opendev/system-config
Code Issues Proposed changes
system-config/inventory/service/host_vars/lists.katacontainers.io.yaml
Jeremy Stanley fa0c1b495c Generate HTTPS certs for Mailman sites 
We're going to want Mailman 3 served over HTTPS for security
reasons, so start by generating certificates for each of the sites
we have in v2. Also collect the acme.sh logs for verification.

Change-Id: I261ae55c6bc0a414beb473abcb30f9a86c63db85
2021-12-17 22:25:22 +00:00

83 lines
3.1 KiB
YAML
Raw Blame History

mm_domains: lists.katacontainers.io
exim_local_domains: "@:{{ mm_domains }}"
exim_aliases:
root: "{{ ','.join(listadmins|default([])) }}"
exim_routers:
- dnslookup: '{{ exim_dnslookup_router }}'
- system_aliases: '{{ exim_system_aliases_router }}'
- localuser: '{{ exim_localuser_router }}'
- mailman_verp_router: |
{% raw -%}
driver = dnslookup
# we only consider messages sent in through loopback
condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\
{eq{$sender_host_address}{::1}}}{yes}{no}}
{% endraw %}
# we do not do this for traffic going to the local machine
domains = !+local_domains
ignore_target_hosts = <; 0.0.0.0; \
64.94.110.11; \
127.0.0.0/8; \
::1/128;fe80::/10;fe \
c0::/10;ff00::/8
# only the un-VERPed bounce addresses are handled
senders = "*-bounces@*"
transport = mailman_verp_smtp
- mailman_router: |
driver = accept
domains = {{ mm_domains }}
require_files = /var/lib/mailman/lists/${lc::$local_part}/config.pck
local_part_suffix_optional
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
transport = mailman_transport
exim_transports:
- mailman_transport: |
driver = pipe
command = /var/lib/mailman/mail/mailman \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
$local_part
current_directory = /var/lib/mailman
home_directory = /var/lib/mailman
user = list
group = list
- mailman_verp_smtp: |
driver = smtp
# put recipient address into return_path
return_path = \
${local_part:$return_path}+$local_part=$domain@${domain:$return_path}
max_rcpt = 1
# Errors-To: may carry old return_path
headers_remove = Errors-To
headers_add = Errors-To: ${return_path}
extra_users:
- jbryce
letsencrypt_certs:
lists-katacontainers-io-main:
- lists.katacontainers.io
mailman_multihost: false
mailman_listdomain: 'lists.katacontainers.io'
mailman_lists:
- name: mailman
description: 'The mailman site list'
admin: 'nobody@openstack.org'
password: "{{ mailman_list_password }}"
- name: kata-dev
description: 'Kata Containers Development Mailing List (not for usage questions)'
admin: 'jonathan@openstack.org'
password: "{{ mailman_list_password }}"
- name: kata-hypervisor
description: 'Discussion of security and virtualization targeted at container use cases'
admin: 'jonathan@openstack.org'
password: "{{ mailman_list_password }}"
- name: embargo-notice
description: 'Announcements of embargoed notices for the Kata Containers project'
admin: 'jonathan@openstack.org'
password: "{{ mailman_list_password }}"
View Git Blame Copy Permalink