From 4894a495a022f0c7355c14751616cd0082c2a1a2 Mon Sep 17 00:00:00 2001 From: VC Date: Fri, 5 Jul 2024 11:53:08 +0200 Subject: [PATCH] Plein de trucs --- roles/firewall/templates/firewall.j2 | 14 ++- roles/ftp/files/deleteoldfiles.sh | 49 +------- roles/mailman/files/mailman.cfg | 69 +++++++++++ roles/mailman/files/mm_cfg.py | 109 ------------------ roles/mailman/handlers/main.yml | 4 +- roles/mailman/tasks/main.yml | 22 ++-- .../templates/vhosts/mm.pipoworld.fr.conf.j2 | 18 ++- roles/postfix/files/generate_email.sh | 0 roles/postfix/files/main.cf | 5 +- roles/spamassassin/files/local.cf | 2 + roles/webapps/tasks/tootctl.yml | 2 +- 11 files changed, 116 insertions(+), 178 deletions(-) create mode 100644 roles/mailman/files/mailman.cfg delete mode 100644 roles/mailman/files/mm_cfg.py mode change 100755 => 100644 roles/postfix/files/generate_email.sh diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2 index 19568c6..9107fa6 100644 --- a/roles/firewall/templates/firewall.j2 +++ b/roles/firewall/templates/firewall.j2 @@ -429,7 +429,7 @@ config rule option family 'ipv4' config rule - option name 'Allow-FORWARD-Munin-Mikrotik' + option name 'Allow-FORWARD-Munin-Mikrotik-Garregmach' option src 'dmz' option src_ip '{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' list proto 'tcp' @@ -440,6 +440,18 @@ config rule option target 'ACCEPT' option family 'ipv4' +config rule + option name 'Allow-FORWARD-Munin-Mikrotik-Derdriu' + option src 'dmz' + option src_ip '{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'] }}' + list proto 'tcp' + list proto 'udp' + option dest 'lan' + option dest_ip '{{ lookup('dig', 'derdriu.home.arpa') }}' + option dest_port '161' + option target 'ACCEPT' + option family 'ipv4' + ### IoT Rules ## General Rules # ICMP diff --git a/roles/ftp/files/deleteoldfiles.sh b/roles/ftp/files/deleteoldfiles.sh index 0f7863e..9464e9d 100644 --- a/roles/ftp/files/deleteoldfiles.sh +++ b/roles/ftp/files/deleteoldfiles.sh @@ -22,15 +22,13 @@ MAX_USAGE="$2" # Failsafe mechansim. Delete a maxium of MAX_CYCLES files, raise an error after # that. Prevents possible runaway script. Disable by choosing a high value. # -MAX_CYCLES=10 +MAX_CYCLES=100 show_header () { - echo echo DELETE OLD FILES $VERSION echo - } show_header @@ -89,31 +87,7 @@ check_capacity () { fi } -check_age () { - - FILE="$1" - if [ "$ARCH" == "Linux" ] - then - FILE_DATE=`stat -c %Z "$FILE"` - elif [ "$ARCH" == "Darwin" ] - then - FILE_DATE=`stat -f %Sm -t %s "$FILE"` - else - echo "Error: unsupported architecture." - echo "Send a patch for the correct stat arguments for your architecture." - fi - - NOW=`date +%s` - AGE=$((NOW-FILE_DATE)) - if [ "$AGE" -gt "$OLDEST_DATE" ] - then - export OLDEST_DATE="$AGE" - export OLDEST_FILE="$FILE" - fi -} - process_file () { - FILE="$1" # @@ -131,26 +105,11 @@ do echo "Error: after $MAX_CYCLES deleted files still not enough free space." exit 1 fi - - reset - FILES=`find "$MOUNT" -type f` - - IFS=$'\n' - for x in $FILES - do - check_age "$x" - done + FILE=`find "$MOUNT" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d ' ' -f 2` + + process_file "$FILE" - if [ -e "$OLDEST_FILE" ] - then - # - # Do something with file. - # - process_file "$OLDEST_FILE" - else - echo "Error: somehow, item $OLDEST_FILE disappeared." - fi ((CYCLES++)) done # Delete empty directories while we’re at it diff --git a/roles/mailman/files/mailman.cfg b/roles/mailman/files/mailman.cfg new file mode 100644 index 0000000..d6024fe --- /dev/null +++ b/roles/mailman/files/mailman.cfg @@ -0,0 +1,69 @@ +[mailman] +site_owner: root@mateu.be +noreply_address: noreply +default_language: fr +sender_headers: from from_ reply-to sender +email_commands_max_lines: 10 +pending_request_life: 3d +cache_life: 7d +pre_hook: +post_hook: +layout: debian +filtered_messages_are_preservable: no +html_to_plain_text_command: /usr/bin/lynx -dump $filename +listname_chars: [-_.0-9a-z] + +[shell] +prompt: >>> +banner: Welcome to the GNU Mailman shell +use_ipython: no +history_file: + +[paths.debian] +var_dir: /var/lib/mailman3 +queue_dir: $var_dir/queue +bin_dir: /usr/lib/mailman3/bin +list_data_dir: $var_dir/lists +log_dir: /var/log/mailman3 +lock_dir: $var_dir/locks +data_dir: $var_dir/data +cache_dir: $var_dir/cache +etc_dir: /etc/mailman3 +ext_dir: $var_dir/ext +messages_dir: $var_dir/messages +archive_dir: $var_dir/archives +template_dir: $var_dir/templates +pid_file: /run/mailman3/master.pid +lock_file: $lock_dir/master.lck + +[database] +class: