Mailman (3)
Parameters and defaults
All configuration is to be placed inside the mailman dict.
# mail address for the site owner
site_owner: changeme@example.com
# domain used for lists
default_domain: example.com
# all settings regarding the mailman api
api:
# settings for listen addresses
hostname: localhost
port: 8001
# api version to use, only "3.1" was tested
version: "3.1"
# api account setting
admin:
# should not be changed
name: restadmin
pw: "{{ lookup('password', '/dev/null length=32') }}"
# webinterface settings
web:
# django secret key
secretkey: "{{ lookup('password', '/dev/null length=128') }}"
# activate remote auth in django
remote_user: False
# enable signup
signup: True
# allow users to change their password
change_pw: True
# dict with ldap settings or "False" to disable
ldap: False
# Ldap server url. Can be ldap:// or ldaps://
# url: "ldaps://example.com"
# enable account and list membership sync. Membership sync musst be explicitly configured per list
# sync: true
# use a bind user to connect to the ldap. If it is not specified, sync will not work.
# bind_dn: "cn=mailman,ou=system,dc=example,dc=com"
# bind_password: "{{ lookup('passwordstore', '/dev/null length=64 nosymbols=true') }}"
# LDAP Search to find all groups. See https://django-auth-ldap.readthedocs.io/en/latest/
# group_search: 'LDAPSearch("ou=groups,dc=example,dc=com", ldap.SCOPE_ONELEVEL, "(objectClass=groupOfUniqueNames)")'
# group_type: 'GroupOfUniqueNamesType()'
# a search that musst return **all** users and select the attribute containing the user name. Only used for ldap sync
# user_search_all_name: 'LDAPSearch("ou=users,dc=example,dc=com", ldap.SCOPE_ONELEVEL, "(&(objectClass=posixAccount)(memberOf=cn=service_mailman_access,ou=groups,dc=example,dc=com))", ["uid"])'
# see https://django-auth-ldap.readthedocs.io/en/latest/
# user_filter: 'uid=%(user)s,ou=users,dc=example,dc=com'
# optionaly set a ca cert or other connection settings
# options: "{ ldap.OPT_X_TLS_CACERTFILE: '/etc/ssl/myfancy.ca', ldap.OPT_X_TLS_REQUIRE_CERT: True, ldap.OPT_X_TLS_NEWCTX: 0 }"
# map django roles
# mappings:
# "is_active": "cn=service_mailman_access,ou=groups,dc=example,dc=com"
# "is_staff": "cn=service_mailman_admin,ou=groups,dc=example,dc=com"
# "is_superuser": "cn=service_mailman_admin,ou=groups,dc=example,dc=com"
# group_require: "cn=service_mailman_access,ou=groups,dc=example,dc=com"
# logged in session timeout in seconds
session_timeout: 3600
# hypperkitty settings
archiver:
# api key
key: "{{ lookup('password', '/dev/null length=128') }}"
# default settings used for all lists
list_defaults:
# Mailman settings to set for this list. See https://docs.mailman3.org/projects/mailmanclient/en/latest/_modules/mailmanclient/restobjects/settings.html#Settings
settings: {}
# ldap sync settings
ldap:
member:
# enable syncing for this role type
enabled: False
# basedn to search
dn: "ou=users,dc=example,dc=com"
# ldap filter to use
filter: "(&(objectClass=posixAccount)(memberOf=cn=my_fancy_list,ou=groups,dc=example,dc=com))"
# attribute to read the user name from
username_attr: "uid"
moderator: # see **member** description
owner: # see **member** description
# Mailing lists to setup. The key is the list name, the value the per list settings
lists: {}
# 'list@example.com': {
# See https://docs.mailman3.org/projects/mailmanclient/en/latest/_modules/mailmanclient/restobjects/settings.html#Settings
# settings: {
# 'description': 'foobar',
# }
# See description in **list_defaults**
# ldap: {..}
# }