include:
{% if salt['grains.get']('include_secrets', True) %}
  - secrets.role.mailman3
{% endif %}
  - role.common.nginx

# Special config for mailman in the postfix relay
profile:
  postfix:
    maincf:
      recipient_delimiter: '+'
      owner_request_special: 'no'
      transport_maps: 'lmdb://var/lib/mailman/data/postfix_lmtp,lmdb:/etc/postfix/transport,hash:/etc/postfix/ratelimit'
      local_recipient_maps: 'lmdb://var/lib/mailman/data/postfix_lmtp'
      relay_domains: 'lmdb://var/lib/mailman/data/postfix_domains'
    aliases:
      mailman: root
  mailman3:
    admin_user: mailman
    database_user: mailman
    database_host: 192.168.47.4
    server_list:
      - lists.opensuse.org
      - lists.uyuni-project.org
      - mailman3.infra.opensuse.org

nginx:
  ng:
    servers:
      managed:
        lists.opensuse.org.conf:
          config:
            - map $request_uri $mails_rewritemap:
                - include: /etc/nginx/mails.rewritemap
            - map $request_uri $lists_rewritemap:
                - include: /etc/nginx/lists.rewritemap
            - map $request_uri $feeds_rewritemap:
                - include: /etc/nginx/feeds.rewritemap
            - map $request_uri $mboxs_rewritemap:
                - include: /etc/nginx/mboxs.rewritemap
            - map $request_uri $miscs_rewritemap:
                - include: /etc/nginx/miscs.rewritemap
            - upstream mailmanweb:
                - server: 127.0.0.1:8000 fail_timeout=0
            - server:
                - server_name: lists.opensuse.org lists.uyuni-project.org
                - listen:
                    - 80
                    - default_server
                - if ($mails_rewritemap):
                    - rewrite: ^(.*)$ $mails_rewritemap permanent
                - if ($lists_rewritemap):
                    - rewrite: ^(.*)$ $lists_rewritemap permanent
                - if ($feeds_rewritemap):
                    - rewrite: ^(.*)$ $feeds_rewritemap permanent
                - if ($mboxs_rewritemap):
                    - rewrite: ^(.*)$ $mboxs_rewritemap permanent
                - if ($miscs_rewritemap):
                    - rewrite: ^(.*)$ $miscs_rewritemap permanent
                - location /static/django-mailman3/img/login/opensuse.png:
                    - return: 301 https://static.opensuse.org/favicon-24.png
                - location /static/:
                    - alias: /srv/www/webapps/mailman/web/static/
                - location /:
                    - try_files: $uri @mailmanweb
                - location @mailmanweb:
                    - proxy_set_header: X-Forwarded-For $proxy_add_x_forwarded_for
                    - proxy_set_header: X-Forwarded-Proto https
                    - proxy_set_header: X-Forwarded-Protocol ssl
                    - proxy_set_header: Host $http_host
                    - proxy_redirect: "off"
                    - client_max_body_size: 400M
                    - proxy_pass: http://mailmanweb
          enabled: True

sudoers:
  included_files:
    /etc/sudoers.d/group_mailman3-admins:
      groups:
        mailman3-admins:
          - 'ALL=(ALL) ALL'