system-config/inventory/service/group_vars/mailman3.yaml
Jeremy Stanley 73f0a5336a Merge production and test node mailman configs
Now that the Mailman v3 migration is complete, we no longer need any
divergence between the lists01 (production) and lists99 (test node)
host vars, so put everything into the group vars file instead.

Change-Id: If92943694e95ef261fbd254eff65a51d8d3f7ce5
2023-10-30 19:26:03 +00:00

316 lines
13 KiB
YAML

# System Configs
iptables_extra_public_tcp_ports:
- 25
- 80
- 443
- 465
letsencrypt_certs:
lists-opendev-org-main:
- "{{ inventory_hostname }}"
- lists.opendev.org
- lists.airshipit.org
- lists.katacontainers.io
- lists.openinfra.dev
- lists.openstack.org
- lists.starlingx.io
- lists.zuul-ci.org
borg_backup_excludes_extra:
# db is backed up in dumps, don't capture live files
- /var/lib/mailman/database
# backed up by streaming backup
- /var/backups/mailman-mariadb
# Can regenerate indexes from source email files
- /var/lib/mailman/web-data/fulltext_index
# Exim Configs
exim_queue_interval: '1m'
exim_queue_run_max: '50'
exim_smtp_accept_max: '100'
exim_smtp_accept_max_per_host: '10'
exim_routers:
- mailman_verp_router: |
{% raw -%}
driver = dnslookup
condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\
{eq{$sender_host_address}{::1}}}{yes}{no}}
{% endraw %}
domains = !+local_domains
ignore_target_hosts = <; 0.0.0.0; \
127.0.0.0/8; \
::1/128;fe80::/10;fe \
c0::/10;ff00::/8
senders = "*-bounces@*"
transport = mailman_verp_smtp
- dnslookup: '{{ exim_dnslookup_router }}'
- system_aliases: '{{ exim_system_aliases_router }}'
- domain_aliases: |
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part@$domain}lsearch{/etc/aliases.domain}}
file_transport = address_file
pipe_transport = address_pipe
- localuser: '{{ exim_localuser_router }}'
- mailman_router: |
driver = accept
domains = {{ mm_domains }}
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
local_part_suffix_optional
require_files = /var/lib/mailman/core/var/lists/${local_part}.${domain}
transport = mailman_transport
exim_transports:
- mailman_transport: |
debug_print = "Email for mailman"
driver = smtp
protocol = lmtp
allow_localhost
hosts = localhost
port = 8024
rcpt_include_affixes = true
- mailman_verp_smtp: |
driver = smtp
headers_add = Errors-To: ${return_path}
headers_remove = Errors-To
max_rcpt = 1
return_path = ${local_part:$return_path}+$local_part=$domain@${domain:$return_path}
# Mailman Configs
mailman_multihost: true
mm_domains: 'lists.openstack.org:lists.zuul-ci.org:lists.airshipit.org:lists.starlingx.io:lists.opendev.org:lists.openinfra.dev:lists.katacontainers.io'
exim_local_domains: "@:{{ mm_domains }}"
exim_enable_spf: true
exim_aliases:
root: "{{ ','.join(listadmins|default([])) }}"
interop-wg: openstack-discuss
openstack: openstack-discuss
openstack-dev: openstack-discuss
openstack-infra: openstack-discuss
openstack-operators: openstack-discuss
openstack-security: openstack-discuss
openstack-sigs: openstack-discuss
openstack-tc: openstack-discuss
user-committee: openstack-discuss
airship-discuss-owner: spam
community-owner: spam
edge-computing-owner: spam
foundation-board-confidential-owner: spam
foundation-board-owner: spam
foundation-owner: spam
legal-discuss-owner: spam
mailman-owner: spam
marketing-owner: spam
openstack-announce-owner: spam
openstack-docs-owner: spam
openstack-fr-owner: spam
openstack-i18n-owner: spam
openstack-infra-owner: spam
openstack-ko-owner: spam
openstack-qa-owner: spam
product-wg-owner: spam
user-committee-owner: spam
spam: ':fail: delivery temporarily disabled due to ongoing spam flood'
# This is the local username for mailman processes, but it does not send nor
# need to receive messages.
mailman: ':blackhole: this address does not accept email'
