From 5b5c83d4de4f9ad331ed8ffcdc162b6beb5e56f8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Fri, 21 Aug 2015 10:42:41 +0000
Subject: [PATCH] Update the Mailman role after addition of fedorahosted

---
 inventory/group_vars/mailman                           |  4 +++-
 inventory/group_vars/mailman-stg                       |  4 +++-
 inventory/host_vars/lists-dev.fedorainfracloud.org     |  3 ++-
 playbooks/hosts/lists-dev.fedorainfracloud.org.yml     |  1 -
 .../main.cf/main.cf.hosted-lists01.fedoraproject.org   |  2 ++
 roles/base/files/postfix/main.cf/main.cf.mailman       |  5 +++--
 roles/mailman/defaults/main.yml                        |  4 +++-
 roles/mailman/templates/bottom.html                    |  2 +-
 roles/mailman/templates/mailman-migration.conf.j2      |  1 -
 roles/mailman/templates/settings.py.j2                 | 10 +++++++---
 10 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/inventory/group_vars/mailman b/inventory/group_vars/mailman
index cbf152071e..0c20a5d55b 100644
--- a/inventory/group_vars/mailman
+++ b/inventory/group_vars/mailman
@@ -26,7 +26,9 @@ postfix_group: mailman
 
 # Used by the mailman role
 mailman_db_server: db01.phx2.fedoraproject.org
-mailman_url: lists.fedoraproject.org
+mailman_domains:
+- lists.fedoraproject.org
+- lists.fedorahosted.org
 
 # by default, the number of emails in queue before we whine
 nrpe_check_postfix_queue_warn: 20
diff --git a/inventory/group_vars/mailman-stg b/inventory/group_vars/mailman-stg
index 72f2a220b6..c08829d28d 100644
--- a/inventory/group_vars/mailman-stg
+++ b/inventory/group_vars/mailman-stg
@@ -32,10 +32,12 @@ virt_install_command: virt-install -n {{ inventory_hostname }} -r {{ mem_size }}
 
 # Postfix main.cf
 postfix_group: mailman-stg
-mailman_url: lists.stg.fedoraproject.org
 
 # Used by the mailman role
 mailman_db_server: db01.stg.phx2.fedoraproject.org
+mailman_domains:
+- lists.stg.fedoraproject.org
+- lists.fedorahosted.org
 
 # by default, the number of emails in queue before we whine
 nrpe_check_postfix_queue_warn: 20
diff --git a/inventory/host_vars/lists-dev.fedorainfracloud.org b/inventory/host_vars/lists-dev.fedorainfracloud.org
index dab9d42e8b..f608e3a18f 100644
--- a/inventory/host_vars/lists-dev.fedorainfracloud.org
+++ b/inventory/host_vars/lists-dev.fedorainfracloud.org
@@ -18,5 +18,6 @@ cloud_networks:
   - net-id: "67b77354-39a4-43de-b007-bb813ac5c35f"
 
 # Used by the mailman role
-mailman_url: lists-dev.cloud.fedoraproject.org
 mailman_db_server: localhost
+mailman_domains:
+- lists-dev.fedorainfracloud.org
diff --git a/playbooks/hosts/lists-dev.fedorainfracloud.org.yml b/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
index 532c9754d6..29a3af7585 100644
--- a/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
+++ b/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
@@ -136,7 +136,6 @@
     mailman_hyperkitty_admin_db_pass: "{{ lists_dev_hk_db_pass }}"
     mailman_hyperkitty_db_pass: "{{ lists_dev_hk_db_pass }}"
     mailman_hyperkitty_cookie_key: "randomstringusedasacookiesecurekey-yesthisshouldbeinaprivaterepo_butidonthaveaccesstoit"
-    mailman_url: "{{ ansible_fqdn }}"
   - collectd/base
 
   tasks:
diff --git a/roles/base/files/postfix/main.cf/main.cf.hosted-lists01.fedoraproject.org b/roles/base/files/postfix/main.cf/main.cf.hosted-lists01.fedoraproject.org
index f71f629290..d5aaa205f3 100644
--- a/roles/base/files/postfix/main.cf/main.cf.hosted-lists01.fedoraproject.org
+++ b/roles/base/files/postfix/main.cf/main.cf.hosted-lists01.fedoraproject.org
@@ -509,6 +509,8 @@ recipient_delimiter = +
 #fallback_transport =
 
