Config fuer lists dazu

inventories/chaosknoten/host_vars/lists.yaml

@@ -0,0 +1,12 @@
+docker_compose__compose_file_content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/compose/compose.yaml') }}"
+docker_compose__configuration_files: [ ]
+
+certbot__version_spec: ""
+certbot__acme_account_email_address: j+letsencrypt-ccchh@jsts.xyz
+certbot__certificate_domains:
+  - "lists.hamburg.ccc.de"
+
+nginx__version_spec: ""
+nginx__configurations:
+  - name: lists.hamburg.ccc.de
+    content: "{{ lookup('ansible.builtin.file', 'chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf') }}"

inventories/chaosknoten/hosts.yaml

@@ -6,6 +6,18 @@ all:
           ansible_host: cloud-intern.hamburg.ccc.de
           ansible_user: chaos
           ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666
+        keycloak:
+          ansible_host: keycloak-intern.hamburg.ccc.de
+          ansible_user: chaos
+          ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666
+        lists:
+          ansible_host: lists.hamburg.ccc.de
+          ansible_port: 42666
+          ansible_user: chaos
+        onlyoffice:
+          ansible_host: onlyoffice-intern.hamburg.ccc.de
+          ansible_user: chaos
+          ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666
         pad:
           ansible_host: pad-intern.hamburg.ccc.de
           ansible_port: 42666
@@ -15,22 +27,15 @@ all:
           ansible_host: public-reverse-proxy.hamburg.ccc.de
           ansible_port: 42666
           ansible_user: chaos
-        keycloak:
-          ansible_host: keycloak-intern.hamburg.ccc.de
-          ansible_user: chaos
-          ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666
         wiki:
           ansible_host: wiki-intern.hamburg.ccc.de
           ansible_user: chaos
           ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666
-        onlyoffice:
-          ansible_host: onlyoffice-intern.hamburg.ccc.de
-          ansible_user: chaos
-          ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de:42666
     docker_compose_hosts:
       hosts:
         pad:
         keycloak:
+        lists:
         onlyoffice:
     nextcloud_hosts:
       hosts:
@@ -40,6 +45,7 @@ all:
         pad:
         public-reverse-proxy:
         keycloak:
+        lists:
         wiki:
         onlyoffice:
     public_reverse_proxy_hosts:
@@ -53,6 +59,7 @@ all:
       hosts:
         pad:
         keycloak:
+        lists:
         wiki:
         onlyoffice:
     infrastructure_authorized_keys_hosts:

playbooks/files/chaosknoten/configs/lists/compose/compose.yaml

@@ -0,0 +1,73 @@
+version: '2'
+
+services:
+  mailman-core:
+    restart: unless-stopped
+    image: maxking/mailman-core:0.4 # Use a specific version tag (tag latest is not published)
+    container_name: mailman-core
+    hostname: mailman-core
+    volumes:
+    - /opt/mailman/core:/opt/mailman/
+    stop_grace_period: 30s
+    links:
+    - database:database
+    depends_on:
+    - database
+    environment:
+    - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
+    - DATABASE_TYPE=postgres
+    - DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
+    - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
+    - MTA=postfix
+    ports:
+    - "127.0.0.1:8001:8001" # API
+    - "127.0.0.1:8024:8024" # LMTP - incoming emails
+    networks:
+      mailman:
+
+  mailman-web:
+    restart: unless-stopped
+    image: maxking/mailman-web:0.4 # Use a specific version tag (tag latest is not published)
+    container_name: mailman-web
+    hostname: mailman-web
+    depends_on:
+    - database
+    links:
+    - mailman-core:mailman-core
+    - database:database
+    volumes:
+    - /opt/mailman/web:/opt/mailman-web-data
+    environment:
+    - DATABASE_TYPE=postgres
+    - DATABASE_URL=postgresql://mailman:wvQjbMRnwFuxGEPz@database/mailmandb
+    - HYPERKITTY_API_KEY=ITfRjushI6FP0TLMnRpZxlfB2e17DN86
+    - SERVE_FROM_DOMAIN=lists.hamburg.ccc.de
+    - SECRET_KEY=ugfknEYBaFVc62R1jlIjnkizQaqr7tSt
+    - MAILMAN_ADMIN_USER=ccchh-admin
+    - MAILMAN_ADMIN_EMAIL=tony@cowtest.hamburg.ccc.de
+    ports:
+    - "127.0.0.1:8000:8000" # HTTP
+    - "127.0.0.1:8080:8080" # uwsgi
+    networks:
+      mailman:
+
+  database:
+    restart: unless-stopped
+    environment:
+    - POSTGRES_DB=mailmandb
+    - POSTGRES_USER=mailman
+    - POSTGRES_PASSWORD=wvQjbMRnwFuxGEPz
+    image: postgres:11-alpine
+    volumes:
+    - /opt/mailman/database:/var/lib/postgresql/data
+    networks:
+      mailman:
+
+networks:
+  mailman:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+      -
+        subnet: 172.19.199.0/24

playbooks/files/chaosknoten/configs/lists/nginx/lists.hamburg.ccc.de.conf

@@ -0,0 +1,26 @@
+server {
+	root /var/www/html;
+    server_name lists.hamburg.ccc.de; # managed by Certbot
+
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+
+    ssl_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/lists.hamburg.ccc.de/privkey.pem; # managed by Certbot
+    # verify chain of trust of OCSP response using Root CA and Intermediate certs
+    ssl_trusted_certificate /etc/letsencrypt/live/lists.hamburg.ccc.de/chain.pem;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+
+    location /static {
+        alias /opt/mailman/web/static;
+        autoindex off;
+    }
+
+    location / {
+          uwsgi_pass localhost:8080;
+          include uwsgi_params;
+          uwsgi_read_timeout 300;
+    }
+}