Plein de trucs

roles/firewall/templates/firewall.j2

@@ -429,7 +429,7 @@ config rule
 	option family 'ipv4'
 
 config rule
-	option name 'Allow-FORWARD-Munin-Mikrotik'
+	option name 'Allow-FORWARD-Munin-Mikrotik-Garregmach'
 	option src 'dmz'
 	option src_ip '{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
 	list proto 'tcp'
@@ -440,6 +440,18 @@ config rule
 	option target 'ACCEPT'
 	option family 'ipv4'
 
+config rule
+	option name 'Allow-FORWARD-Munin-Mikrotik-Derdriu'
+	option src 'dmz'
+	option src_ip '{{ hostvars['munin.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	list proto 'tcp'
+	list proto 'udp'
+	option dest 'lan'
+	option dest_ip '{{ lookup('dig', 'derdriu.home.arpa') }}'
+	option dest_port '161'
+	option target 'ACCEPT'
+	option family 'ipv4'
+
 ### IoT Rules
 ## General Rules
 # ICMP

roles/ftp/files/deleteoldfiles.sh

@@ -22,15 +22,13 @@ MAX_USAGE="$2"
 # Failsafe mechansim. Delete a maxium of MAX_CYCLES files, raise an error after
 # that. Prevents possible runaway script. Disable by choosing a high value.
 #
-MAX_CYCLES=10
+MAX_CYCLES=100
 
 
 show_header () {
-
     echo
     echo DELETE OLD FILES $VERSION
     echo
-
 }
 
 show_header
@@ -89,31 +87,7 @@ check_capacity () {
     fi
 }
 
-check_age () {
-
-    FILE="$1"
-    if [ "$ARCH" == "Linux" ]
-    then
-        FILE_DATE=`stat -c %Z "$FILE"`
-    elif [ "$ARCH" == "Darwin" ]
-    then
-        FILE_DATE=`stat -f %Sm -t %s "$FILE"`
-    else
-        echo "Error: unsupported architecture."
-        echo "Send a patch for the correct stat arguments for your architecture."
-    fi
-        
-    NOW=`date +%s`
-    AGE=$((NOW-FILE_DATE))
-    if [ "$AGE" -gt "$OLDEST_DATE" ]
-    then
-        export OLDEST_DATE="$AGE"
-        export OLDEST_FILE="$FILE"
-    fi
-}
-
 process_file () {
-    
     FILE="$1"
 
     #
@@ -132,25 +106,10 @@ do
         exit 1
     fi
 
-    reset
+    FILE=`find "$MOUNT" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d ' ' -f 2`
 
-    FILES=`find "$MOUNT" -type f`
+    process_file "$FILE"
 
-    IFS=$'\n'
-    for x in $FILES
-    do
-        check_age "$x"
-    done
-
-    if [ -e "$OLDEST_FILE" ]
-    then
-        #
-        # Do something with file.
-        #
-        process_file "$OLDEST_FILE"
-    else
-        echo "Error: somehow, item $OLDEST_FILE disappeared."
-    fi
     ((CYCLES++))
 done
 # Delete empty directories while we’re at it

roles/mailman/files/mailman.cfg

@@ -0,0 +1,69 @@
+[mailman]
+site_owner: root@mateu.be
+noreply_address: noreply
+default_language: fr
+sender_headers: from from_ reply-to sender
+email_commands_max_lines: 10
+pending_request_life: 3d
+cache_life: 7d
+pre_hook:
+post_hook:
+layout: debian
+filtered_messages_are_preservable: no
+html_to_plain_text_command: /usr/bin/lynx -dump $filename
+listname_chars: [-_.0-9a-z]
+
+[shell]
+prompt: >>>
+banner: Welcome to the GNU Mailman shell
+use_ipython: no
+history_file:
+
+[paths.debian]
+var_dir: /var/lib/mailman3
+queue_dir: $var_dir/queue
+bin_dir: /usr/lib/mailman3/bin
+list_data_dir: $var_dir/lists
+log_dir: /var/log/mailman3
+lock_dir: $var_dir/locks
+data_dir: $var_dir/data
+cache_dir: $var_dir/cache
+etc_dir: /etc/mailman3
+ext_dir: $var_dir/ext
+messages_dir: $var_dir/messages
+archive_dir: $var_dir/archives
+template_dir: $var_dir/templates
+pid_file: /run/mailman3/master.pid
+lock_file: $lock_dir/master.lck
+
+[database]
+class: mailman.database.sqlite.SQLiteDatabase
+url: sqlite:///$DATA_DIR/mailman.db
+debug: no
+
+[logging.debian]
+format: %(asctime)s (%(process)d) %(message)s
+datefmt: %b %d %H:%M:%S %Y
+propagate: no
+level: info
+path: mailman.log
+
+[webservice]
+hostname: localhost
+port: 8001
+use_https: no
+show_tracebacks: yes
+api_version: 3.1
+admin_user: restadmin
+admin_pass: 2BeMu4kyHzMA8K95IvoevuU1G1dO9ovZn2TLvu5045PGiVUe
+
+[mta]
+incoming: mailman.mta.postfix.LMTP
+outgoing: mailman.mta.deliver.deliver
+smtp_host: localhost
+smtp_port: 25
+smtp_user:
+smtp_pass:
+lmtp_host: 127.0.0.1
+lmtp_port: 8024
+configuration: python:mailman.config.postfix

