[ansible] Re-add sender/recipient restrictions from mx1
by Nicolas Chauvet
commit 477b4d8b683eeb258e7272910bf382894894e3f9
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Fri Dec 16 17:09:15 2016 +0100
Re-add sender/recipient restrictions from mx1
.../main.cf/main.cf.hv01.online.rpmfusion.net | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
---
diff --git a/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net b/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net
index 2ab9cfb..8389af1 100644
--- a/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net
+++ b/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net
@@ -706,6 +706,18 @@ virtual_alias_maps =
hash:/etc/aliases,
hash:/etc/postfix/virtual,
+# SMTP restrictions (block bogus stuff)
+smtpd_sender_restrictions =
+ permit_mynetworks,
+ reject_unknown_sender_domain,
+
+smtpd_recipient_restrictions =
+ permit_mynetworks,
+ reject_unauth_destination,
+# check_policy_service unix:postgrey/socket,
+
+body_checks = regexp:/etc/postfix/body_checks
+
message_size_limit = 20971520
## TLS
7 years, 9 months
[ansible] Update hv01 main.cf
by Nicolas Chauvet
commit af4ed624c2176de41f3c44720b3d24b195402b64
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sun Dec 11 09:48:09 2016 +0100
Update hv01 main.cf
.../main.cf/main.cf.hv01.online.rpmfusion.net | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
---
diff --git a/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net b/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net
index 4dc515e..2ab9cfb 100644
--- a/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net
+++ b/roles/base/files/postfix/main.cf/main.cf.hv01.online.rpmfusion.net
@@ -368,7 +368,7 @@ in_flow_delay = 1s
# address masquerading or other forms of address rewriting including
# username->Firstname.Lastname mapping.
-masquerade_domains = rpmfusion.org
+masquerade_domains = !lists.rpmfusion.org rpmfusion.org
masquerade_exceptions = root apache
# ADDRESS REDIRECTION (VIRTUAL DOMAIN)
@@ -698,7 +698,13 @@ readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
# Enable IPv4, and IPv6 if supported
inet_protocols = ipv4
+virtual_alias_domains =
+ rpmfusion.net,
+ rpmfusion.org,
+virtual_alias_maps =
+ hash:/etc/aliases,
+ hash:/etc/postfix/virtual,
message_size_limit = 20971520
7 years, 9 months
[ansible] Revert "Update api key"
by Nicolas Chauvet
commit c21f8ddea50c0265bdac207527afc7ef8c75c8be
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Dec 10 15:59:43 2016 +0100
Revert "Update api key"
This reverts commit 452cbc764df9045d4b17f3fae5d4b9803194b6b6.
roles/mailman/files/mailman-hyperkitty.cfg | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/mailman/files/mailman-hyperkitty.cfg b/roles/mailman/files/mailman-hyperkitty.cfg
index 9890b57..ad9d6b1 100644
--- a/roles/mailman/files/mailman-hyperkitty.cfg
+++ b/roles/mailman/files/mailman-hyperkitty.cfg
@@ -17,4 +17,4 @@ base_url: http://localhost/archives/
# Shared API key, must be the identical to the value in HyperKitty's
# settings.
-api_key: QsQSOMDWscWLg8fcnIUxtAGb
+api_key: SecretArchiverAPIKey
7 years, 9 months
[ansible] Disable broken mailman_login
by Nicolas Chauvet
commit d4d33579392030eab2e66fb067b30796b88982b2
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Sat Dec 10 15:49:44 2016 +0100
Disable broken mailman_login
inventory/group_vars/mailman | 36 ++++++++++++++++++------------------
1 files changed, 18 insertions(+), 18 deletions(-)
---
diff --git a/inventory/group_vars/mailman b/inventory/group_vars/mailman
index 9921acd..d130c95 100644
--- a/inventory/group_vars/mailman
+++ b/inventory/group_vars/mailman
@@ -35,24 +35,24 @@ mailman_db_server: db02.online.rpmfusion.net
mailman_domains:
- lists.rpmfusion.org
mailman_login:
- gitlab:
- display_name: GitLab
- provider: gitlab
- github:
- display_name: GitHub
- provider: github
- twitter:
- display_name: Twitter
- provider: twitter
- google:
- display_name: Google
- provider: google
- facebook:
- display_name: Facebook
- provider: facebook
- stackexchange:
- display_name: StackExchange
- provider: stackexchange
+# gitlab:
+# display_name: GitLab
+# provider: gitlab
+# github:
+# display_name: GitHub
+# provider: github
+# twitter:
+# display_name: Twitter
+# provider: twitter
+# google:
+# display_name: Google
+# provider: google
+# facebook:
+# display_name: Facebook
+# provider: facebook
+# stackexchange:
+# display_name: StackExchange
+# provider: stackexchange
# by default, the number of emails in queue before we whine
nrpe_check_postfix_queue_warn: 100
7 years, 9 months
[ansible] Update api key
by Nicolas Chauvet
commit 452cbc764df9045d4b17f3fae5d4b9803194b6b6
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Dec 8 11:53:53 2016 +0100
Update api key
roles/mailman/files/mailman-hyperkitty.cfg | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/mailman/files/mailman-hyperkitty.cfg b/roles/mailman/files/mailman-hyperkitty.cfg
