Add multischleuder

README.md

@@ -10,6 +10,7 @@
 - `s3lph.mailserver.dovecot`: [Dovecot][dovecot] IMAP server
 - `s3lph.mailserver.schleuder`: [Schleuder][schleuder] PGP-encrypted mailing list server
 - `s3lph.mailserver.easywks`: [EasyWKS][easywks] server
+- `s3lph.mailserver.multischleuder`: [Multischleuder][multischleuder] Schleuder management
 
 ## Status of This Collection
 
@@ -271,6 +272,26 @@ easywks_config: |
 
 Run `ansible-playbook -t role::postfix:config,role::easywks` to deploy
 
+
+### Multischleuder
+
+```yaml
+# When the multischleuder package is available in your system's package
+# sources, set this to no.  Otherwise the package is downloaded from
+# the project upstream releases at Gitlab.
+#multischleuder_download: no
+
+# Simple /etc/multischleuder/multischleuder.yml encoded as a multiline string
+mutlischleuder_config: |
+  api:
+  url: "https://localhost:4443"
+  token: "thetoken"
+  cafile: /etc/multischleuder/schleuder-ca.pem
+# See https://gitlab.com/s3lph/multischleuder for the full config...
+```
+
+Run `ansible-playbook -t role::multischleuder` to deploy
+
 [postfix]: http://www.postfix.org/
 [postsrsd]: https://github.com/roehling/postsrsd
 [postfixadmin]: https://github.com/postfixadmin/postfixadmin
@@ -279,3 +300,4 @@ Run `ansible-playbook -t role::postfix:config,role::easywks` to deploy
 [dovecot]: https://dovecot.org/
 [schleuder]: https://schleuder.org/
 [easywks]: https://gitlab.com/s3lph/easywks
+[multischleuder]: https://gitlab.com/s3lph/multischleuder

galaxy.yml

@@ -8,7 +8,7 @@ namespace: s3lph
 name: mailserver
 
 # The version of the collection. Must be compatible with semantic versioning
-version: '0.2.4'
+version: '0.2.5'
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
@@ -16,7 +16,7 @@ readme: README.md
 # A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
 # @nicks:irc/im.site#channel'
 authors:
-- s3lph <account-gitlab-ideynizv@kernelpanic.lol>
+- s3lph <1375407-s3lph@users.noreply.gitlab.com>
 
 
 ### OPTIONAL but strongly recommended
@@ -37,6 +37,7 @@ tags:
   - dovecot
   - postfixadmin
   - postsrsd
+  - schleuder
 
 # Collections that this collection requires to be installed for it to be usable. The key of the dict is the
 # collection label 'namespace.name'. The value is a version range

roles/multischleuder/defaults/main.yml

@@ -0,0 +1,124 @@
+---
+
+multischleuder_download: yes
+multischleuder_service_enabled: yes
+
+multischleuder_config: |
+  
+  # Configure this to talk to your schleuder-api-daemon.
+  api:
+    url: "https://localhost:4443"
+    token: "130a8c095d14fa51e73727e9d8ef5db3a3bf0cae7d995c1f"
+    cafile: /etc/multischleuder/schleuder-ca.pem
+  
+  lists: []
+  
+  #    # The Schleuder list to manage.  Must exist
+  #  - target: global@schleuder.example.org
+  #    unmanaged:
+  #      # Adresses to ignore everywhere.  Usually you want to
+  #      # put the admins of your target Schleuder here, in order
+  #      # to prevent them from becoming unsubscribed.
+  #      - admin@example.org
+  #    banned:
+  #      # If for some reason, you need to ban a subscriber from the
+  #      # target list only, put them here
+  #      - banned@example.org
+  #    sources:
+  #      # The Schleuder lists to take subscribers and keys from.
+  #      # They must already exist.
+  #      - east@schleuder.example.org
+  #      - west@schleuder.example.org
+  #      - north@schleuder.example.org
+  #      - south@schleuder.example.org
+  #    # When sending mails, use this as the sender address.  If absent,
+  #    # the -owner address is used.
+  #    from: global-owner@schleuder.example.org
+  #    # Whether to notify subscribers of key or email address conflicts.
+  #    send_conflict_messages: yes
+  #    # Whether to notify the target Schleuder's admins about changes.
+  #    send_admin_reports: yes
+  
+  # Hook this up to your MTA,
+  smtp:
+    hostname: localhost  # default: localhost
+    port: 10025  # default: 25
+    tls: PLAIN  # PLAIN|STARTTLS|SMTPS; default: PLAIN
+    username: admin     # optional
+    password: password  # optional
+  
+  conflict:
+    # How often to notify users about conflicts
+    interval: 604800  # 1 week
+    # The file where Schleuder memorizes when it has last sent messages for
+    # which conflicts
+    statefile: /var/lib/multischleuder/conflict.json
+    # The template used when sending mails to a subscriber involved in a key conflict
+    # (multiple keys used by the same subscriber).  You can use the following fields:
+    #   {subscriber}:  Email address of the affected subscriber
+    #   {schleuder}:   Name (email) of the target Schleuder
+    #   {chosen}:      The key that was chosen to subscribe to the target Schleuder
+    #   {affected}:    A list of "fingerprint: source schleuder" candidates involved
+    #                  in the conflict.
+    key_template: |
+      Hi {subscriber},
+  
+      While compiling the subscriber list of {schleuder}, your
+      address {subscriber} was subscribed on multiple sub-lists with
+      different PGP keys.  There may be something fishy or malicious going on,
+      or this may simply have been a mistake by you or a list admin.
+  
+      You have only been subscribed to {schleuder} using the key you
+      have been subscribed with for the *longest* time:
+  
+      {chosen}
+  
+      Please review the following keys and talk to the admins of the
+      corresponding sub-lists to resolve this issue:
+  
+      Fingerprint                               Sub-List
+      -----------                               --------
+      {affected}
+  
+      For your convenience, this message has been encrypted with *all* of the
+      above keys.  If you have any questions, or do not understand this
+      message, please refer to your local Schleuder admin, or reply to this
+      message.
+  
+      Regards
+      MultiSchleuder {schleuder}
+    # The template used when sending mails to subscribers involved in a user conflict
+    # (multiple subscribers using the same key).  You can use the following fields:
+    #   {subscriber}:  Email address of the subscriber addressed in this email
+    #   {fingerprint}: Fingerprint of the key used multiple times
+    #   {schleuder}:   Name (email) of the target Schleuder
+    #   {chosen}:      The email that was chosen to subscribe to the target Schleuder
+    #   {affected}:    A list of "email address: source schleuder" candidates involved
+    #                  in the conflict.
+    user_template: |
+      Hi {subscriber},
+  
+      While compiling the subscriber list of {schleuder}, your
+      key {fingerprint} was used by subscribers on multiple sub-lists with
+      different email adresses.  There may be something fishy or malicious
+      going on, or this may simply have been a mistake by you or a list admin.
+  
+      You have only been subscribed to {schleuder} using the address you
+      have been subscribed with for the *longest* time:
+  
+      {chosen}
+  
+      Please review the following adresses and talk to the admins of the
+      corresponding sub-lists to resolve this issue:
+  
+      Adress                     Sub-List
+      ------                     --------
+      {affected}
+  
+      For your convenience, this message has been sent to *all* of the above
+      adresses.  If you have any questions, or do not understand this
+      message, please refer to your local Schleuder admin, or reply to this
+      message.
+  
+      Regards
+      MultiSchleuder {schleuder}

roles/multischleuder/tasks/config.yml

@@ -0,0 +1,15 @@
+---
+
+- name: render easywks config file
+  ansible.builtin.template:
+    src: etc/multischleuder/multischleuder.yml.j2
+    dest: /etc/multischleuder/multischleuder.yml
+    owner: root
+    group: root
+    mode: 0644
+
+- name: start and enable multischleuder.timer
+  ansible.builtin.service:
+    name: multischleuder.timer
+    state: started
+    enabled: "{{ multischleuder_service_enabled }}"

roles/multischleuder/tasks/install.yml

@@ -0,0 +1,22 @@
+---
+
+- name: install multischleuder from system package sources
+  ansible.builtin.apt:
+    name: multischleuder
+  when: "not multischleuder_download"
+
+- name: get multischleuder package url
+  ansible.builtin.uri:
+    # https://gitlab.com/s3lph/multischleuder
+    url: "https://gitlab.com/api/v4/projects/35309982/releases"
+    return_content: yes
+  register: "register_multischleuder_gitlab_releases"
+  changed_when: no
+  when: "multischleuder_download"
+
+- name: install multischleuder from upstream release
+  ansible.builtin.apt:
+    deb: "{{ url }}"
+  vars:
+    url: "{{ (register_multischleuder_gitlab_releases.json[0].assets.links | selectattr('name', 'equalto', 'Debian Package'))[0].direct_asset_url }}"
+  when: "multischleuder_download"

roles/multischleuder/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+
+- ansible.builtin.import_tasks: install.yml
+  tags:
+    - "role::multischleuder"
+    - "role::multischleuder:install"
+
+- ansible.builtin.import_tasks: config.yml
+  tags:
+    - "role::multischleuder"
+    - "role::multischleuder:config"

roles/multischleuder/templates/etc/multischleuder/multischleuder.yml.j2

@@ -0,0 +1,4 @@
+---
+{{ ansible_managed | comment }}
+
+{{ multischleuder_config }}