Stasiek Michalski 3d3c2b
include:
Stasiek Michalski f3a7a3
{% if salt['grains.get']('include_secrets', True) %}
Stasiek Michalski 3d3c2b
  - secrets.role.mailman3
Stasiek Michalski 3d3c2b
{% endif %}
Stasiek Michalski f3a7a3
  - role.common.nginx
Stasiek Michalski 3d3c2b
Stasiek Michalski ff902a
# Special config for mailman in the postfix relay
Stasiek Michalski ff902a
profile:
Stasiek Michalski ff902a
  postfix:
Stasiek Michalski ff902a
    maincf:
Stasiek Michalski ff902a
      recipient_delimiter: '+'
Stasiek Michalski ff902a
      owner_request_special: 'no'
Jacob Michalskie 7423fb
      transport_maps: 'lmdb://var/lib/mailman/data/postfix_lmtp,lmdb:/etc/postfix/transport,hash:/etc/postfix/ratelimit'
Jacob Michalskie 7423fb
      local_recipient_maps: 'lmdb://var/lib/mailman/data/postfix_lmtp'
Jacob Michalskie 7423fb
      relay_domains: 'lmdb://var/lib/mailman/data/postfix_domains'
Sasi Olin 2638ac
    aliases:
Sasi Olin 2638ac
      mailman: root
Stasiek Michalski ff902a
  mailman3:
Stasiek Michalski ff902a
    admin_user: mailman
Stasiek Michalski ff902a
    database_user: mailman
Stasiek Michalski e7ea86
    database_host: 192.168.47.4
Stasiek Michalski ff902a
    server_list:
Stasiek Michalski ff902a
      - lists.opensuse.org
Sasi Olin 5399b8
      - lists.uyuni-project.org
Stasiek Michalski ff902a
      - mailman3.infra.opensuse.org
Stasiek Michalski 82067c
Stasiek Michalski e7ea86
nginx:
Stasiek Michalski e7ea86
  ng:
Stasiek Michalski e7ea86
    servers:
Stasiek Michalski e7ea86
      managed:
Stasiek Michalski e7ea86
        lists.opensuse.org.conf:
Stasiek Michalski e7ea86
          config:
b49ce8
            - map $request_uri $mails_rewritemap:
Christian Boltz 140cad
                - include: /etc/nginx/mails.rewritemap
b49ce8
            - map $request_uri $lists_rewritemap:
Christian Boltz 140cad
                - include: /etc/nginx/lists.rewritemap
b49ce8
            - map $request_uri $feeds_rewritemap:
Christian Boltz 140cad
                - include: /etc/nginx/feeds.rewritemap
b49ce8
            - map $request_uri $mboxs_rewritemap:
Christian Boltz 140cad
                - include: /etc/nginx/mboxs.rewritemap
Sasi Olin c0732e
            - map $request_uri $miscs_rewritemap:
Christian Boltz 140cad
                - include: /etc/nginx/miscs.rewritemap
Jacob Michalskie f326e1
            - upstream mailmanweb:
Jacob Michalskie f326e1
                - server: 127.0.0.1:8000 fail_timeout=0
Stasiek Michalski e7ea86
            - server:
Sasi Olin 5399b8
                - server_name: lists.opensuse.org lists.uyuni-project.org
Stasiek Michalski e7ea86
                - listen:
Stasiek Michalski e7ea86
                    - 80
Stasiek Michalski e7ea86
                    - default_server
Christian Boltz 140cad
                - if ($mails_rewritemap):
Christian Boltz 140cad
                    - rewrite: ^(.*)$ $mails_rewritemap permanent
Christian Boltz 140cad
                - if ($lists_rewritemap):
Christian Boltz 140cad
                    - rewrite: ^(.*)$ $lists_rewritemap permanent
Christian Boltz 140cad
                - if ($feeds_rewritemap):
Christian Boltz 140cad
                    - rewrite: ^(.*)$ $feeds_rewritemap permanent
Christian Boltz 140cad
                - if ($mboxs_rewritemap):
Christian Boltz 140cad
                    - rewrite: ^(.*)$ $mboxs_rewritemap permanent
Christian Boltz 140cad
                - if ($miscs_rewritemap):
Christian Boltz 140cad
                    - rewrite: ^(.*)$ $miscs_rewritemap permanent
Stasiek Michalski 0cfb96
                - location /static/django-mailman3/img/login/opensuse.png:
b49ce8
                    - return: 301 https://static.opensuse.org/favicon-24.png
Stasiek Michalski 49c977
                - location /static/:
Jacob Michalskie f326e1
                    - alias: /srv/www/webapps/mailman/web/static/
Stasiek Michalski 49c977
                - location /:
Jacob Michalskie 468f2c
                    - try_files: $uri @mailmanweb
Jacob Michalskie f326e1
                - location @mailmanweb:
Jacob Michalskie f326e1
                    - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
Jacob Michalskie f326e1
                    - proxy_set_header: X-Forwarded-Proto https
Jacob Michalskie f326e1
                    - proxy_set_header: X-Forwarded-Protocol ssl
Jacob Michalskie f326e1
                    - proxy_set_header: Host $http_host
Jacob Michalskie 4aa98d
                    - proxy_redirect: "off"
Jacob Michalskie 7423fb
                    - client_max_body_size: 400M
Jacob Michalskie f326e1
                    - proxy_pass: http://mailmanweb
Stasiek Michalski e7ea86
          enabled: True
Stasiek Michalski e7ea86
Stasiek Michalski 82067c
sudoers:
Stasiek Michalski 82067c
  included_files:
Stasiek Michalski 82067c
    /etc/sudoers.d/group_mailman3-admins:
Stasiek Michalski 82067c
      groups:
Stasiek Michalski 82067c
        mailman3-admins:
Stasiek Michalski 82067c
          - 'ALL=(ALL) ALL'