roles/mailman/files/mm_cfg.py

@@ -1,109 +0,0 @@
-# -*- python -*-
-
-# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-# 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software 
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-# 02110-1301 USA
-
-
-"""This is the module which takes your site-specific settings.
-
-From a raw distribution it should be copied to mm_cfg.py.  If you
-already have an mm_cfg.py, be careful to add in only the new settings
-you want.  The complete set of distributed defaults, with annotation,
-are in ./Defaults.  In mm_cfg, override only those you want to
-change, after the
-
-  from Defaults import *
-
-line (see below).
-
-Note that these are just default settings - many can be overridden via the
-admin and user interfaces on a per-list or per-user basis.
-
-Note also that some of the settings are resolved against the active list
-setting by using the value as a format string against the
-list-instance-object's dictionary - see the distributed value of
-DEFAULT_MSG_FOOTER for an example."""
-
-
-#######################################################
-#    Here's where we get the distributed defaults.    #
-
-from Defaults import *
-
-##############################################################
-# Put YOUR site-specific configuration below, in mm_cfg.py . #
-# See Defaults.py for explanations of the values.            #
-
-#-------------------------------------------------------------
-# The name of the list Mailman uses to send password reminders
-# and similar. Don't change if you want mailman-owner to be
-# a valid local part.
-MAILMAN_SITE_LIST = 'listes'
-
-#-------------------------------------------------------------
-# If you change these, you have to configure your http server
-# accordingly (Alias and ScriptAlias directives in most httpds)
-DEFAULT_URL_PATTERN = 'https://%s/cgi-bin/mailman/'
-IMAGE_LOGOS         = '/images/mailman/'
-
-#-------------------------------------------------------------
-# Default domain for email addresses of newly created MLs
-DEFAULT_EMAIL_HOST = 'pipoworld.fr'
-#-------------------------------------------------------------
-# Default host for web interface of newly created MLs
-DEFAULT_URL_HOST   = 'mm.pipoworld.fr'
-#-------------------------------------------------------------
-# Required when setting any of its arguments.
-add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
-add_virtualhost('mm.nintendojo.fr', 'nintendojo.fr')
-
-#-------------------------------------------------------------
-# The default language for this server.
-DEFAULT_SERVER_LANGUAGE = 'en'
-
-#-------------------------------------------------------------
-# Iirc this was used in pre 2.1, leave it for now
-USE_ENVELOPE_SENDER    = 0              # Still used?
-
-#-------------------------------------------------------------
-# Unset send_reminders on newly created lists
-DEFAULT_SEND_REMINDERS = 0
-
-#-------------------------------------------------------------
-# Uncomment this if you configured your MTA such that it
-# automatically recognizes newly created lists.
-# (see /usr/share/doc/mailman/README.Exim4.Debian or
-# /usr/share/mailman/postfix-to-mailman.py)
-# MTA=None   # Misnomer, suppresses alias output on newlist
-
-#-------------------------------------------------------------
-# Uncomment if you use Postfix virtual domains (but not
-# postfix-to-mailman.py), but be sure to see
-# /usr/share/doc/mailman/README.Debian first.
-# MTA='Postfix'
-
-#-------------------------------------------------------------
-# Uncomment if you want to filter mail with SpamAssassin. For
-# more information please visit this website:
-# http://www.jamesh.id.au/articles/mailman-spamassassin/
-#GLOBAL_PIPELINE.insert(1, 'SpamAssassin')
-#SPAMD_HOST    = 'localhost'
-
-# Note - if you're looking for something that is imported from mm_cfg, but you
-# didn't find it above, it's probably in /usr/lib/mailman/Mailman/Defaults.py.
-
-REMOVE_DKIM_HEADERS = Yes

roles/mailman/handlers/main.yml

@@ -1,4 +1,4 @@
-- name: restart mailman
+- name: restart mailman3
   service:
-      name: mailman
+      name: mailman3
       state: restarted

roles/mailman/tasks/main.yml

@@ -1,11 +1,19 @@
-- name: install mailman
+- name: install mailman3 and dependencies
   package:
-      name: mailman
+      name: "{{ item }}"
       state: present
+  loop:
+    - mailman3-full
+    - sqlite3
 
