Import postfix/mailman from rad

24 files changed, 343 insertions, 0 deletions

diff --git a/roles/mailman/files/dump_mailman.sh b/roles/mailman/files/dump_mailman.sh
new file mode 100644
index 0000000..4626e31
--- /dev/null
+++ b/roles/mailman/files/dump_mailman.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+DIR=/var/backups/mailman/
+[ -d $DIR ] || mkdir -p $DIR
+
+for i in $(/usr/lib/mailman/bin/list_lists -b); do
+    for j in admins members owners; do
+        /usr/lib/mailman/bin/list_${j} > $DIR/${i}.${j}
+    done
+    /usr/lib/mailman/bin/config_list -o $DIR/${i}.config ${i}
+done
diff --git a/roles/mailman/files/fix_ansible.conf b/roles/mailman/files/fix_ansible.conf
new file mode 100644
index 0000000..036fa8e
--- /dev/null
+++ b/roles/mailman/files/fix_ansible.conf
@@ -0,0 +1,5 @@
+[Service]
+ExecStop=
+ExecStop=/usr/lib/mailman/bin/mailman-update-cfg
+ExecStop=/usr/lib/mailman/bin/mailmanctl stop
+ExecStop=/bin/sh -c 'echo -e "# Master copy is /usr/lib/mailman/cron/crontab.in" > /etc/cron.d/mailman'
diff --git a/roles/mailman/files/update_templates_mailman.sh b/roles/mailman/files/update_templates_mailman.sh
new file mode 100644
index 0000000..1e954ce
--- /dev/null
+++ b/roles/mailman/files/update_templates_mailman.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+GIT_URL=$1
+CACHE_DIR=/var/cache/mailman_templates
+
+if [ ! -d $CACHE_DIR ]; then
+    git clone $GIT_URL /var/cache/mailman_templates
+    cd $CACHE_DIR 
+else
+    cd $CACHE_DIR 
+    # on EL6, git is not respecting -q, unlike Fedora
+    git pull --rebase -q >/dev/null
+fi 
+cp -R * /var/lib/mailman/lists/
+rm -f /var/lib/mailman/lists/README.md
+chown -R apache:mailman /var/lib/mailman/lists/
+
diff --git a/roles/mailman/handlers/main.yml b/roles/mailman/handlers/main.yml
new file mode 100644
index 0000000..2995857
--- /dev/null
+++ b/roles/mailman/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+- name: restart mailman
+  service: name=mailman state=restarted
+
+- name: update mailman aliases
+  command: postalias {{ item }}
+  with_items:
+  - /etc/postfix/aliases.mailman
+  - /etc/postfix/aliases.mailman_default
diff --git a/roles/mailman/meta/main.yml b/roles/mailman/meta/main.yml
new file mode 100644
index 0000000..e949ef9
--- /dev/null
+++ b/roles/mailman/meta/main.yml
@@ -0,0 +1,5 @@
+---
+dependencies:
+- { role: postfix }
+- { role: httpd, custom_vhost: yes }
+
diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml
new file mode 100644
index 0000000..e5b78da
--- /dev/null
+++ b/roles/mailman/tasks/main.yml
@@ -0,0 +1,36 @@
+---
+- yum: name={{ item }} state=installed
+  with_items:
+  - mailman
+  - git
+  - pwgen
+
+- command: creates=/var/lib/mailman/lists/mailman /usr/lib/mailman/bin/newlist -q mailman root@{{ ansible_domain }} {{ mailman_pass }}
+
+#