 #transport_maps = hash:/etc/postfix/transport
+transport_maps = hash:/etc/mailman/mailman3-transport
+
 # The luser_relay parameter specifies an optional destination address
 # for unknown recipients.  By default, mail for unknown@$mydestination,
 # unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
diff --git a/roles/base/files/postfix/main.cf/main.cf.mailman b/roles/base/files/postfix/main.cf/main.cf.mailman
index f31d5f4244..11d1ad0a64 100644
--- a/roles/base/files/postfix/main.cf/main.cf.mailman
+++ b/roles/base/files/postfix/main.cf/main.cf.mailman
@@ -156,8 +156,9 @@ inet_interfaces = all
 #
 # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
 #
-mydestination = $myhostname, lists.fedoraproject.org,
-                localhost.$mydomain, localhost
+mydestination = $myhostname,
+                localhost.$mydomain, localhost,
+                lists.fedoraproject.org, lists.fedorahosted.org
 #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
 #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
 #	mail.$mydomain, www.$mydomain, ftp.$mydomain
diff --git a/roles/mailman/defaults/main.yml b/roles/mailman/defaults/main.yml
index e017f9bdca..ee0ef20656 100644
--- a/roles/mailman/defaults/main.yml
+++ b/roles/mailman/defaults/main.yml
@@ -6,4 +6,6 @@ mailman_mailman_db_pass: changeme
 mailman_hyperkitty_admin_db_pass: changeme
 mailman_hyperkitty_db_pass: changeme
 mailman_hyperkitty_cookie_key: changeme
-mailman_url: lists.example.com
+mailman_domains:
+- lists.example.com
+- lists.example.org
diff --git a/roles/mailman/templates/bottom.html b/roles/mailman/templates/bottom.html
index 77c185a40a..a892972a1f 100644
--- a/roles/mailman/templates/bottom.html
+++ b/roles/mailman/templates/bottom.html
@@ -10,6 +10,6 @@
 {% else %}
    'url': 'https://apps.fedoraproject.org/js/data.js',
 {% endif %}
-   'position': 'bottom-right'
+   'position': 'bottom-left'
  });
 </script>
diff --git a/roles/mailman/templates/mailman-migration.conf.j2 b/roles/mailman/templates/mailman-migration.conf.j2
index 22844efde8..96f852b563 100644
--- a/roles/mailman/templates/mailman-migration.conf.j2
+++ b/roles/mailman/templates/mailman-migration.conf.j2
@@ -1,3 +1,2 @@
 basedir: {{ mailman_webui_basedir }}
 confdir: {{ mailman_webui_confdir }}
-domain: {{ mailman_url }}
diff --git a/roles/mailman/templates/settings.py.j2 b/roles/mailman/templates/settings.py.j2
index 125179e154..9de02e74e9 100644
--- a/roles/mailman/templates/settings.py.j2
+++ b/roles/mailman/templates/settings.py.j2
@@ -21,7 +21,9 @@ ADMINS = (
 # Hosts/domain names that are valid for this site; required if DEBUG is False
 # See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts
 ALLOWED_HOSTS = [
-    "{{ mailman_url }}",
+{% for host in mailman_domains %}
+    "{{ host }}",
+{% endfor %}
     ".fedoraproject.org",
     "discuss.arquillian.org",
     "localhost", # Archiving API from Mailman
@@ -30,7 +32,9 @@ ALLOWED_HOSTS = [
 # And for BrowserID too, see
 # http://django-browserid.rtfd.org/page/user/settings.html#django.conf.settings.BROWSERID_AUDIENCES
 BROWSERID_AUDIENCES = [
-    "https://{{ mailman_url }}",
+{% for host in mailman_domains %}
+    "{{ host }}",
+{% endfor %}
 ]
 
 # Mailman API credentials
@@ -108,7 +112,7 @@ DATABASES = {
 USE_X_FORWARDED_HOST = True
 # In the Fedora infra, requests are systematically redirected to HTTPS, so put
 # something always true here:
-SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SERVER', 'lists.fedoraproject.org') # It's always that, even on staging
+SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
 
 # Internationalization
 # https://docs.djangoproject.com/en/1.6/topics/i18n/