Fully setup hyperkitty and nginx rules.
This commit is contained in:
parent
3c36760a71
commit
50615a327b
|
@ -1,5 +1,7 @@
|
|||
# Mailman
|
||||
mailman_domain: mailman3.archlinux.org # lists.archlinux.org
|
||||
mailman_db_user: mailman
|
||||
mailman_nginx_conf: /etc/nginx/nginx.d/mailman.conf
|
||||
|
||||
# Hyperkitty
|
||||
hyperkitty_dir: /usr/share/webapps/hyperkitty
|
||||
|
|
0
roles/mailman/files/hyperkitty.socket
Normal file
0
roles/mailman/files/hyperkitty.socket
Normal file
22
roles/mailman/files/uwsgi-secure@.service
Normal file
22
roles/mailman/files/uwsgi-secure@.service
Normal file
|
@ -0,0 +1,22 @@
|
|||
[Unit]
|
||||
Description=uWSGI service unit
|
||||
After=syslog.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/uwsgi --ini /etc/uwsgi/%I.ini
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
ExecStop=/bin/kill -INT $MAINPID
|
||||
Type=notify
|
||||
SuccessExitStatus=15 17 29 30
|
||||
StandardError=syslog
|
||||
NotifyAccess=all
|
||||
KillSignal=SIGQUIT
|
||||
PrivateDevices=yes
|
||||
PrivateTmp=yes
|
||||
ProtectSystem=full
|
||||
ReadWriteDirectories=/etc/webapps /var/lib/
|
||||
ProtectHome=yes
|
||||
NoNewPrivileges=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
10
roles/mailman/files/uwsgi-secure@.socket
Normal file
10
roles/mailman/files/uwsgi-secure@.socket
Normal file
|
@ -0,0 +1,10 @@
|
|||
[Unit]
|
||||
Description=Socket for uWSGI %I
|
||||
|
||||
[Socket]
|
||||
ListenStream=/run/%I/%I.sock
|
||||
SocketGroup=http
|
||||
SocketMode=0660
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
|
@ -29,7 +29,9 @@
|
|||
become_user: postgres
|
||||
become_method: su
|
||||
|
||||
- template: src="hyperkitty.py.j2" dest="/etc/webapps/hyperkitty/settings_local.py" owner=hyperkitty group=root mode=0644
|
||||
- file: src=/etc/webapps/hyperkitty/settings_local.py dest=/usr/share/webapps/hyperkitty/settings_local.py owner=root group=hyperkitty state=link
|
||||
|
||||
- template: src="hyperkitty.py.j2" dest="/etc/webapps/hyperkitty/settings_local.py" owner=root group=hyperkitty mode=0644
|
||||
|
||||
# TODO: only run when required, ie. hyperkitty package updated
|
||||
- name: generate a hyperkitty database
|
||||
|
@ -82,6 +84,36 @@
|
|||
become_method: sudo
|
||||
when: not hyperkitty_superuser_existed
|
||||
|
||||
- name: copy uwsgi-secure@.socket service
|
||||
copy: src=uwsgi-secure@.service dest=/etc/systemd/system/uwsgi-secure@.service
|
||||
notify:
|
||||
- daemon reload
|
||||
|
||||
- name: copy uwsgi-secure@.socket service
|
||||
copy: src=uwsgi-secure@.socket dest=/etc/systemd/system/uwsgi-secure@.socket
|
||||
notify:
|
||||
- daemon reload
|
||||
|
||||
- name: create ssl cert
|
||||
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ mailman_domain }}' creates='/etc/letsencrypt/live/{{ mailman_domain }}/fullchain.pem'
|
||||
|
||||
- name: make nginx log dir
|
||||
file: path=/var/log/nginx/{{ mailman_domain }} state=directory owner=root group=root mode=0755
|
||||
|
||||
- name: set up nginx
|
||||
template: src=nginx.d.conf.j2 dest="{{ mailman_nginx_conf }}" owner=root group=root mode=644
|
||||
notify:
|
||||
- reload nginx
|
||||
tags: ['nginx']
|
||||
|
||||
- name: make nginx log dir
|
||||
file: path=/var/log/nginx/{{ mailman_domain }} state=directory owner=root group=root mode=0755
|
||||
|
||||
- name: enable hyperkitty socket
|
||||
service: name="uwsgi-secure@hyperkitty.socket" enabled=yes state=started
|
||||
|
||||
- name: enable hyperkitty asynchronous operations service
|
||||
service: name="hyperkitty-qcluster.service" enabled=yes state=started
|
||||
|
||||
- name: start and enable mailman core service
|
||||
service: name="mailman3.service" enabled=yes state=started
|
||||
|
|
|
@ -10,6 +10,7 @@ ADMINS = (
|
|||
ALLOWED_HOSTS = [
|
||||
"localhost",
|
||||
"127.0.0,1",
|
||||
"{{ mailman_domain }}",
|
||||
]
|
||||
|
||||
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
|
||||
|
@ -23,7 +24,7 @@ DATABASES = {
|
|||
'ENGINE' : 'django.db.backends.postgresql_psycopg2',
|
||||
'NAME' : 'hyperkitty',
|
||||
'USER' : '{{ hyperkitty_db_user }}',
|
||||
'PASSWORD': ''{{ vault_postgres_users.hyperkitty }},
|
||||
'PASSWORD': '{{ vault_postgres_users.hyperkitty }}',
|
||||
'HOST' : 'localhost',
|
||||
'PORT' : '',
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name mailman.archlinux.org;
|
||||
server_name mailman3.archlinux.org;
|
||||
|
||||
access_log /var/log/nginx/{{ mailman_domain }}/access.log reduced;
|
||||
error_log /var/log/nginx/{{ mailman_domain }}/error.log;
|
||||
|
@ -17,17 +17,21 @@ server {
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name mailman.archlinux.org;
|
||||
server_name mailman3.archlinux.org;
|
||||
|
||||
access_log /var/log/nginx/{{ mailman_domain }}/access.log reduced;
|
||||
error_log /var/log/nginx/{{ mailman_domain }}/error.log;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/mailman.archlinux.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/mailman.archlinux.org/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/mailman.archlinux.org/chain.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/mailman3.archlinux.org/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/mailman3.archlinux.org/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/mailman3.archlinux.org/chain.pem;
|
||||
|
||||
location / {
|
||||
access_log off;
|
||||
return 301 https://{{ mailman_domain }}$request_uri;
|
||||
charset utf-8;
|
||||
client_max_body_size 75M;
|
||||
root /usr/share/webapps/hyperkitty;
|
||||
|
||||
location ~^/(accounts|admin|hyperkitty)/(.*)$ {
|
||||
include /etc/nginx/uwsgi_params;
|
||||
uwsgi_pass unix:/run/hyperkitty/hyperkitty.sock;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue