3/web/mailman3web.db',
# The following settings are not used with sqlite3:
'USER': '',
'PASSWORD': '',
# HOST: empty for localhost through domain sockets or '127.0.0.1' for
# localhost through TCP.
'HOST': '',
# PORT: set to empty string for default.
'PORT': '',
# OPTIONS: Extra parameters to use when connecting to the database.
'OPTIONS': {
# Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
# https://docs.djangoproject.com/en/1.11/ref/
# databases/#setting-sql-mode
#'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
},
}
}
# If you're behind a proxy, use the X-Forwarded-Host header
# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
USE_X_FORWARDED_HOST = True
# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
# Other security settings
# SECURE_SSL_REDIRECT = True
# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT
# contains at least this line:
# SECURE_REDIRECT_EXEMPT = [
# "archives/api/mailman/.*", # Request from Mailman.
# ]
# SESSION_COOKIE_SECURE = True
# SECURE_CONTENT_TYPE_NOSNIFF = True
# SECURE_BROWSER_XSS_FILTER = True
# CSRF_COOKIE_SECURE = True
# CSRF_COOKIE_HTTPONLY = True
# X_FRAME_OPTIONS = 'DENY'
# Internationalization
# https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Set default domain for email addresses.
EMAILNAME = 'localhost.local'
# If you enable internal authentication, this is the address that the emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
# DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org"
DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME)
# If you enable email reporting for error messages, this is where those emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
# SERVER_EMAIL = 'root@your-domain.org'
SERVER_EMAIL = 'root@{}'.format(EMAILNAME)
# Django Allauth
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
#
# Social auth
#
SOCIALACCOUNT_PROVIDERS = {
#'openid': {
# 'SERVERS': [
# dict(id='yahoo',
# name='Yahoo',
# openid_url='http://me.yahoo.com'),
# ],
#},
#'google': {
# 'SCOPE': ['profile', 'email'],
# 'AUTH_PARAMS': {'access_type': 'online'},
#},
#'facebook': {
# 'METHOD': 'oauth2',
# 'SCOPE': ['email'],
# 'FIELDS': [
# 'email',
# 'name',
# 'first_name',
# 'last_name',
# 'locale',
# 'timezone',
# ],
# 'VERSION': 'v2.4',
#},
}
# On a production setup, setting COMPRESS_OFFLINE to True will bring a
# significant performance improvement, as CSS files will not need to be
# recompiled on each requests. It means running an additional "compress"
# management command after each code upgrade.
# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
COMPRESS_OFFLINE = True
POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'