+# this is a ugly work around for https://github.com/ansible/ansible-modules-core/issues/127
+- file: name=/etc/systemd/system/mailman.service.d/ state=directory
+  when: ansible_distribution == 'Fedora' or ansible_distribution_major_version == '7'
+
+- copy: mode=0644 src=fix_ansible.conf  dest=/etc/systemd/system/mailman.service.d/fix_ansible_bug.conf
+  when: ansible_distribution == 'Fedora' or ansible_distribution_major_version == '7'
+
+- template: src=mm_cfg.py dest=/etc/mailman/mm_cfg.py
+
+- service: name=mailman state=started enabled=yes
+
+- template: src=aliases dest=/etc/postfix/aliases.mailman_default
+  notify: update mailman aliases
+
+
+- template: src=vhost.conf dest=/etc/httpd/conf.d/{{ website_url | default( ansible_hostname ) }}.conf
+  notify: restart httpd
+
+- copy: mode=0755 src=update_templates_mailman.sh  dest=/usr/local/bin/update_templates_mailman.sh
+
+- cron: name="update mailman {{ mailman_git }}" job="/usr/local/bin/update_templates_mailman.sh {{ mailman_git }}" minute="*/5"
+  when: mailman_git is defined
+
+- copy: mode=0755 src=dump_mailman.sh dest=/usr/local/bin/dump_mailman.sh
+
+- cron: name="dump mailman" job=/usr/local/bin/dump_mailman.sh hour=3 minute=30
diff --git a/roles/mailman/templates/aliases b/roles/mailman/templates/aliases
new file mode 100644
index 0000000..9fbf58f
--- /dev/null
+++ b/roles/mailman/templates/aliases
@@ -0,0 +1,12 @@
+## default list
+mailman:              "|/usr/lib/mailman/mail/mailman post mailman"
+mailman-admin:        "|/usr/lib/mailman/mail/mailman admin mailman"
+mailman-bounces:      "|/usr/lib/mailman/mail/mailman bounces mailman"
+mailman-confirm:      "|/usr/lib/mailman/mail/mailman confirm mailman"
+mailman-join:         "|/usr/lib/mailman/mail/mailman join mailman"
+mailman-leave:        "|/usr/lib/mailman/mail/mailman leave mailman"
+mailman-owner:        "|/usr/lib/mailman/mail/mailman owner mailman"
+mailman-request:      "|/usr/lib/mailman/mail/mailman request mailman"
+mailman-subscribe:    "|/usr/lib/mailman/mail/mailman subscribe mailman"
+mailman-unsubscribe:  "|/usr/lib/mailman/mail/mailman unsubscribe mailman"
+
diff --git a/roles/mailman/templates/mm_cfg.py b/roles/mailman/templates/mm_cfg.py
new file mode 100644
index 0000000..539234a
--- /dev/null
+++ b/roles/mailman/templates/mm_cfg.py
@@ -0,0 +1,12 @@
+# -*- python -*-
+
+from Defaults import *
+import pwd, grp
+
+MAILMAN_UID = pwd.getpwnam('mailman')[2]
+MAILMAN_GID = grp.getgrnam('mailman')[2]
+
+DEFAULT_URL_HOST   = "{{ mailman_webinterface }}"
+DEFAULT_EMAIL_HOST = "{{ mailman_prefix }}"
+
+add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
diff --git a/roles/mailman/templates/vhost.conf b/roles/mailman/templates/vhost.conf
new file mode 100644
index 0000000..bd2f01e
--- /dev/null
+++ b/roles/mailman/templates/vhost.conf
@@ -0,0 +1,14 @@
