From 4c7885c89d6c58d5d07b0d889ea92ef44236484d Mon Sep 17 00:00:00 2001
From: Michal Konecny <mkonecny@redhat.com>
Date: Fri, 19 Apr 2024 12:27:31 +0200
Subject: [PATCH] [mailman3] Add django superuser creation task

Signed-off-by: Michal Konecny <mkonecny@redhat.com>
---
 playbooks/groups/mailman.yml     |  1 +
 roles/mailman3/defaults/main.yml |  3 +++
 roles/mailman3/tasks/main.yml    | 23 +++++++++++++++++++++++
 3 files changed, 27 insertions(+)

diff --git a/playbooks/groups/mailman.yml b/playbooks/groups/mailman.yml
index 65ecd19e66..291cc1dd59 100644
--- a/playbooks/groups/mailman.yml
+++ b/playbooks/groups/mailman.yml
@@ -112,6 +112,7 @@
     mailman_openidc_secret: "{{ mailman_stg_oidc_pass }}"
     mailman_httpd_hostname: lists.stg.fedoraproject.org
     mailman_openidc_client_id: "mailman3{{ env_suffix }}"
+    mailman_hyperkitty_su_pass: "{{ mailman_stg_hk_su_pass }}"
     when: env == "staging"
   - {role: fedmsg/base,
      when: env != "staging"}
diff --git a/roles/mailman3/defaults/main.yml b/roles/mailman3/defaults/main.yml
index 865d11ee88..51344d2992 100644
--- a/roles/mailman3/defaults/main.yml
+++ b/roles/mailman3/defaults/main.yml
@@ -27,6 +27,9 @@ mailman_hyperkitty_admin_db_pass: changeme
 mailman_hyperkitty_db_pass: changeme
 mailman_hyperkitty_cookie_key: changeme
 mailman_hyperkitty_archiver_key: changeme
+mailman_hyperkitty_su_username: mailman
+mailman_hyperkitty_su_email: admin@fedoraproject.org
+mailman_hyperkitty_su_pass: changeme
 mailman_gunicorn_workers: 4
 mailman_domains:
 - lists.example.com
diff --git a/roles/mailman3/tasks/main.yml b/roles/mailman3/tasks/main.yml
index 53382fb42c..723fb830c6 100644
--- a/roles/mailman3/tasks/main.yml
+++ b/roles/mailman3/tasks/main.yml
@@ -320,6 +320,29 @@
   notify:
     - reload mailmanweb
 
+- name: Create superuser for django-admin
+  ansible.builtin.command:
+    cmd: mailman-web createsuperuser --username "{{ mailman_hyperkitty_su_username }}" --no-input --email "{{ mailman_hyperkitty_su_email }}"
+  become_user: mailman
+  register: command_result
+  tags:
+    - mailman
+    - hyperkitty
+  # Ignore error when the username already exists
+  failed_when:
+    - "'That username is already taken.' not in command_result.stderr"
+    - "command_result.rc != 0"
+
+- name: Change superuser password
+  ansible.builtin.expect:
+    command: mailman-web changepassword {{ mailman_hyperkitty_su_username }}
+    responses:
+      - 'Password:' : {{ mailman_hyperkitty_su_pass }}
+  become_user: mailman
+  tags:
+    - mailman
+    - hyperkitty
+
 #
 # Plug HyperKitty into Mailman
 #