272
states/mailman/etc/mailman.cfg
View File

@ -1,272 +0,0 @@
# Copyright (C) 2008-2017 by the Free Software Foundation, Inc.
#
# This file is part of GNU Mailman.
#
# GNU Mailman is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# GNU Mailman is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along with
# GNU Mailman. If not, see <http://www.gnu.org/licenses/>.
# This file contains the Debian configuration for mailman. It uses ini-style
# formats under the lazr.config regime to define all system configuration
# options. See <https://launchpad.net/lazr.config> for details.
[mailman]
# This address is the "site owner" address. Certain messages which must be
# delivered to a human, but which can't be delivered to a list owner (e.g. a
# bounce from a list owner), will be sent to this address. It should point to
# a human.
site_owner: postmaster@lunch.org.uk
# This is the local-part of an email address used in the From field whenever a
# message comes from some entity to which there is no natural reply recipient.
# Mailman will append '@' and the host name of the list involved. This
# address must not bounce and it must not point to a Mailman process.
#noreply_address: noreply
noreply_address: postmaster
# The default language for this server.
default_language: en
# Membership tests for posting purposes are usually performed by looking at a
# set of headers, passing the test if any of their values match a member of
# the list. Headers are checked in the order given in this variable. The
# value From_ means to use the envelope sender. Field names are case
# insensitive. This is a space separate list of headers.
sender_headers: from from_ reply-to sender
# Mail command processor will ignore mail command lines after designated max.
email_commands_max_lines: 10
# Default length of time a pending request is live before it is evicted from
# the pending database.
pending_request_life: 3d
# How long should files be saved before they are evicted from the cache?
cache_life: 7d
# A callable to run with no arguments early in the initialization process.
# This runs before database initialization.
pre_hook:
# A callable to run with no arguments late in the initialization process.
# This runs after adapters are initialized.
post_hook:
# Which paths.* file system layout to use.
# You should not change this variable.
layout: debian
# Can MIME filtered messages be preserved by list owners?
filtered_messages_are_preservable: no
# How should text/html parts be converted to text/plain when the mailing list
# is set to convert HTML to plaintext? This names a command to be called,
# where the substitution variable $filename is filled in by Mailman, and
# contains the path to the temporary file that the command should read from.
# The command should print the converted text to stdout.
html_to_plain_text_command: /usr/bin/lynx -dump $filename
# Specify what characters are allowed in list names. Characters outside of
# the class [-_.+=!$*{}~0-9a-z] matched case insensitively are never allowed,
# but this specifies a subset as the only allowable characters. This must be
# a valid character class regexp or the effect on list creation is
# unpredictable.
listname_chars: [-_.0-9a-z]
[shell]
# `mailman shell` (also `withlist`) gives you an interactive prompt that you
# can use to interact with an initialized and configured Mailman system. Use
# --help for more information. This section allows you to configure certain
# aspects of this interactive shell.
# Customize the interpreter prompt.
prompt: >>>
# Banner to show on startup.
banner: Welcome to the GNU Mailman shell
# Use IPython as the shell, which must be found on the system. Valid values
# are `no`, `yes`, and `debug` where the latter is equivalent to `yes` except
# that any import errors will be displayed to stderr.
use_ipython: no
# Set this to allow for command line history if readline is available. This
# can be as simple as $var_dir/history.py to put the file in the var directory.
history_file:
[paths.debian]
# Important directories for Mailman operation. These are defined here so that
# different layouts can be supported. For example, a developer layout would
# be different from a FHS layout. Most paths are based off the var_dir, and
# often just setting that will do the right thing for all the other paths.
# You might also have to set spool_dir though.
#
# Substitutions are allowed, but must be of the form $var where 'var' names a
# configuration variable in the paths.* section. Substitutions are expanded
# recursively until no more $-variables are present. Beware of infinite
# expansion loops!
#
# This is the root of the directory structure that Mailman will use to store
# its run-time data.
var_dir: /var/lib/mailman3
# This is where the Mailman queue files directories will be created.
queue_dir: $var_dir/queue
# This is the directory containing the Mailman 'runner' and 'master' commands
# if set to the string '$argv', it will be taken as the directory containing
# the 'mailman' command.
bin_dir: /usr/lib/mailman3/bin
# All list-specific data.
list_data_dir: $var_dir/lists
# Directory where log files go.
log_dir: /var/log/mailman3
# Directory for system-wide locks.
lock_dir: $var_dir/locks