+{% for i in '80', '443' %}
+<VirtualHost *:{{ i }}>
+
+    <Directory /usr/lib/mailman/cgi-bin/>
+        DirectoryIndex listinfo
+    </Directory>
+
+    RedirectMatch ^/$ /mailman/
+
+    RedirectMatch ^/mailman[/]*$ /mailman/listinfo
+    ServerName {{ website_url | default( ansible_hostname ) }}
+
+</VirtualHost>
+{% endfor %}
diff --git a/roles/mailman_lists/meta/main.yml b/roles/mailman_lists/meta/main.yml
new file mode 100644
index 0000000..6eb9cb8
--- /dev/null
+++ b/roles/mailman_lists/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+- { role: mailman }
+
diff --git a/roles/mailman_lists/tasks/main.yml b/roles/mailman_lists/tasks/main.yml
new file mode 100644
index 0000000..c9c1634
--- /dev/null
+++ b/roles/mailman_lists/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- command: creates=/var/lib/mailman/lists/{{ item.name }} /usr/lib/mailman/bin/newlist {{ item.name }}@{{ mailman_prefix }} {{ item.owner | default( mailman_default_owner ) }} $(pwgen -1 14)
+  with_items: mailman_lists
+
+- template: src=aliases dest=/etc/postfix/aliases.mailman
+  notify: update mailman aliases
diff --git a/roles/mailman_lists/templates/aliases b/roles/mailman_lists/templates/aliases
new file mode 100644
index 0000000..7d83dd3
--- /dev/null
+++ b/roles/mailman_lists/templates/aliases
@@ -0,0 +1,13 @@
+{% for item in mailman_lists  %}
+##
+{{ item.name }}:              "|/usr/lib/mailman/mail/mailman post {{ item.name }}"
+{{ item.name }}-admin:        "|/usr/lib/mailman/mail/mailman admin {{ item.name }}"
+{{ item.name }}-bounces:      "|/usr/lib/mailman/mail/mailman bounces {{ item.name }}"
+{{ item.name }}-confirm:      "|/usr/lib/mailman/mail/mailman confirm {{ item.name }}"
+{{ item.name }}-join:         "|/usr/lib/mailman/mail/mailman join {{ item.name }}"
+{{ item.name }}-leave:        "|/usr/lib/mailman/mail/mailman leave {{ item.name }}"
+{{ item.name }}-owner:        "|/usr/lib/mailman/mail/mailman owner {{ item.name }}"
+{{ item.name }}-request:      "|/usr/lib/mailman/mail/mailman request {{ item.name }}"
+{{ item.name }}-subscribe:    "|/usr/lib/mailman/mail/mailman subscribe {{ item.name }}"
+{{ item.name }}-unsubscribe:  "|/usr/lib/mailman/mail/mailman unsubscribe {{ item.name }}"
+{% endfor %}
diff --git a/roles/postfix/defaults/main.yml b/roles/postfix/defaults/main.yml
new file mode 100644
index 0000000..4ce4f0a
--- /dev/null
+++ b/roles/postfix/defaults/main.yml
@@ -0,0 +1,6 @@
+locals_users: []
+use_tls: True
+use_sasl: False
+use_local: False
+postfix_key: /etc/pki/tls/private/postfix.key
+postfix_cert: /etc/pki/tls/certs/postfix.pem
diff --git a/roles/postfix/files/aliases b/roles/postfix/files/aliases
new file mode 100644
index 0000000..3f03455
--- /dev/null
+++ b/roles/postfix/files/aliases
@@ -0,0 +1,5 @@
+# Basic system aliases -- these MUST be present.