mailman.database.sqlite.SQLiteDatabase +url: sqlite:///$DATA_DIR/mailman.db +debug: no + +[logging.debian] +format: %(asctime)s (%(process)d) %(message)s +datefmt: %b %d %H:%M:%S %Y +propagate: no +level: info +path: mailman.log + +[webservice] +hostname: localhost +port: 8001 +use_https: no +show_tracebacks: yes +api_version: 3.1 +admin_user: restadmin +admin_pass: 2BeMu4kyHzMA8K95IvoevuU1G1dO9ovZn2TLvu5045PGiVUe + +[mta] +incoming: mailman.mta.postfix.LMTP +outgoing: mailman.mta.deliver.deliver +smtp_host: localhost +smtp_port: 25 +smtp_user: +smtp_pass: +lmtp_host: 127.0.0.1 +lmtp_port: 8024 +configuration: python:mailman.config.postfix diff --git a/roles/mailman/files/mm_cfg.py b/roles/mailman/files/mm_cfg.py deleted file mode 100644 index 10f40cc..0000000 --- a/roles/mailman/files/mm_cfg.py +++ /dev/null @@ -1,109 +0,0 @@ -# -*- python -*- - -# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc. -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -# 02110-1301 USA - - -"""This is the module which takes your site-specific settings. - -From a raw distribution it should be copied to mm_cfg.py. If you -already have an mm_cfg.py, be careful to add in only the new settings -you want. The complete set of distributed defaults, with annotation, -are in ./Defaults. In mm_cfg, override only those you want to -change, after the - - from Defaults import * - -line (see below). - -Note that these are just default settings - many can be overridden via the -admin and user interfaces on a per-list or per-user basis. - -Note also that some of the settings are resolved against the active list -setting by using the value as a format string against the -list-instance-object's dictionary - see the distributed value of -DEFAULT_MSG_FOOTER for an example.""" - - -####################################################### -# Here's where we get the distributed defaults. # - -from Defaults import * - -############################################################## -# Put YOUR site-specific configuration below, in mm_cfg.py . # -# See Defaults.py for explanations of the values. # - -#------------------------------------------------------------- -# The name of the list Mailman uses to send password reminders -# and similar. Don't change if you want mailman-owner to be -# a valid local part. -MAILMAN_SITE_LIST = 'listes' - -#------------------------------------------------------------- -# If you change these, you have to configure your http server -# accordingly (Alias and ScriptAlias directives in most httpds) -DEFAULT_URL_PATTERN = 'https://%s/cgi-bin/mailman/' -IMAGE_LOGOS = '/images/mailman/' - -#------------------------------------------------------------- -# Default domain for email addresses of newly created MLs -DEFAULT_EMAIL_HOST = 'pipoworld.fr' -#------------------------------------------------------------- -# Default host for web interface of newly created MLs -DEFAULT_URL_HOST = 'mm.pipoworld.fr' -#------------------------------------------------------------- -# Required when setting any of its arguments. -add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST) -add_virtualhost('mm.nintendojo.fr', 'nintendojo.fr') - -#------------------------------------------------------------- -# The default language for this server. -DEFAULT_SERVER_LANGUAGE = 'en' - -#------------------------------------------------------------- -# Iirc this was used in pre 2.1, leave it for now -USE_ENVELOPE_SENDER = 0 # Still used? - -#------------------------------------------------------------- -# Unset send_reminders on newly created lists -DEFAULT_SEND_REMINDERS = 0 - -#------------------------------------------------------------- -# Uncomment this if you configured your MTA such that it -# automatically recognizes newly created lists. -# (see /usr/share/doc/mailman/README.Exim4.Debian or -# /usr/share/mailman/postfix-to-mailman.py) -# MTA=None # Misnomer, suppresses alias output on newlist - -#------------------------------------------------------------- -# Uncomment if you use Postfix virtual domains (but not -# postfix-to-mailman.py), but be sure to see -# /usr/share/doc/mailman/README.Debian first. -# MTA='Postfix' - -#------------------------------------------------------------- -# Uncomment if you want to filter mail with SpamAssassin. For -# more information please visit this website: -# http://www.jamesh.id.au/articles/mailman-spamassassin/ -#GLOBAL_PIPELINE.insert(1, 'SpamAssassin') -#SPAMD_HOST = 'localhost' - -# Note - if you're looking for something that is imported