# Directory for system-wide data.
data_dir: $var_dir/data
# Cache files.
cache_dir: $var_dir/cache
# Directory for configuration files and such.
etc_dir: /etc/mailman3
# Directory containing Mailman plugins.
ext_dir: $var_dir/ext
# Directory where the default IMessageStore puts its messages.
messages_dir: $var_dir/messages
# Directory for archive backends to store their messages in. Archivers should
# create a subdirectory in here to store their files.
archive_dir: $var_dir/archives
# Root directory for site-specific template override files.
template_dir: $var_dir/templates
# There are also a number of paths to specific file locations that can be
# defined. For these, the directory containing the file must already exist,
# or be one of the directories created by Mailman as per above.
#
# This is where PID file for the master runner is stored.
pid_file: /run/mailman3/master.pid
# Lock file.
lock_file: $lock_dir/master.lck
[database]
# The class implementing the IDatabase.
class: mailman.database.sqlite.SQLiteDatabase
#class: mailman.database.mysql.MySQLDatabase
#class: mailman.database.postgresql.PostgreSQLDatabase
# Use this to set the Storm database engine URL. You generally have one
# primary database connection for all of Mailman. List data and most rosters
# will store their data in this database, although external rosters may access
# other databases in their own way. This string supports standard
# 'configuration' substitutions.
url: sqlite:///$DATA_DIR/mailman.db
#url: mysql+pymysql://mailman3:mmpass@localhost/mailman3?charset=utf8&use_unicode=1
#url: postgres://mailman3:mmpass@localhost/mailman3
debug: no
[logging.debian]
# This defines various log settings. The options available are:
#
# - level -- Overrides the default level; this may be any of the
# standard Python logging levels, case insensitive.
# - format -- Overrides the default format string
# - datefmt -- Overrides the default date format string
# - path -- Overrides the default logger path. This may be a relative
# path name, in which case it is relative to Mailman's LOG_DIR,
# or it may be an absolute path name. You cannot change the
# handler class that will be used.
# - propagate -- Boolean specifying whether to propagate log message from this
# logger to the root "mailman" logger. You cannot override
# settings for the root logger.
#
# In this section, you can define defaults for all loggers, which will be
# prefixed by 'mailman.'. Use subsections to override settings for specific
# loggers. The names of the available loggers are:
#
# - archiver -- All archiver output
# - bounce -- All bounce processing logs go here
# - config -- Configuration issues
# - database -- Database logging (SQLAlchemy and Alembic)
# - debug -- Only used for development
# - error -- All exceptions go to this log
# - fromusenet -- Information related to the Usenet to Mailman gateway
# - http -- Internal wsgi-based web interface
# - locks -- Lock state changes
# - mischief -- Various types of hostile activity
# - runner -- Runner process start/stops
# - smtp -- Successful SMTP activity
# - smtp-failure -- Unsuccessful SMTP activity
# - subscribe -- Information about leaves/joins
# - vette -- Message vetting information
format: %(asctime)s (%(process)d) %(message)s
datefmt: %b %d %H:%M:%S %Y
propagate: no
level: info
path: mailman.log
[webservice]
# The hostname at which admin web service resources are exposed.
hostname: localhost
# The port at which the admin web service resources are exposed.
port: 8001
# Whether or not requests to the web service are secured through SSL.
use_https: no
# Whether or not to show tracebacks in an HTTP response for a request that
# raised an exception.
show_tracebacks: yes
# The API version number for the current (highest) API.
api_version: 3.1
# The administrative username.
admin_user: restadmin
# The administrative password.
admin_pass: JLXqquLV2xJyuC9XpwuGrg9wVnrADgc8LA4UKdGXFudEJ5FM
[mta]
# The class defining the interface to the incoming mail transport agent.
incoming: mailman.mta.exim4.LMTP
#incoming: mailman.mta.postfix.LMTP
# The callable implementing delivery to the outgoing mail transport agent.
# This must accept three arguments, the mailing list, the message, and the
# message metadata dictionary.
outgoing: mailman.mta.deliver.deliver
# How to connect to the outgoing MTA. If smtp_user and smtp_pass is given,
# then Mailman will attempt to log into the MTA when making a new connection.
smtp_host: localhost
smtp_port: 25
smtp_user:
smtp_pass:
# Where the LMTP server listens for connections. Use 127.0.0.1 instead of
# localhost for Postfix integration, because Postfix only consults DNS
# (e.g. not /etc/hosts).
lmtp_host: 127.0.0.1
lmtp_port: 8024
# Where can we find the mail server specific configuration file? The path can
# be either a file system path or a Python import path. If the value starts
# with python: then it is a Python import path, otherwise it is a file system
# path. File system paths must be absolute since no guarantees are made about
# the current working directory. Python paths should not include the trailing
# .cfg, which the file must end with.
configuration: python:mailman.config.exim4
#configuration: python:mailman.config.postfix