-- name: main configuration files
+- name: put mailman3 config file
   copy:
-      src: ./files/mm_cfg.py
+    src: ./files/mailman.cfg
-      dest: /etc/mailman/mm_cfg.py
+    dest: /etc/mailman3/mailman.cfg
-  notify:
+  notify: restart mailman3
-      - restart mailman
+
+- name: start mailman3 service
+  service:
+    name: mailman3
+    state: started
+    enabled: true

roles/nginx/templates/vhosts/mm.pipoworld.fr.conf.j2

@@ -9,21 +9,17 @@ server {
 	error_log /var/log/nginx/mm.pipoworld.fr.error.log;
 	error_log syslog:server=unix:/dev/log;
 
-	location = / {
+	location / {
-		rewrite ^ /cgi-bin/mailman/listinfo permanent;
+		uwsgi_pass unix:/run/mailman3-web/uwsgi.sock;
+		include /etc/nginx/uwsgi_params;
 	}
 
-	location /cgi-bin/mailman {
+	location /mailman3/static {
-		root /usr/lib/;
+	alias /var/lib/mailman3/web/static;
-		fastcgi_split_path_info (^/cgi-bin/mailman/[^/]*)(.*)$;
-		fastcgi_pass unix:/var/run/fcgiwrap.socket;
-		fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-		include fastcgi_params;
-		gzip off;
 	}
 
-	location /images/mailman {
+	location /mailman3/static/favicon.ico {
-		alias /usr/share/images/mailman;
+		alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
 	}
 }
 

roles/postfix/files/main.cf

@@ -1,4 +1,5 @@
 ## Configuration de postfix
+## 27/01/2022	mortal	Ajout de nouveaux paramètres pour mailman3
 ## 05/08/2018	mortal	Suppression de mailbox_command au profit de mailbox_transport : c'est toujours dovecot qui fait la livraison mais à travers une socket plutôt qu'un programme lancé par postfix
 ## 30/07/2015	mortal	Suppression de la politique de réception pour wordpress@nintendojofr.com
 ## 18/04/2013	mortal	Changement de la bannière
@@ -20,9 +21,9 @@ mail_name = I iz a mail server
 inet_protocols = all
 inet_interfaces = all
 mynetworks = 163.172.112.17, 127.0.0.1, [::1]/128, 10.233.212.64/27, [2001:bc8:26c1:101::]/64, 10.233.212.0/26, [2001:bc8:26c1:105::]/64, 172.17.0.0/16
-#relayhost = 178.32.223.202
 relayhost = 37.187.5.75
-transport_maps = hash:/etc/postfix/transport
+transport_maps = hash:/etc/postfix/transport hash:/var/lib/mailman3/data/postfix_lmtp
+local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/var/lib/mailman3/data/postfix_lmtp
 myhostname = mail.dmz.mateu.be
 myorigin = mateu.be
 mydestination = $myhostname,localhost.$mydomain,localhost,mateu.be,libertus.eu,p.libertus.eu,pipoworld.fr,nintendojo.fr

roles/spamassassin/files/local.cf

@@ -107,6 +107,8 @@ whitelist_from *@chichiclothing.com
 whitelist_from dmarcreport@microsoft.com
 
 # Blacklist manuel
+blacklist_from *@*.ostroda.pl
+blacklist_from *@ostroda.pl
 blacklist_from *@*.capetown
 blacklist_from *@faradenza.li
 blacklist_from *@*.com.de

roles/webapps/tasks/tootctl.yml

@@ -4,4 +4,4 @@
       minute: "0"
       hour: "19"
       weekday: "5"
-      job: "docker-compose -f /srv/docker/m.nintendojo.fr/docker-compose.yml run --rm web bin/tootctl media remove"
+      job: "COMPOSE_HTTP_TIMEOUT=360 docker-compose -f /srv/docker/m.nintendojo.fr/docker-compose.yml run --rm web bin/tootctl media remove"