From de0bbf5317c3e011047bb7b960711e6ec05b7fe6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= Date: Tue, 16 Jun 2015 13:14:42 +0000 Subject: [PATCH] Mailman: update the mailman-hyperkitty conf file And use the mailman_url variable, and set some permissions. --- .../lists-dev.cloud.fedoraproject.org | 3 +++ roles/mailman/defaults/main.yml | 1 + roles/mailman/files/mailman-hyperkitty.cfg | 12 --------- roles/mailman/tasks/main.yml | 6 +++-- .../templates/mailman-hyperkitty.cfg.j2 | 25 +++++++++++++++++++ .../templates/mailman-migration.conf.j2 | 2 +- roles/mailman/templates/settings.py.j2 | 7 +++--- 7 files changed, 37 insertions(+), 19 deletions(-) delete mode 100644 roles/mailman/files/mailman-hyperkitty.cfg create mode 100644 roles/mailman/templates/mailman-hyperkitty.cfg.j2 diff --git a/inventory/host_vars/lists-dev.cloud.fedoraproject.org b/inventory/host_vars/lists-dev.cloud.fedoraproject.org index bc1e5f17be..684a029482 100644 --- a/inventory/host_vars/lists-dev.cloud.fedoraproject.org +++ b/inventory/host_vars/lists-dev.cloud.fedoraproject.org @@ -10,3 +10,6 @@ root_auth_users: abompard description: lists-dev instance to further test hyperkitty and mailman3 volumes: ['-d /dev/vdb vol-0000000c'] freezes: false + +# Used by the mailman role +mailman_url: lists-dev.cloud.fedoraproject.org diff --git a/roles/mailman/defaults/main.yml b/roles/mailman/defaults/main.yml index ce985a581c..e017f9bdca 100644 --- a/roles/mailman/defaults/main.yml +++ b/roles/mailman/defaults/main.yml @@ -6,3 +6,4 @@ mailman_mailman_db_pass: changeme mailman_hyperkitty_admin_db_pass: changeme mailman_hyperkitty_db_pass: changeme mailman_hyperkitty_cookie_key: changeme +mailman_url: lists.example.com diff --git a/roles/mailman/files/mailman-hyperkitty.cfg b/roles/mailman/files/mailman-hyperkitty.cfg deleted file mode 100644 index 00b6a4e503..0000000000 --- a/roles/mailman/files/mailman-hyperkitty.cfg +++ /dev/null @@ -1,12 +0,0 @@ -# This is the mailman extension configuration file to enable HyperKitty as an -# archiver. Remember to add the following lines in the mailman.cfg file: -# -# [archiver.hyperkitty] -# class: hyperkitty.lib.archiver.Archiver -# enable: yes -# configuration: /path/to/here/hyperkitty.cfg -# - -[general] -base_url: http://localhost/archives -api_key: SecretArchiverAPIKey diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml index 61e454133e..d3ffc30f1f 100644 --- a/roles/mailman/tasks/main.yml +++ b/roles/mailman/tasks/main.yml @@ -112,6 +112,7 @@ - name: set the mailman conffile template: src={{ item }} dest=/etc/mailman.cfg + owner=root group=mailman mode=0640 with_first_found: - mailman.cfg.{{ ansible_hostname }}.j2 - mailman.cfg.j2 @@ -226,8 +227,9 @@ # Plug HyperKitty into Mailman # - name: copy the mailman-hyperkitty conffile - copy: src=mailman-hyperkitty.cfg - dest="{{ mailman_webui_confdir }}/mailman-hyperkitty.cfg" + template: src=mailman-hyperkitty.cfg.j2 + dest="{{ mailman_webui_confdir }}/mailman-hyperkitty.cfg" + owner=root group=mailman mode=0640 tags: - config notify: diff --git a/roles/mailman/templates/mailman-hyperkitty.cfg.j2 b/roles/mailman/templates/mailman-hyperkitty.cfg.j2 new file mode 100644 index 0000000000..38563c9a66 --- /dev/null +++ b/roles/mailman/templates/mailman-hyperkitty.cfg.j2 @@ -0,0 +1,25 @@ +# This is the mailman extension configuration file to enable HyperKitty as an +# archiver. Remember to add the following lines in the mailman.cfg file: +# +# [archiver.hyperkitty] +# class: hyperkitty.lib.archiver.Archiver +# enable: yes +# configuration: /path/to/here/hyperkitty.cfg +# + +[general] + +# This is your HyperKitty installation, preferably on the localhost. This +# address will be used by Mailman to forward incoming emails to HyperKitty +# for archiving. It does not need to be publicly available, in fact it's +# better if it is not. +base_url: http://localhost/archives/ + +# This is the public URL of your HyperKitty installation. This value will +# appear as a link at the bottom of emails sent to the list, so it must be +# publicly accessible. +public_url: http://{{ mailman_url }}/archives/ + +# Shared API key, must be the identical to the value in HyperKitty's +# settings. +api_key: SecretArchiverAPIKey diff --git a/roles/mailman/templates/mailman-migration.conf.j2 b/roles/mailman/templates/mailman-migration.conf.j2 index 8e43814086..22844efde8 100644 --- a/roles/mailman/templates/mailman-migration.conf.j2 +++ b/roles/mailman/templates/mailman-migration.conf.j2 @@ -1,3 +1,3 @@ basedir: {{ mailman_webui_basedir }} confdir: {{ mailman_webui_confdir }} -domain: lists.fedoraproject.org +domain: {{ mailman_url }} diff --git a/roles/mailman/templates/settings.py.j2 b/roles/mailman/templates/settings.py.j2 index 14e2e66fad..b010fba3c6 100644 --- a/roles/mailman/templates/settings.py.j2 +++ b/roles/mailman/templates/settings.py.j2 @@ -21,6 +21,7 @@ ADMINS = ( # Hosts/domain names that are valid for this site; required if DEBUG is False # See https://docs.djangoproject.com/en/1.5/ref/settings/#allowed-hosts ALLOWED_HOSTS = [ + "{{ mailman_url }}", ".fedoraproject.org", "discuss.arquillian.org", "localhost", # Archiving API from Mailman @@ -29,9 +30,7 @@ ALLOWED_HOSTS = [ # And for BrowserID too, see # http://django-browserid.rtfd.org/page/user/settings.html#django.conf.settings.BROWSERID_AUDIENCES BROWSERID_AUDIENCES = [ - "https://lists.fedoraproject.org", - "https://lists.stg.fedoraproject.org", - "https://lists-dev.cloud.fedoraproject.org", + "https://{{ mailman_url }}", ] # Mailman API credentials @@ -109,7 +108,7 @@ DATABASES = { USE_X_FORWARDED_HOST = True # In the Fedora infra, requests are systematically redirected to HTTPS, so put # something always true here: -SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SERVER', 'lists.fedoraproject.org') +SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SERVER', '{{ mailman_url }}') # Internationalization # https://docs.djangoproject.com/en/1.6/topics/i18n/