index ad9d6b1..9890b57 100644
--- a/roles/mailman/files/mailman-hyperkitty.cfg
+++ b/roles/mailman/files/mailman-hyperkitty.cfg
@@ -17,4 +17,4 @@ base_url: http://localhost/archives/
# Shared API key, must be the identical to the value in HyperKitty's
# settings.
-api_key: SecretArchiverAPIKey
+api_key: QsQSOMDWscWLg8fcnIUxtAGb
7 years, 9 months
[ansible] Disable fedmsg for now
by Nicolas Chauvet
commit 29719c6a5e9a24b16afbc48bba4e0591ae24a7c2
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Thu Dec 8 11:53:38 2016 +0100
Disable fedmsg for now
roles/mailman/templates/mailman.cfg.j2 | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
---
diff --git a/roles/mailman/templates/mailman.cfg.j2 b/roles/mailman/templates/mailman.cfg.j2
index 8c1f3a1..37b2362 100644
--- a/roles/mailman/templates/mailman.cfg.j2
+++ b/roles/mailman/templates/mailman.cfg.j2
@@ -37,9 +37,9 @@ class: mailman_hyperkitty.Archiver
enable: yes
configuration: /etc/mailman3.d/hyperkitty.cfg
-[archiver.fedmsg]
-class: mailman3_fedmsg_plugin.Archiver
-enable: yes
+#[archiver.fedmsg]
+#class: mailman3_fedmsg_plugin.Archiver
+#enable: yes
[archiver.prototype]
enable: yes
7 years, 9 months
[ansible] Update hk config
by Nicolas Chauvet
commit c970e7de7cb5e56c73f189ea334b72212d7d65c2
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Dec 7 15:02:41 2016 +0100
Update hk config
roles/mailman/templates/settings.py.j2 | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/roles/mailman/templates/settings.py.j2 b/roles/mailman/templates/settings.py.j2
index d0f96d3..1d8df3e 100644
--- a/roles/mailman/templates/settings.py.j2
+++ b/roles/mailman/templates/settings.py.j2
@@ -15,7 +15,7 @@ SECRET_KEY = '{{ mailman_hyperkitty_cookie_key }}'
DEBUG = False
ADMINS = (
- ('HyperKitty Admin', 'kwizart(a)rpmfusion.org'),
+ ('HyperKitty Admin', 'kwizart(a)gmail.com'),
)
SERVER_EMAIL = 'root(a)rpmfusion.org'
DEFAULT_FROM_EMAIL = "admin(a)rpmfusion.org"
@@ -167,7 +167,7 @@ SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
LANGUAGE_CODE = 'en-us'
-TIME_ZONE = 'America/Chicago'
+TIME_ZONE = 'Etc/UTC'
USE_I18N = True
7 years, 9 months
[ansible] Add se01 for lists
by Nicolas Chauvet
commit bed9868a338bcb98c8459e70c7f905b87c262e65
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Dec 7 14:01:43 2016 +0100
Add se01 for lists
playbooks/include/proxies-reverseproxy.yml | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
---
diff --git a/playbooks/include/proxies-reverseproxy.yml b/playbooks/include/proxies-reverseproxy.yml
index 68fe7e0..bd47797 100644
--- a/playbooks/include/proxies-reverseproxy.yml
+++ b/playbooks/include/proxies-reverseproxy.yml
@@ -32,3 +32,8 @@
destname: bugzilla02
proxyurl: http://bugzilla02
+ - role: httpd/reverseproxy
+ website: lists.rpmfusion.org
+ destname: se01
+ proxyurl: http://se01
+
7 years, 9 months
[ansible] Again
by Nicolas Chauvet
commit 175331cecc8452b207cf5fadab3f703525aec397
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Dec 7 13:06:21 2016 +0100
Again
.../files/builders/kojid.service.d.override.conf | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/roles/koji_builder/files/builders/kojid.service.d.override.conf b/roles/koji_builder/files/builders/kojid.service.d.override.conf
index ea7571b..582d935 100644
--- a/roles/koji_builder/files/builders/kojid.service.d.override.conf
+++ b/roles/koji_builder/files/builders/kojid.service.d.override.conf
@@ -1,2 +1,2 @@
[Service]
-Environmement="http_proxy=http://proxy:3128"
+Environment="http_proxy=http://proxy:3128"
7 years, 9 months
[ansible] Add Service for koji override
by Nicolas Chauvet
commit 04471ad35964214b8ee9f0b2e52164a162e1217a
Author: Nicolas Chauvet <kwizart(a)gmail.com>
Date: Wed Dec 7 12:18:51 2016 +0100
Add Service for koji override
.../files/builders/kojid.service.d.override.conf | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
---
diff --git a/roles/koji_builder/files/builders/kojid.service.d.override.conf b/roles/koji_builder/files/builders/kojid.service.d.override.conf
index ab70c69..ea7571b 100644
--- a/roles/koji_builder/files/builders/kojid.service.d.override.conf
+++ b/roles/koji_builder/files/builders/kojid.service.d.override.conf
@@ -1 +1,2 @@
+[Service]
Environmement="http_proxy=http://proxy:3128"
7 years, 9 months