# TODO It would be better to bypass verification for postorius@listdomain
# and set a :fail: rule for anyone trying to send email to this addr.
# But that requires updating our main exim config so that needs more thought.
postorius: ':blackhole: outgoing email only from this address'
exim_domain_aliases:
community@lists.openstack.org: community@lists.openinfra.dev
edge-computing@lists.openstack.org: edge-computing@lists.opendev.org
foundation@lists.openstack.org: foundation@lists.openinfra.dev
foundation-board@lists.openstack.org: foundation-board@lists.openinfra.dev
foundation-board-confidential@lists.openstack.org: foundation-board-confidential@lists.openinfra.dev
goldmembers@lists.openstack.org: goldmembers@lists.openinfra.dev
marketing@lists.openstack.org: marketing@lists.openinfra.dev
staff@lists.openstack.org: staff@lists.openinfra.dev
summit-programming-committee@lists.openinfra.dev: summit-track-chairs@lists.openinfra.dev
summitsponsors@lists.openstack.org: summitsponsors@lists.openinfra.dev
mailman_sites:
# First entry in this list is the primary web domain
- listdomain: lists.opendev.org
install_languages: ['en']
lists:
- name: computing-force-network
description: 'Organizing efforts around Computing Force Network related area'
owner: 'niujie@outlook.com'
- name: edge-computing
description: 'Organizing efforts around the edge-computing focus area.'
owner: 'ildiko@openinfra.dev'
- name: floss-mooc
description: 'Discussions & Coordination around the FLOSS MOOC being collaboratively developed here: https://gitlab.com/mooc-floss/mooc-floss'
owner: 'knelson@openinfra.dev'
- name: nbmp-discuss
description: 'Collaborating on Network Based Media Processing related platform and infrastructure systems usage and development.'
owner: 'ildiko@openstack.org'
- name: openinfralabs
description: 'Discussion of the OpenInfra Labs academic and research resource sharing effort'
owner: 'mnaser@vexxhost.com'
- name: rust-vmm
description: 'Collaborating on Rust-based virtual machine monitors.'
owner: 'claire@openstack.org'
- name: rustyk8s
description: 'Collaborating on Rust-based Kubernetes API.'
owner: 'allison@lohutok.net'
- name: service-announce
description: 'Announcement list for OpenDev services.'
owner: 'cboylan@sapwetik.org'
- name: service-discuss
description: 'Discussion list for OpenDev services.'
owner: 'cboylan@sapwetik.org'
- name: service-incident
description: 'Private list for OpenDev incident coordination.'
owner: 'cboylan@sapwetik.org'
private: true
- listdomain: lists.zuul-ci.org
install_languages: ['en']
lists:
- name: zuul-announce
description: 'Announcements of Zuul releases and other important information.'
owner: 'corvus@inaugust.com'
- name: zuul-discuss
description: 'Discussion of Zuul usage and development.'
owner: 'corvus@inaugust.com'
- name: zuul-jobs-failures
description: 'Gets notifications about zuul-jobs periodic job failures.'
owner: 'corvus@inaugust.com'
- listdomain: lists.airshipit.org
install_languages: ['en']
lists:
- name: airship-announce
description: 'Announcements of Airship releases and other important information.'
owner: 'jonathan@openstack.org'
- name: airship-discuss
description: 'Discussion of Airship usage and development.'
owner: 'jonathan@openstack.org'
- name: airship-embargo-notice
description: 'Embargoed security vulnerability announcements for Airship consumers.'
owner: 'andrew.walters@att.com'
private: true
- name: airship-job-failures
description: 'Notification messages for failures from CICD jobs.'
owner: 'roman.gorshunov@att.com'
- name: airship-security
description: 'Public Airship security advisories.'
owner: 'andrew.walters@att.com'
- listdomain: lists.katacontainers.io
install_languages: ['en']
lists:
- name: embargo-notice
description: 'Announcements of embargoed notices for the Kata Containers project'
owner: 'jonathan@openstack.org'
private: true
- name: kata-dev
description: 'Kata Containers Development Mailing List (not for usage questions)'
owner: 'jonathan@openstack.org'
- name: kata-hypervisor
description: 'Discussion of security and virtualization targeted at container use cases'
owner: 'jonathan@openstack.org'
- listdomain: lists.openinfra.dev
install_languages: ['en']
lists:
- name: community
description: 'The OpenInfra Community team is the main contact point for anybody running a local OpenInfra Group.'