19
states/mailman/exim4/conf.d/main/04_local_mailman_macros
View File

@ -1,19 +0,0 @@
# The colon-separated list of domains served by Mailman.
domainlist mm_domains=lunch.org.uk:cryhavoc.org.uk
MM3_LMTP_PORT=8024
# MM3_HOME must be set to mailman's var directory, wherever it is
# according to your installation.
MM3_HOME=/var/lib/mailman3
MM3_UID=list
MM3_GID=list
################################################################
# The configuration below is boilerplate:
# you should not need to change it.
# The path to the list receipt (used as the required file when
# matching list addresses)
MM3_LISTCHK=MM3_HOME/lists/${local_part}.${domain}

12
states/mailman/exim4/conf.d/router/970_local_mailman
View File

@ -1,12 +0,0 @@
mailman3_router:
driver = accept
domains = +mm_domains
require_files = MM3_LISTCHK
local_part_suffix_optional
local_part_suffix = \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
transport = mailman3_transport

7
states/mailman/exim4/conf.d/transport/40_local_mailman
View File

@ -1,7 +0,0 @@
mailman3_transport:
driver = smtp
protocol = lmtp
allow_localhost
hosts = localhost
port = MM3_LMTP_PORT
rcpt_include_affixes = true

72
states/mailman/init.sls
View File

@ -1,72 +0,0 @@
mailman3:
pkg.installed:
- pkgs:
- mailman3-full
- libapache2-mod-proxy-uwsgi
mailman3_conf:
file.managed:
- names:
- /etc/mailman3/mailman.cfg:
- source: salt://mailman/etc/mailman.cfg
- group: list
- mode: 0640
- /etc/mailman3/mailman-web.py:
- source: salt://mailman/etc/mailman-web.py
- group: www-data
- mode: 0640
- require:
- pkg: mailman3
- sls: apache
service.running:
- name: mailman3
- restart: true
- watch:
- file: mailman3_conf
mailman3_exim4_conf:
file.recurse:
- name: /etc/exim4
- dir_mode: '0755'
- file_mode: '0644'
- source: salt://mailman/exim4
- require:
- sls: email/exim4
mailman3_exim4_update_conf:
cmd.run:
- name: update-exim4.conf
- onchanges:
- file: mailman3_exim4_conf
mailman3_exim4_service:
service.running:
- name: exim4
- reload: true
- watch:
- cmd: mailman3_exim4_update_conf
mailman3_apache_uwsgi:
apache_module.enabled:
- name: proxy_uwsgi
- require:
- pkg: mailman3
mailman3_apache_web:
file.managed:
- require:
- sls: apache
- sls: certificates
- names:
- /etc/apache2/sites-available/lists.lunch.org.uk.conf:
- source: salt://mailman/lists.lunch.org.uk.conf
apache_site.enabled:
- require:
- file: /etc/apache2/sites-available/lists.lunch.org.uk.conf
- name: lists.lunch.org.uk
service.running:
- name: apache2
- reload: true
- watch:
- file: /etc/apache2/sites-available/lists.lunch.org.uk.conf

75
states/mailman/lists.lunch.org.uk.conf
View File

@ -1,75 +0,0 @@
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName lists.cryhavoc.org.uk
ErrorLog /var/log/apache2/lists-error.log
CustomLog /var/log/apache2/lists-access.log combined
RemoteIPProxyProtocol On
Alias /mailman3/favicon.ico /var/lib/mailman3/web/static/postorius/img/favicon.ico
Alias /mailman3/static /var/lib/mailman3/web/static
<Directory "/var/lib/mailman3/web/static">
Require all granted
</Directory>
<IfModule mod_proxy_uwsgi.c>
ProxyPass /mailman3/favicon.ico !
ProxyPass /mailman3/static !
ProxyPass / unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/
</IfModule>
SSLEngine on
SSLCertificateFile /var/local/certificates/lists.lunch.org.uk/fullchain.pem
SSLCertificateKeyFile /var/local/certificates/lists.lunch.org.uk/privkey.pem
</VirtualHost>
</IfModule>
<VirtualHost *:443>
ServerName lists.lunch.org.uk
ErrorLog /var/log/apache2/lists-error.log
CustomLog /var/log/apache2/lists-access.log combined
RemoteIPProxyProtocol On
<IfModule rewrite_module>
#
# This redirects all accesses to the HTTPS version of the site.
#
RewriteEngine On
RewriteRule ^/?(.*) https://lists.cryhavoc.org.uk/$1 [R=301,L]
</IfModule>
SSLEngine on
SSLCertificateFile /var/local/certificates/lists.lunch.org.uk/fullchain.pem
SSLCertificateKeyFile /var/local/certificates/lists.lunch.org.uk/privkey.pem
</VirtualHost>
<VirtualHost *:80>
ServerName lists.cryhavoc.org.uk
ServerAlias lists.lunch.org.uk
ErrorLog /var/log/apache2/lists-error.log
CustomLog /var/log/apache2/lists-access.log combined
RemoteIPProxyProtocol On
<Directory /var/www-cryhavoc>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
<IfModule rewrite_module>
#
# This redirects all accesses to the HTTPS version of the site.
#
RewriteEngine On
RewriteRule ^/?(.*) https://lists.cryhavoc.org.uk/$1 [R=301,L]
</IfModule>
</VirtualHost>

1
states/top.sls
View File

@ -28,6 +28,5 @@ base:
- gitea
- jenkins
- jenkins/worker
- mailman
- mercurial
- webmail

2
states/webmail/roundcube_config.inc.php
View File

@ -53,7 +53,7 @@ $config['smtp_server'] = 'tls://mail.lunch.org.uk';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
// deprecated SSL over SMTP (aka SMTPS))
$config['smtp_port'] = 465;
$config['smtp_port'] = 587;
// SMTP username (if required) if you use %u as the username Roundcube
// will use the current username for login