+# Ansible managed file, do not edit
+# use postfix_aliases variable instead
+mailer-daemon:	postmaster
+postmaster:	root
diff --git a/roles/postfix/files/smtpd.sasl.conf b/roles/postfix/files/smtpd.sasl.conf
new file mode 100644
index 0000000..250057e
--- /dev/null
+++ b/roles/postfix/files/smtpd.sasl.conf
@@ -0,0 +1,3 @@
+pwcheck_method: auxprop
+auxprop_plugin: sasldb
+mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
diff --git a/roles/postfix/handlers/main.yml b/roles/postfix/handlers/main.yml
new file mode 100644
index 0000000..ad944ce
--- /dev/null
+++ b/roles/postfix/handlers/main.yml
@@ -0,0 +1,15 @@
+---
+- name: rebuild aliases
+  command: newaliases
+
+- name: restart postfix
+  service: name=postfix state=restarted
+
+- name: update postfix aliases
+  command: postalias /etc/postfix/aliases.{{ item }}
+  with_items:
+  - local
+  - users
+
+- name: update postfix maps
+  command: postmap /etc/postfix/local_recipient
diff --git a/roles/postfix/tasks/main.yml b/roles/postfix/tasks/main.yml
new file mode 100644
index 0000000..9fd4d61
--- /dev/null
+++ b/roles/postfix/tasks/main.yml
@@ -0,0 +1,75 @@
+---
+- yum: name={{ item }} state=installed
+  with_items:
+  - postfix
+
+- set_fact: use_sasl=True
+  when: sasl_user is defined and sasl_pass is defined
+
+- set_fact: use_tls=True
+  when: use_sasl == True
+
+- set_fact: use_local=True
+  when: local_users is defined
+
+- service: name=postfix state=started enabled=yes
+
+- template: dest=/etc/postfix/main.cf src=main.cf
+  notify: restart postfix
+
+- copy: dest=/etc/aliases src=aliases
+  notify: rebuild aliases
+
+- template: dest=/etc/postfix/aliases.{{ item }} src=aliases.{{ item }}
+  notify: update postfix aliases
+  with_items:
+  - users
+  - local
+
+- shell: lokkit -s {{ item }}
+  with_items:
+  - smtp
+  when:  ansible_distribution_major_version == '6' and (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat')
+
+- firewalld: service={{ item }} permanent=true state=enabled
+  with_items:
+  - smtp
+  when: ansible_distribution == 'Fedora' or ansible_distribution_major_version == '7'
+
+- shell: create={{ postfix_cert }} openssl req -x509 -newkey rsa:2048 -keyout {{ postfix_key }} -out {{ postfix_cert }} -days 3650 -nodes -subj '/C=US/ST=North Carolina/L=Raleigh/O=Red Hat Inc./OU=OSAS/CN={{ ansible_domain }}/emailAddress=postmaster@{{ ansible_domain }}'
+  when: use_tls
+# TODO enforce proper permission on cert + selinux
+
+- group: name=mail
+  register: mail_group
+
+- user: name=nobody
+  register: nobody_user
+  when: use_local
+
+- file: state=directory path=/var/mail/discourse{{ item }} owner={{ nobody_user.uid }} group={{ mail_group.gid }}
+  with_items:
+  - /
+  - /cur
+  - /tmp
+  - /new
+  when: use_local
+
+- template: src={{ item }} dest=/etc/postfix/{{ item }}
+  notify: update postfix maps
+  with_items:
+  - local_recipient
+  when: use_local
+
+
+- copy: src=smtpd.sasl.conf dest=/etc/sasl2/smtpd.conf
+  when: use_sasl
+# TODO check if needed
+  notify: restart saslauthd
+
+- shell: echo {{ sasl_pass }} | saslpasswd2  -a smtpd -u {{ ansible_domain }} -c {{ sasl_user }} -p
+  when: use_sasl
+
+- file: path=/etc/sasldb2 owner=root group=mail mode=0640
+  when: use_sasl
+
diff --git a/roles/postfix/templates/aliases.local b/roles/postfix/templates/aliases.local
new file mode 100644
index 0000000..9b23aec
--- /dev/null
+++ b/roles/postfix/templates/aliases.local
@@ -0,0 +1,4 @@
+{% for item in local_users %}
+{{ item }}: /var/mail/{{ item }}/
+{% endfor %}
+
diff --git a/roles/postfix/templates/aliases.users b/roles/postfix/templates/aliases.users
new file mode 100644
index 0000000..20ef480
--- /dev/null
+++ b/roles/postfix/templates/aliases.users
@@ -0,0 +1,5 @@
+{% for item in postfix_aliases %}
+{{ item.alias }}: {% if item.mail is string %} {{ item.mail }}
+{% else %} {{ item.mail |join(',') }}
+{% endif  %}
+{% endfor %}
diff --git a/roles/postfix/templates/local_recipient b/roles/postfix/templates/local_recipient
new file mode 100644
index 0000000..39d554e
--- /dev/null
+++ b/roles/postfix/templates/local_recipient
@@ -0,0 +1,4 @@
+{% for item in local_users %}
+{{ item }} OK
+{% endfor %}
+ 
diff --git a/roles/postfix/templates/main.cf b/roles/postfix/templates/main.cf
new file mode 100644
index 0000000..22546d1
--- /dev/null
+++ b/roles/postfix/templates/main.cf
@@ -0,0 +1,76 @@
+queue_directory = /var/spool/postfix
+command_directory = /usr/sbin
+daemon_directory = /usr/libexec/postfix
+data_directory = /var/lib/postfix
+mail_owner = postfix
+
+inet_interfaces = all
+inet_protocols = all
+
+
+mydestination = $myhostname, 
+                localhost.$mydomain, 
+                localhost, 
+                {{ ansible_domain }}, 
+                {{ mailman_prefix | default('') }}
+
+unknown_local_recipient_reject_code = 550
+
+# ALIAS DATABASE
+#
+# The alias_maps parameter specifies the list of alias databases used
+# by the local delivery agent. The default list is system dependent.