owner: 'allison@openinfra.dev'
- name: europe-advisory-board
description: 'Private coordination within the OpenInfra EU Advisory Board.'
owner: 'wes@openinfra.dev'
private: true
- name: foundation
description: 'General discussion list for activities of the OpenInfra Foundation'
owner: 'jonathan@openinfra.dev'
- name: foundation-board
description: 'OpenInfra Foundation Board of Directors'
owner: 'jonathan@openinfra.dev'
- name: foundation-board-confidential
description: 'OpenInfra Foundation Board of Directors'
owner: 'jonathan@openinfra.dev'
private: true
- name: goldmembers
description: 'The discussion list for Gold Members of the OpenInfra Foundation'
owner: 'jonathan@openinfra.dev'
private: true
- name: marketing
description: 'The OpenInfra Marketing list is the meant to facilitate discussion and best practice sharing among marketers and event organizers in the OpenInfra community.'
owner: 'allison@openinfra.dev'
- name: nordix
description: 'Discussion and coordination of Nordix environment'
owner: 'robert.tomczyk@est.tech'
- name: openinfra-europe
description: 'Discussion related to the OpenInfra EU hub.'
owner: 'wes@openinfra.dev'
- name: staff
description: 'Private list for OpenInfra Foundation staff members'
owner: 'mark@openinfra.dev'
private: true
- name: summit-track-chairs
description: 'OpenInfra Summit track chair communications'
owner: 'erin@openinfra.dev'
private: true
- name: summitsponsors
description: 'Coordination among OpenInfra Summit event sponsors'
owner: 'erin@openinfra.dev'
private: true
- listdomain: lists.starlingx.io
install_languages: ['en']
lists:
- name: starlingx-announce
description: 'Announcements of StarlingX releases and other important information.'
owner: 'jonathan@openstack.org'
- name: starlingx-discuss
description: 'Discussion of StarlingX usage and development.'
owner: 'jonathan@openstack.org'
- listdomain: lists.openstack.org
install_languages: ['de', 'fr', 'it', 'ko', 'ru', 'vi', 'zh_TW']
lists:
- name: embargo-notice
description: 'Announcements to stakeholders for embargoed security vulnerabilities.'
owner: 'fungi@yuggoth.org'
private: true
- name: legal-discuss
description: 'Discussions on legal matters related to the project'
owner: 'thierry@openinfra.dev'
- name: openstack-announce
description: 'Key announcements about OpenStack & Security advisories'
owner: 'fungi@yuggoth.org'
- name: openstack-discuss
description: 'Discussion of OpenStack usage and development.'
owner: 'fungi@yuggoth.org'
- name: openstack-es
description: 'Lista de correo acerca de OpenStack en español'
owner: 'flavio@redhat.com'
- name: openstack-fr
description: 'List of the OpenStack french user group'
owner: 'erwan@erwan.com'
- name: openstack-hpc
description: 'High-Performance Computing OpenStack List'
owner: 'brian.schott@nimbisservices.com'
- name: openstack-i18n
description: 'List of the OpenStack Internationalization team.'
owner: 'guoyingc@cn.ibm.com'
- name: openstack-it
description: 'Discussioni su OpenStack in italiano'
owner: 'stefano@openstack.org'
- name: openstack-ko
description: 'OpenStack Korea Community Discussions in Korean (오픈스택 한국 커뮤니티 메일링리스트)'
owner: 'ianyrchoi@gmail.com'
- name: openstack-mentoring
description: 'List to coordinate interactions between mentors and mentees of the OpenStack mentoring program. Also for questions about the mentoring program (i.e. how to get involved, how it works, etc.'
owner: 'amy@demarco.com'
- name: openstack-stable-maint
description: 'A mailing list for the OpenStack Stable Branch test reports.'
owner: 'tony@bakeyournoodle.com'
- name: openstack-zh
description: 'OpenStack社区中文讨论群组'
owner: 'yeluaiesec@gmail.com'
- name: release-announce
description: 'Announcement of official OpenStack releases.'
owner: 'thierry@openstack.org'
- name: release-job-failures
description: 'Notification messages for failures from release-related build jobs.'
owner: 'doug@doughellmann.com'