diff --git a/pillar/role/discourse.sls b/pillar/role/discourse.sls index ffb68b6..be8797b 100644 --- a/pillar/role/discourse.sls +++ b/pillar/role/discourse.sls @@ -1,6 +1,33 @@ include: - role.common.nginx +profile: + postfix: + maincf: + maillog_file: /dev/stdout + smtputf8_enable: 'no' + compatibility_level: 2 + export_environment: 'TZ LANG' + append_dot_mydomain: 'no' + mydestination: localhost + mynetworks: '127.0.0.0/8 [::1]/128 [fe80::]/64' + transport_maps: hash:/etc/postfix/transport + smtpd_recipient_restrictions: check_policy_service unix:private/policy + mastercf: + smtp: inet smtp inet n - n - - smtpd + discourse: unix discourse unix - n n - - pipe user=nobody:nogroup argv=/usr/bin/receive-mail ${recipient} + policy: unix policy unix - n n - - spawn user=nobody argv=/usr/bin/discourse-smtp-fast-rejection + aliases: + discourse: root + # We need to set up transport map with `$domain discourse:` line for every domain + discourse: + database_user: discourse + database_name: discourse + database_host: mirrordb2.infra.opensuse.org + hostname: discourse.opensuse.org + smtp_domain: opensuse.org + # secret_key, maxmind and db password live in secrets/role/discourse.sls + nginx: ng: servers: diff --git a/pillar/secrets/role/discourse.sls b/pillar/secrets/role/discourse.sls new file mode 100644 index 0000000..7f96b77 --- /dev/null +++ b/pillar/secrets/role/discourse.sls @@ -0,0 +1,211 @@ +#!yaml|gpg + +profile: + discourse: + secret_key: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/9HqQ2rCPkeTnYp6wJzwbTpDIvzJiYkAMStTY3EMhTzIR3 + 4aucSBAewHQ7w21qqwVEKOYP1fe7JqUJTsa5WFKN1Ph61dFOOGQqs53ZvyzgbckY + NB3pNjuM7Hl1CA+VCGaRLgEIJg+DYutx3KFYoHefqMJ97Qgw6hAcZtYIljm6SGJ6 + Reb8+/hSLdxzu3DdQsSyRQuyJnq3FiYClk8dIuEQZ3LVO8I1EeaYcExSW6cep+7+ + Tdawi1P/UDkN73NkGJbkHj4RaXYYKWc1rVVagLAx83N+/MxF3gtkPYB6f8QH+Y5o + R0qsZTAAaC7wC3iezTVpOn5U+Uq0NfLNsu35jfSWyclhAuSu2HvxcHAm/GaLRCkx + CcZaTB2ylWhy59ySy8uwNYX6jw0frsdnIhtaCwJeXx8d3JuUxf9m4wKaytTrof3e + +Dd2mbruM6s5SOoWVY68SBNp3S4Z2N5y005pxF0/lIJ/Ug2qIoHAGHIgGrRQgaN4 + 6FZxfomAGSkLfAHrnJDhmKTeZ2LmLLtm2KJRxzLXOUDOnZ667ljzjnHBl7xJKcER + 1xsRrCqX6d6uHojQSDL4DAZUEuvTJ0vDU8+3RNAF/+V8KzYw+VhuUG/f80F7qxSd + iPTbB6mxpQ1/fPLeX+DH/fUZAgn6MEe9Q1H6RjVSTdo/JMfXGkiIKy0BTcEuYa8P + /i2pslrXnCcxv4N0FUepQZ3rF1RCky99ZMIG6ytuabvEWkvrqAcvixKGJXN75eER + QRuEWEt0fpFOa8neVPk1+xSFJbMkzUHyAnCfsgjX74Lg/ItxYMFRuz+N/GpmgCUR + JPzTHaWlINveFFsrABiBcZDrdFyk5pCdKx255Dp5Vx4no/++nuTA6D/O36gLjEF8 + ugtUKH7yKVu63xA7DBAlZK8JIs71U98Yt2b+tsnjx2Nik6/emR3aw99Qlx3MKFls + p2OTD3mkOhYN7AAdUSmvOxqjKvkudGO3coqccVBE1q7VuZ7n2kllFFMNTwd2mZQy + Ulq0OpxaSKlt/UEJaJpUyN0DBOw89eneW3o866XfPqvJaBieoAZ8DfcUE99V/1GA + Il7zb4p43AB/Dk7C+O64BeBcfs6Z1xfz4f3J6UALgKQzSp534QLVVhRQKf1GlcVo + IrggUv2PQ0MJEiN8VERAa4n3hymjjF8+v52y0egODE8KzYt7cL+2tY61f+iwBkpk + zrjLATjNySyi4uqroOsjnDirFKgYhPcjNUghmQTbMwEWXe8/JwoaRniR32Yql1Af + OAfDoW2Zun0izBFadMXV9JwRLasDVYQ2+oaqP/KYNNpQ51jYRhw/B0x7hU4jHqpo + pDGBLidHTJOBtrGRTrn4/ZxCT66wjO/z+ecC6b/YkzWzhQIMA8amgupjyC8cAQ// + brGSz9ZF8NxQQxl85BQBZ/dQBHgQG1hcjuGtdwQI5e4RbtTK+P29r2cB8vONLWLX + VYC80wY2L6AQOvLCQUrN87p2s+gYBQx/57GhUbcz/7jYyNoiab28xPBv/ygsVB+C + Mb0/lh8dJtlJ21vlOM19GVRB55xl6M6kpHnoUNpTKE7KD/DJ5xfv9OKIupFRRd3J + GGd/dVUcleEoHgCM6mW7f74bj38JJr+fLJQpZ6yLp+cHUywnS6Z0nxoGladav+zI + RuP0L3Ec/A4RR069udV26TvYwQzwkUyeMW0X9AkgtJj4jQSKBNYpeSHFxYlzrIBP + rMm2R+LX7M6mIEca/ZQWBf9LuQHkybgb7MyZBLCjxuBQudWpoz0wcs74S/PgqZQ+ + A2+3Nskc4wMEN3ZcJH8MGYVwt+ZHjvPcsMbegZFB22RpPrxOG6bwS2f2PACUq6BR + TAD3DsAR9Pchy0HWPBGS67yjPZ5wPeM+VTBo/xpoMIZc4P3Lark9mJ1A8Ds6AS7y + LzigoBAl894DCMVKYLoUPAmPSmxg9Mfif2gLyu7/HYDM4hjEW4ztcoeW9kD0XOVF + 77Wpj756srQqqLbSj2VhPK4BznqUJzySodrkYIiiJvS3+zAd5Fbq1OsxA98aDSbS + T0sJqz+qpuYLwo7ayfT+fpmBmTLA+na+iWBwTvNJJ6CFAQ4DslgfDDfB4G8QA/9p + lwwd1ovF3eR7s5tnIZCptbYpxanV6CeAoCBKQhIVMIxcU493tOSy6YzxR2JCGmjP + UOZf8PkAAlRkKlTicZglnIVisBacvat81ZTeITf/7os3yZXWqAd/6WuXEs2wsTfX + 2r/2PkgTK26gCPTDQtOxRcencXl+BxWBpRj2nZU9uQP/X/Ya7iRF3RBZzbOsjr0j + JsiPQFekG78WPu1goLfhc/LccjcqAdZ6/3+NO8pMdCrENfNOUIEowbl39M+9pO5t + RBVmfyodYw0EUjFDbEyxviMCG0gwUkFj7LA6gWswD2ffLeNJ6C/OCKcP79UOHv6A + uZOn3ZFX4rWyOS11UEStDFeFAg4DiLcKbyvsTOYQCACeJnykHzLVyNR7+CTtAJLE + LLuI5qHYtFoP2+dGpBD9v5SLLm3NII8HOCjlM/e0v42SOB1jnCnMxJQzdDIhvwxD + vIyzM7Ftz7GE0rm7Xf16ghS7ZVCjcsELl0IRoCG7B+ra5xCuRbIGV4kcMiGHbRCw + qM+7bMdouVcO/M4sJvuhW4v0rYDnATfMLb9XQPzuJDKctaHKeAl+xejHvGT6n7vo + UJIVqnixXSskcz55hzpraxiIrJt5fGWOvqp3px3ucJaSGOOW2w75meSkqXoSKnel + p5AU/tu2B9X5ACBvUGNlT50nsbtiX5Na3w+HlXg1EHY2AIgvub3fJNz6NY/7lHjR + B/9nVmjzeaToutqfpcVOR2giKFDpdvwBW9Xvya3MI/lPK0QfcPR8ZD2TtSrzY3Pm + g+suouEqzJW8mFqAtYlrlYY33mrjRBHVE3nZFzQHoh//oC69CBtm6cF/fTmKjzfV + zweYHfAquEgdPbLrJkqxe+lkp9MdWduJ64G7FjVnQtmtWEoQCXELX8DwHEVUZQBi + HFRDDwqi3cKFFSKiNfvzlExhcEb9TEYuVUisc8gLlv0jkw8uoDHysVOn/lDLRKqw + X89td73/L+NzuZgUJfyH2cYKakZajGnGXTHwTTivsiYUeN7CUoJdax0a5CkW07Zd + BrdIwy4DiPb5nrWlh7T/QTW3hQIMA6zwzgobrGmRAQ//d0XiAl0aEOym3AIK7HhI + X9+pJ9Untst4q0BQUwvIff8N/tsRucISWbcqmsaDvgBS+4FnkeMzApxXkhqD+yJA + 9yR5xfHQv8Uq8j00jDbbN2HnLfj7aoh7+iYPq+nuX5s5Yte+q0oHnLzM6+unQw+y + ErwbhmdaZfshQpUDSqIkmI1gTxFVa4Jcig0q9XPs7YND4Ui0zX9QvzLzi78YFFbf + BnQrh5chZVHi/TxS/lmVfxlg9gQ/0YQGqxaW1gbsWNYmUFG/MfNoUqJoGSWbWPYZ + /ssp8cvxYeT0yYvYhCAQ2IQR7gwdOsiT1iR7Qyx4C6yrjP0TSbtCco2rgxZZtktU + h6Pqt2TC5Ca3/asaUMDyHaYShpzwpozNPsxCNDShNce7eXQBg2ABIcyxmDGRH7QT + VqZQnx8ifF/Oo4i5ZiqzGcE/6nEzYFVPhEI2I1U8/ip8DPyKBqa6c8GW6aGac4QE + hrGrIPH3Sho986RUYl8wgSreFOtcLZgJJKA15rJaOY1d8Uog12+NlJsmWSy5hXoQ + jvb69bJK8F/KkUl6xO9YG7DYpMmSePvu+1w0XoxhJT7qOqYCNBGFv0mKsh40SceD + iBGhUz8cfyYH0hgdlS60WUGrbQ2Z6crh3rPbHekKzYfvcFazum8xIKuamzA9Yl6G + z+ll02eEo3SExGewMQqybVLScwFvTsvzUt3Yi7hQ07pZ8DHQIIkTJgeDx9/MlNRm + EmhZTHR6f+AYxPKSVvTFrTm7CQEsLH8ew7pVQQPieJmnAEc5iMg4b0FFnn0mMIiG + F3jSXVwJPn0sdMO++uvj1BDo0iHLAWHSifyni0y2aQrajfiLcyo= + =IJ8n + -----END PGP MESSAGE----- + maxmind: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/9HU56xtRgPL9q0ZM2A4jQKiHVky9ge8F9HITc6geGfaXI + rQ2zlKbGe/TOfVqddliFasjUFXVyDgDsw0qvrF//NVgSngSNs4JwwFXkLcnicmf3 + DyDMehWP1OglQUnYWEMMLPxxk5VgUmQ1+zQJ0jrDjHibpNpj/507wNgLe0uoRqPu + z8kjH3YBRVaLFxv3gCy3imuvs7wP5VQYvBbdNqJMWDPxXEMEnfwVuTK+45umgkpU + pqftgStFulpxTbUpsD8KSJ7kOtZJF4CQ5Mmstok5HjtDDn31zGBmiIgSbPN3NrwH + 9dT4hpdip6s4eak//UG+zqhw0V90I0EXh6qyScO7/MSKM6EfZ7Vnd8IuoryNcwM0 + TZTCEIgNRqVhdSv2IAmKHcWmWE+fwyofGGXSdDsA6zUho5+M03LzuZcaOb2YWpSq + uV046Ihtre5IyRSaC2mUMmaJpI1rX4is2Vt8eW3aY1sCm2Sd6eAgzgxHF9aF1inb + mNZCGYZRTLvIr+2sHmkpxEPothWCKyTuPNBDkZHaTJQs+g6kf2wxBUyItYVfnHF8 + D4Pn3t73bQLdQXfAC4UXS25o/tcD9GQXXMsY1kFD4qEzGlzDnKovubwybb4OTuYm + sxchObLVHLruwLGc1Z6eeRV2lzYfv8WxqFb3ypQQ51N7Vh+IuEgUuIwYymi7D2QP + /jhhNMVLCfGSyg2Y8uvulYtR0SSmA9nOVJgPkqOl16txQMcsDoBrvL9jnAlfl/Wd + cBSKvRh+rSw9rOUEV/F3nqn8Hb9zbaXyjaO5xJJHzGKq4CZTKH9rTJLX+c3NpRl9 + /JH82ZIF+IZZOgzVpYzVfwSC2Z+4UQ0P9Il+7eVG0lL/JB2k72B0n8+KKJWRtEEj + 2xxTDILewP8u2DxkOjc+enlsaXAbvwwNuGw3WRcchJDgDGtJe/SEZNnLvkdHTRiC + 1oncNvxGTgM9gqpE0gYbDDHQNt7EEWaoUc99lh599U6ssq3ofAioceqZDzOniTwb + vZH4kxAUGg183ZvljZeLcymrqAy/YEtX1nTRv7FhQPJzhm0yV2ZxbG8OL263ZRnt + 