+#
+# On systems with NIS, the default is to search the local alias
+# database, then the NIS alias database. See aliases(5) for syntax
+# details.
+# 
+# If you change the alias database, run "postalias /etc/aliases" (or
+# wherever your system stores the mail alias file), or simply run
+# "newaliases" to build the necessary DBM or DB file.
+#
+# It will take a minute or so before changes become visible.  Use
+# "postfix reload" to eliminate the delay.
+#
+#alias_maps = dbm:/etc/aliases
+alias_maps = hash:/etc/aliases,
+{% if use_local == True %}
+             hash:/etc/postfix/aliases.local,
+{% endif %}
+             hash:/etc/postfix/aliases.mailman_default,
+             hash:/etc/postfix/aliases.mailman, 
+             hash:/etc/postfix/aliases.users
+
+
+{% if use_local == True %}
+local_recipient_maps = hash:/etc/postfix/local_recipient, $alias_maps
+{% endif %}
+
+recipient_delimiter = +
+
+
+debug_peer_level = 2
+debugger_command =
+	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+	 ddd $daemon_directory/$process_name $process_id & sleep 5
+
+{% if use_tls == True %}
+smtpd_tls_cert_file={{ postfix_cert }}
+smtpd_tls_key_file={{ postfix_key }}
+smtpd_use_tls=yes
+{% endif %}
+
+{% if use_sasl == True %}
+smtpd_tls_auth_only = yes
+smtpd_sasl_auth_enable = yes
+smtpd_sasl_application_name = smtpd
+smtpd_sasl_local_domain = {{ ansible_domain }}
+{% endif %}
+
+smtp_use_tls = yes
+
+sendmail_path = /usr/sbin/sendmail.postfix
+newaliases_path = /usr/bin/newaliases.postfix
+mailq_path = /usr/bin/mailq.postfix
+setgid_group = postdrop
+
diff --git a/roles/postfix/templates/virtual_gid b/roles/postfix/templates/virtual_gid
new file mode 100644
index 0000000..62f452c
--- /dev/null
+++ b/roles/postfix/templates/virtual_gid
@@ -0,0 +1 @@
+@{{ ansible_domain }} {{ mail_group.gid }}
diff --git a/roles/postfix/templates/virtual_mailbox b/roles/postfix/templates/virtual_mailbox
new file mode 100644
index 0000000..ced3f62
--- /dev/null
+++ b/roles/postfix/templates/virtual_mailbox
@@ -0,0 +1,5 @@
+#  user@{{ ansible_domain }} user
+{% for item in local_users %}
+{{ item }}@{{ ansible_domain }} {{ item }}
+{% endfor %}
+
diff --git a/roles/postfix/templates/virtual_uid b/roles/postfix/templates/virtual_uid
new file mode 100644
index 0000000..8ac4140
--- /dev/null
+++ b/roles/postfix/templates/virtual_uid
@@ -0,0 +1,2 @@
+# @manageiq.org 97
+@{{ ansible_domain }} {{ dovecot_user.uid }}