from mm_cfg, but you -# didn't find it above, it's probably in /usr/lib/mailman/Mailman/Defaults.py. - -REMOVE_DKIM_HEADERS = Yes diff --git a/roles/mailman/handlers/main.yml b/roles/mailman/handlers/main.yml index 698b4aa..172da2e 100644 --- a/roles/mailman/handlers/main.yml +++ b/roles/mailman/handlers/main.yml @@ -1,4 +1,4 @@ -- name: restart mailman +- name: restart mailman3 service: - name: mailman + name: mailman3 state: restarted diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml index f68450f..93914f7 100644 --- a/roles/mailman/tasks/main.yml +++ b/roles/mailman/tasks/main.yml @@ -1,11 +1,19 @@ -- name: install mailman +- name: install mailman3 and dependencies package: - name: mailman + name: "{{ item }}" state: present + loop: + - mailman3-full + - sqlite3 -- name: main configuration files +- name: put mailman3 config file copy: - src: ./files/mm_cfg.py - dest: /etc/mailman/mm_cfg.py - notify: - - restart mailman + src: ./files/mailman.cfg + dest: /etc/mailman3/mailman.cfg + notify: restart mailman3 + +- name: start mailman3 service + service: + name: mailman3 + state: started + enabled: true diff --git a/roles/nginx/templates/vhosts/mm.pipoworld.fr.conf.j2 b/roles/nginx/templates/vhosts/mm.pipoworld.fr.conf.j2 index e29b11d..c3cfe54 100644 --- a/roles/nginx/templates/vhosts/mm.pipoworld.fr.conf.j2 +++ b/roles/nginx/templates/vhosts/mm.pipoworld.fr.conf.j2 @@ -9,21 +9,17 @@ server { error_log /var/log/nginx/mm.pipoworld.fr.error.log; error_log syslog:server=unix:/dev/log; - location = / { - rewrite ^ /cgi-bin/mailman/listinfo permanent; + location / { + uwsgi_pass unix:/run/mailman3-web/uwsgi.sock; + include /etc/nginx/uwsgi_params; } - location /cgi-bin/mailman { - root /usr/lib/; - fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$; - fastcgi_pass unix:/var/run/fcgiwrap.socket; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - gzip off; + location /mailman3/static { + alias /var/lib/mailman3/web/static; } - location /images/mailman { - alias /usr/share/images/mailman; + location /mailman3/static/favicon.ico { + alias /var/lib/mailman3/web/static/postorius/img/favicon.ico; } } diff --git a/roles/postfix/files/generate_email.sh b/roles/postfix/files/generate_email.sh old mode 100755 new mode 100644 diff --git a/roles/postfix/files/main.cf b/roles/postfix/files/main.cf index 5eb77c8..fb852e6 100644 --- a/roles/postfix/files/main.cf +++ b/roles/postfix/files/main.cf @@ -1,4 +1,5 @@ ## Configuration de postfix +## 27/01/2022 mortal Ajout de nouveaux paramètres pour mailman3 ## 05/08/2018 mortal Suppression de mailbox_command au profit de mailbox_transport : c'est toujours dovecot qui fait la livraison mais à travers une socket plutôt qu'un programme lancé par postfix ## 30/07/2015 mortal Suppression de la politique de réception pour wordpress@nintendojofr.com ## 18/04/2013 mortal Changement de la bannière @@ -20,9 +21,9 @@ mail_name = I iz a mail server inet_protocols = all inet_interfaces = all mynetworks = 163.172.112.17, 127.0.0.1, [::1]/128, 10.233.212.64/27, [2001:bc8:26c1:101::]/64, 10.233.212.0/26, [2001:bc8:26c1:105::]/64, 172.17.0.0/16 -#relayhost = 178.32.223.202 relayhost = 37.187.5.75 -transport_maps = hash:/etc/postfix/transport +transport_maps = hash:/etc/postfix/transport hash:/var/lib/mailman3/data/postfix_lmtp +local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/var/lib/mailman3/data/postfix_lmtp myhostname = mail.dmz.mateu.be myorigin = mateu.be mydestination = $myhostname,localhost.$mydomain,localhost,mateu.be,libertus.eu,p.libertus.eu,pipoworld.fr,nintendojo.fr diff --git a/roles/spamassassin/files/local.cf b/roles/spamassassin/files/local.cf index f0b8ca8..1c467bf 100644 --- a/roles/spamassassin/files/local.cf +++ b/roles/spamassassin/files/local.cf @@ -107,6 +107,8 @@ whitelist_from *@chichiclothing.com whitelist_from dmarcreport@microsoft.com # Blacklist manuel +blacklist_from *@*.ostroda.pl +blacklist_from *@ostroda.pl blacklist_from *@*.capetown blacklist_from *@faradenza.li blacklist_from *@*.com.de diff --git a/roles/webapps/tasks/tootctl.yml b/roles/webapps/tasks/tootctl.yml index 7ae2d1c..073c8bd 100644 --- a/roles/webapps/tasks/tootctl.yml +++ b/roles/webapps/tasks/tootctl.yml @@ -4,4 +4,4 @@ minute: "0" hour: "19" weekday: "5" - job: "docker-compose -f /srv/docker/m.nintendojo.fr/docker-compose.yml run --rm web bin/tootctl media remove" + job: "COMPOSE_HTTP_TIMEOUT=360 docker-compose -f /srv/docker/m.nintendojo.fr/docker-compose.yml run --rm web bin/tootctl media remove"