7Y/ZMSev5s49DvKpO2JSB/nE40g0hSseaTa1pc2hXLnO47MA9rNnWNSgPhteCMD5 + XRrOI8WNbr9XsfEzLYJw9aSIL5KRqvkgcRZhJBGDgX9B1wCfcngLovetuVD9yTSP + rPy+ta+WHVUfie1zy8jd22k6JRqrvOubVgwvNkU7BrH/zzLcuSkH6Oq831nkeWU5 + GlDZdKALd6PnX2HWbaTgNtj+NE2ZcK+JM0s7ebRjke30F1QP0CpSZ0Wo2v8LT4Ey + 25uKJcwXeVJ9wwvqToPnR/xMR+nQhTGjIYT1tp6I81RBhQIMA8amgupjyC8cAQ// + cRg4fiV+K2eZEbzMJDcR2qARFKbGSv/3JdsM0LwYUN3QYn8s/byoiEg063YUTcjx + rBPQwR++YId0NT/3jP4OxskbJ5wrMTV5xVc+0CDcriu9pNIAj4cP+DZrXjKpDaT+ + umFn3zLB8oBtdzKRe/dPeKqJU8NeFbxMekTBjcz70VQ1d84zkwAqXmeZQ5zABKe/ + oe/mxT/kXiJfGiuL8wJp0ZJU6kRcSQ2iJzrIw9b6QBS+rSH0Ig8OwZO6hccIoapW + UVhtUH/EONY8GJbRGNIt14ghUWH9ZokD//OfNRlKgmpFCOh6q5wUhb1HZNg2qSKR + rpcl1p65y9Q2wKa3fPcnH6D2q04RdeznizXL6rKkKHxDFZYaApPZS4vETtLBJtNm + jZKRl3O9PY/9YYnCNp52Z8KclG7KPzsvPGeJc2vCJS3nrqEZujuWb2MdbXn+AvE+ + 2W9RANqM4wcp/d2vfqHYCfca0p4kY21Zi92hcxPuwwOHn8Xz1UwZKSnI52PMrblc + kidoMiX2cbzhtkYMVu1yaTt7JZ1GoVnxhpmfVBXyHj1vBlX0fgGoHPsM62oEhLL0 + 56Y0QK+KvcmOf1pHnL2nZ14au8ykLtu5Wc+73OlP+N7wZsmHL1juLB4w1R89cROl + yxQ3DXxA7ZaaLH8NDfDl0VfTnfG8C5PuQAPfhQtTN5CFAQ4DslgfDDfB4G8QA/0S + ibtiSCsnwCpxu7T372VjYTYog++QK4+ofUG4VMjpLTqbsZjGnY/fh6uVePBWhumr + CXm9bU64rLdzv/OjZDxQNhqS32pfgnD3OliiCXaL1hfh0LwDw82EtAZJtoHCyKw1 + CN/93N8VjnkZeLtk0DBKvTrOxNepYqgTuSscg9zugAP/SbSVcu6Hz9gb+FuLdS6C + N1W/i2E8O3NDhTYPKkkipp+z8sJx7N5x1ttBFotzzJNubwTpwWhGmW5YI0QVPBTw + ogvcfnRoQ9mOzmUaQHBAXYn8mptG5pDfDF7m7Xmvbegrjt1RGbxUQaDhqyQtn4/a + 1qe6XfYKcgN6+mhGNE9tcDqFAg4DiLcKbyvsTOYQCACyEw6Z2Hr+qzYUFYCO35Eo + 6p13n00GAscrVYrs7a6FEn1ght1OY+89U5H/lwQAMiLV0ILOfx/UCmpnmdhhwoXV + 33DppCfnb+GBEPOlO5tiposXMc/LCIgxm7YH+lC2Hjx/xewnVIINXjMog31SLlPT + s6lWuQvXXE397mgC2yvy8MLWehapO5PPKpXVdE4t8vkzUUETu3Oor0z8zseryXWe + iGvgxVf144D71wMoqyhwoptxk/BShNK1Kc8kO46AUjBK2ofGxZ7FJNXggjfDGYl+ + UU5DTLZT3PgxTLOuWfu0/koLO4SpmM3UkyqUDLaA6f0aHfY8OTVg9eWL10dLo9a/ + B/4mxo6QIq41xHLu0z1mUu+K1/2mltQDGYqf9IQKC/fA+5i/WZbqGzXCufE6//3Z + RRM6djQPgKCG8FlX1mGEH8iogfoqvPwbeJ231j5rp/Z239RJL9BiQtQ7MPKw911c + PMP+P6yZoKxjX31T8XUyRTcN32j14J8+9d/nSICoA0++KwpVSVv1feXS2xe0np4p + kHCQfcrSdMoZ06wEfvoJyyLBH2nLCR1mUX/5tnGC2AoJnNmoL6ofnfSpxt+72lq/ + o12yg1aAhRDPwCwa/IuAH6f8IGWl3BqQXG5GCc8k/0UhxyzzxJiLonpcdRkbWI0D + lSk8AnDcHaky/flo2jXDucCShQIMA6zwzgobrGmRARAAs2C5FLLnNtgPpcyRrO1Q + yvR/b4qGMFZ43HYmMhVqPN/PF8oFWVBQYqdlj7G+JugitESkJ0phCmmT0OC0RSIF + En1tpeNfT2D3Q514gHFsQpXm7oKaW4Qwqstk37/q3r4qgNOABBYjV2PJyWTTsgFc + WnAKPFS+qwfZtQ3gq4Ql6Tkx5wAjmBbmVQt1edbDJ1ybd7NiiBN6JS42mRwK1GEV + S+zTm1ob1aVu31Rv/YrrpBKffngj/YnRcWWY/UMjBHs77BxPZsrtCh08Ka3iW2rq + iROvXPiRqgIaXoWBKaJtrArQmHKNCfiUYWtcPwQKI9LbUQrFs7rHcA0L6ubgJfO6 + nzzIKgIwtpQBBfeDKQVEzPizpfC0YUD0K4lAb3pWqxvfaVmVGC4Fb+MmgAVwyCML + FXYCU/XdHPoTUQBEqyJQBENNI1CFNh1PEh7rcDln+dMidOowAsZ80T7LKvoh9z6H + hFlIq6shb/eC7i4T/SHfryZYrKBSSUYeHZeSCW3n2J306LnxyH7KMMExA2qqxvjp + nDtkpelwb8JV/O+qkao7GM1vC2Id5Ob5857a7aWXg1yTy9sotaZKz+j9KxkO+NnX + WjGq9GWNNyVKSK1m2vGDFGkneT+EryJAXJdZ9NUW57BrzKFeV4U2vZWqMQuRZtXQ + tKtwYeJgWYWTi+1MspOCA0LSSwE8Ib/xWkv3yGktFjC/wd5ZJmaw9Wo4ki19fQuw + AsI0lJ1p2/CVXjRDARac//spmduf+E4dJRGhI2XBOEJYglKxJWhXgRFfaep0EA== + =cvE9 + -----END PGP MESSAGE----- + +postgres: + users: + discourse: + password: | + -----BEGIN PGP MESSAGE----- + + hQQOA7A9CHm0S6RyEA/+NluB+umabXLT2/uSLa4/viV0R+KF+bHiNA4EAXHkNJVR + OGTI5jCXSjFa9N3FlqNOh+dS66WxC2li8426JJlviekjCWBsHI8B+EXiLvQTtakU + kpad09pwK8xXlc1/RMSAhJ4wdQpSpUZ0mqIPBX7n2nO1on9O179vaVzCNznOiv4+ + hmnriTK6b1TFGhY67rhE0vF9uqZ7Wv6uSg+CLYCr8afcL45UDlqm2OThZ3ya4qOW + x5f9QvLWTkLfRPhqiMAf+ZGZRzpXaNY7j9Kn56X3NkgXWpZ0KClVssV3BpqRj0lO + 296MYg2VUF8NGD8H9LpqR6c+zFw/9YsR9I5tJLewnWSq7C+GW5enaWVNRjgjDlXn + z5xemZx0StzXa/6ZJQRdR/0iPuUOn9sHdQGCD5Kp79LOk0Yelg2r2hwuJECiAi/c + 0xYuQ6dNSwmTdXsfz0teFgX5laWvzpEUozfoxxsskJjuJ5MyhpvwoSdhURS7UyAe + N0prCDa1tkzfxZnVA8h2xf0htkjBeybx68cI+RqqahjnTigq+QhuD2SzZ6hiVwOe + brnzpWnEY0WQPBpW/OaspBmWskSGm31Dirr+UP6KXhzTL6oQj/79yzy9NHJmbSvT + Vqq3OwEWVQa3PGBaSzoxd9us/oVZb+6TS/eW/GaHOT5BDSjSZVRKEDP35DUj9SoP + /RHtNwfpx7nXxpEhE8slY1qfOw/xxwPmCZzX6k+/fd2VCZanx8vpFO7oc24/eWe+ + wgFQAU794SxJEsqnyrGjv0+fGy0ybQ/Dk5DuGHXN88Qf7mWDobwnvDmCQX+qooJC + mcvXDvhFeb+Hy39cuYJqCrOTgHhFSzNm+QgZVaAc15PlWPw9m2HWJKfFyNFwFNsP + w36tOBSoczoJKYdLrukoJw5gcCJlqjijry+wr+2sO8/2rZUYjOhrenzA5ay8oJdO + K2Yw/ScE50Ihm22OAqJI6i12UDbCJiMxlGaqYOdvGjQ35xt1RFSCP0CGGA1HIy+n + 50s1j778AyR8S7b6hWge0dHmiHvkSMfUi6frLyebijIRaPqej8+nUsyTC/YhHboS + RCy7mWdat6okRC1/ATgqoacpZGdfaRXTxaGZpgPw8/xJs5dpTrdWOiGXYbX4nIrL + wlVRmRt9k+4OrCaiNRv87kpJ8hhobRCJJz+VFpm50wGkwbdsdohhwtm1jIw7bt5F + UIygbE5cNRoXSOL9NCozeGTWeu8YUk2SNGw6pRAFWqTWkyc5TnudOnwzrB+1jAyU + mQpms+Ga+w1CicjqS9TxQfx+QHm8OKIX9jUHvOKLkQDoAD2NeGna+gtwVZc3mumr + iFcaN3Gksi8SdhYVgeGs8TOAgvgdBdYTVzbue2qzQ6oQhQIMA8amgupjyC8cARAA + mtwtVk3DcPRW4Qv9ttZESa//HpXArXJb8ohxSWGWjjsIOZOSyMrRyjRSoEdWK7Uq + nDEQi0g2dm3ZB4rB3+k9mWD0MjSoeHsmK7LoGzf/4CC+AVwgQWZkZhu8kiDm4F/z + 4Jy9M5gv+5afLMI/Q7LusWZ3j0q0g/gXxXv3nVViYmL6HrZrbZGdOlDhEmqd+EGJ + nPTvsKrIWmWadMKERTkhV9pdaw5+RZjK98AA1q+r7sJ9Fyaii/tHiJgBXHvXFqNP + VMt8uAvnJ122NpCl/ZEiJ0NkZ/qHkxdunt8vmqgQNvYitBwma3ht5q0/Wz7gGdkT + Iii0bxutY1CFSa0zwmgXTxbWVB7P6jd0PadOcI3DXzwpo+ZM2wSkoipbFUSlgvRK + 4ky57iJDGcMfcytjkOLWHa7ediXHoiCOd16ljwBBVpyfUWhZ/ai1AhEhpk3FN8nc + ikzXnZxtZGWJOyl9a3uNUzeGTfMfJ1d06C10fGFDrK+3RBDBo2zsCEP/Ponm7WAk + JcAkk1ww5uDz2uOP8wrS5/g61ww9mAAsIqTc0BdhF/iZl0GdYo6ZKqMsxTVJZvx4 + 3h9RHSl5jYnIWJ9Q9bCuKM+ika+O8LuxMsdDSIOc7BZcP3iA2yMTKbE7u4sdfl1g + IVGczeHaiTEveaE0QIZe9Q6GdXMJkoY2Yx7WvqsG5q6FAQ4DslgfDDfB4G8QA/96 + nSdVFTIRY2QF+ZxzNM69ScIdgeGTVGjX1XdLD84xYIi7p+c5qXlSMZ5+yLo0wo0x + l3LEHrC+vsw1oGATGXBfT2AshZLS6iDnfjfyEnHH2mAWXyTB6JxoR3aJdVGhw9Vj + K+A3kSF4IeLU3cZLMJcUIBDiIC02VP8q74xBTZO4/AP9Gjwo/IujZ/2UCdV3ZwTg + B/jh8WjzcaQo5Hh0R80kPwAPLtBhQySsDL2CBeCfpzoee+UTig98Wf1kLrxIssQv + h3p8DsgnSVTLp/7240aSStfUAuZ1Rlem6P5k6LjDGHflneDAtKdD3ea+jI0W1wa9 + 1D7PTzLe6RyZRwgXbOCfdQ+FAg4DiLcKbyvsTOYQB/9+gEILemIfRxT4/br+uP6T + uVh1IFFl+v2RR5w+xAUWPD1PE3q59gDUBjmIuR+JgFttD/6gkkHZOuCv0rpf1X2F + It54OvXQa0WID1ZznTehM1/bhUaDuMKo/ojyXliY+wrSmu2djdK9JR0N+DYXdf2h + VrgSKp9/J15T90PcToKJB9z7z2hS0Gw1EEWIkAwrp4Lu61AKT2GeeNwyCjrZoThF + N+MABrqPlJimYIHMZaOlLoxj+peHdje3zCzvv6sJoaiuS5OtXUvmPtrFfr/WzxMu + iijJ9N5Puc6g1mSGrtzUKCymaNrSQa+wo2Po/MSsZwa9RpRhKl/UnwxK/F5XrUw9 + B/43W4deINN6CREDyI2HyPzq6yzp0zZfRWXoBVxwDZcXNttE+BTGB9H02XpUp7ZZ + uTmnamGjP1ozGSVDJDp97L8dxu0Xq8pMVpvKUStgpWFdlhCBayoUniMWa3OQZIQm + 5YZ6ldymFjK6WSdG5/37rafXXIphZlesmNBl9Nx+X45YLBSROq8Nf2wzJompA8Rc + cKPtitqckKgA2DmQ7e8X0v38zggbz95RM85RiBaM4i7d3Dw8t5vC6/dgq0aCeZOR + m+tLNGEnxtNByBAqsJiAbc0ax7N0tBFh9oxoD8ZM4cTWpJczayIYhzvIWEzOuZY/ + TncftQ6/vtpZH9EMsIadObJuhQIMA6zwzgobrGmRAQ/+IZJ72DMvWwOinFa5P+Xk + ivZk9E86N+q9Smt0cCgWzDMfUBtUlAS9SfYQwNjV2o2vY2JbgzNbk4zGp1WuRirP + 7gUKRxFQzKyFNZ7mc1Jk17TUepGgwZGBmwVZxHuhp9dfa9aCpqmFd87A+Bv/mMMT + IsC/4zTQTxinrEA8sRwCjoSSQZpdg+yYv/iCRD6w36K+1LMiohBm/PFEgdAIt3Q5 + eGG6K8FD9JavpaOlwBedyZjBxl1xJFe4HkV9WmpsFv/VpNdPgsYsc7pCIFxPqYPK + tPXtdGvMk9yETkksOabeqIsPa9QEvF6fVZGdhmZBjBF/k3dd3UCGIDuBqtRJK3HI + oosK7e0Of6OKln8wJKUCZikx+SokXo608e5Zsjgbt3jyB7LhQgOD/ewvGSpV62h6 + WwFiz9s+svi6iReIbXZmo5Kotf3g0yQHHDcUPXprCpZBCEvGe2L2yXePVdJgm7KG + pxDclcu901/5FnZIFxXXFAXcDMwePoPYWb6hGwhGhUkd3/dXp/AjgBtmgkgqkPW5 + ImtMMnSsox/jhYnNguBbp6IjA8KBh/9KFNZ8N6+CQ5KQiZqszRTzXC+yo3fwMd/3 + d41PX92XaxdhHir9q9Clbs5y6lS3BVq2WUHi3+xGRTI6ZbEMVZAd9pvonhgxSMqX + AIs5zq0pT1It52rj9empjALSWwFiaJfwEzMr9xCiWfWal5Rbl+6r0vPnKmzG+Hgt + JqvPLV5SEHzv6HN2z4F/VNajYc2W9/RKJX1BOYsfA5CIiHDqhURgYKkOSDuRzLp6 + uTca5NgFGUayAsZFnX4= + =dyp5 + -----END PGP MESSAGE----- diff --git a/salt/profile/discourse/files/discourse.conf b/salt/profile/discourse/files/discourse.conf new file mode 100644 index 0000000..54608ca --- /dev/null +++ b/salt/profile/discourse/files/discourse.conf @@ -0,0 +1,25 @@ +# host address for db server +# This is set to blank so it tries to use sockets first +db_host = {{ pillar['profile']['discourse']['database_host'] }} + +# database name running discourse +db_name = {{ pillar['profile']['discourse']['database_name'] }} + +# username accessing database +db_username = {{ pillar['profile']['discourse']['database_user'] }} + +# password used to access the db +db_password = '{{ pillar['postgres']['users']['discourse']['database_password'] }}' + +# hostname running the forum +hostname = {{ pillar['profile']['discourse']['hostname'] }} + +# domain passed to smtp server +smtp_domain = {{ pillar['profile']['discourse']['smtp_domain'] }} + +# must be a 64 byte hex string, anything else will be ignored with a warning +secret_key_base = {{ pillar['profile']['discourse']['secret_key'] }} + +# register an account at: https://www.maxmind.com/en/geolite2/signup +# then head to profile and get your license key +maxmind_license_key = {{ pillar['profile']['discourse']['maxmind'] }} diff --git a/salt/profile/discourse/files/mail-receiver-environment.json b/salt/profile/discourse/files/mail-receiver-environment.json new file mode 100644 index 0000000..f59aad6 --- /dev/null +++ b/salt/profile/discourse/files/mail-receiver-environment.json @@ -0,0 +1,6 @@ +{ + "MAIL_DOMAIN": "forums.opensuse.org", + "DISCOURSE_BASE_URL": "https://discourse.opensuse.org/", + "DISCOURSE_API_KEY": "", + "DISCOURSE_API_USER": "system" +} diff --git a/salt/profile/discourse/init.sls b/salt/profile/discourse/init.sls index 7e0639d..1b91186 100644 --- a/salt/profile/discourse/init.sls +++ b/salt/profile/discourse/init.sls @@ -2,6 +2,51 @@ discourse_pgks: pkg.installed: - pkgs: - discourse + - ruby2.7-rubygem-discourse_mail_receiver + +discourse_config: + file.managed: + - name: /srv/www/vhosts/discourse/config/discourse.conf + - source: salt://profile/discourse/files/discourse.conf + - template: jinja + - require_in: + - service: discourse_target + - watch_in: + - module: discourse_target + +discourse_mail_receiver_settings: + file.managed: + - name: /etc/postfix/mail-receiver-environment.json + - source: salt://profile/discourse/files/mail-receiver-environment.json + - template: jinja + - require_in: + - service: discourse_target + - watch_in: + - module: discourse_target + +discourse_mail_transport: + file.managed: + - name: /etc/postfix/transport + - contents: 'forums.opensuse.org discourse:' + - user: root + - group: root + - mode: 0644 + - replace: True + - require_in: + - service: discourse_target + - watch_in: + - module: discourse_target + +discourse_mail_transport_postmap: + cmd.run: + - name: postmap /etc/postfix/transport + - runas: root + - onchanges: + - file: discourse_mail_transport + - watch_in: + - service: postfix + - require: + - pkg: postfix discourse_target: service.running: diff --git a/salt/profile/mailserver/files/transport b/salt/profile/mailserver/files/transport index d6a7984..df0641b 100644 --- a/salt/profile/mailserver/files/transport +++ b/salt/profile/mailserver/files/transport @@ -1,2 +1,3 @@ lists.opensuse.org smtp:[mailman3.infra.opensuse.org] lists.uyuni-project.org smtp:[mailman3.infra.opensuse.org] +forums.opensuse.org smtp:[discourse01.infra.opensuse.org] diff --git a/salt/profile/postfix/init.sls b/salt/profile/postfix/init.sls index 95795cf..815b463 100644 --- a/salt/profile/postfix/init.sls +++ b/salt/profile/postfix/init.sls @@ -25,3 +25,18 @@ postfix_alias_present_{{ user }}: - watch_in: - service: postfix {%- endfor %} + +# update master.cf +# (only update options given in profile:postfix:maincf pillar, other settings stay unchanged) +{%- for option, value in salt['pillar.get']('profile:postfix:mastercf', {}).items() %} +/etc/postfix/master.cf_{{ option }}: + file.replace: + - name: /etc/postfix/master.cf + - pattern: '^{{ option }}\s.*$' + - repl: '{{ option }} {{ value }}' + - append_if_not_found: True + - require: + - pkg: postfix + - watch_in: + - service: postfix +{%- endfor %}