Add postgres and more documentation

Author: sdarwin

README.md

@@ -1,21 +1,23 @@
 Mailman 3 Ansible Role
 ======================
 
-See [docs/README.md](docs/README.md) for the C++ specific admin info.  
-
-`galaxyproject.mailman3` is an Ansible role to install the [Mailman 3][mailman3] suite. This role installs all
-components of the suite: Mailman 3 Core, and the Django-based web interfaces, Postorius and Hyperkitty.
+`cppalliance.mailman3` is an Ansible role to install the [Mailman 3][mailman3] suite, based on [galaxyproject.mailman3](https://github.com/galaxyproject/ansible-mailman3).
+While `galaxyproject.mailman3` installed all components of the suite: Mailman 3 Core, and the Django-based web interfaces, Postorius and Hyperkitty, this current role
+also adds basic installations of PostgreSQL, Postfix, and Nginx. Those 3rd party components are required by mailman3. However the option remains to install and 
+manage those separately if you prefer.  
 
 Mailman 3 is a complicated service with many parts. It is a good idea to familiarize yourself with them before
 proceeding. See the [architecture documentation][mailman3_arch] for details.
 
+See [docs/mailman3-core.md](docs/mailman3-core.md) for a version of this role that only installs mailman3-core and _not_ the web component.  
+
 [mailman3]: https://docs.mailman3.org/
 [mailman3_arch]: https://docs.mailman3.org/en/latest/architecture.html
 
 Requirements
 ------------
 
-Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+Test has mainly been done on Ubuntu 22.04. Pull requests are welcome to verify and re-enable other OS versions.  
 
 Role Variables
 --------------
@@ -25,50 +27,177 @@ Variables are described in detail in [`defaults/main.yml`](defaults/main.yml).
 Dependencies
 ------------
 
-There are no strict depdendencies, but production Mailman 3 services typically need Postfix and PostgreSQL. You may find
-the following roles useful:
+A production Mailman 3 service typically needs Postfix, PostgreSQL, and Nginx. If you choose to install them separately, the following roles may be useful:
 
 - [galaxyproject.postgresql](https://galaxy.ansible.com/galaxyproject/postgresql)
 - [galaxyproject.postgresql_objects](https://galaxy.ansible.com/galaxyproject/postgresql_objects)
 - [galaxyproject.postfix](https://galaxy.ansible.com/galaxyproject/postfix)
 - [galaxyproject.opendkim](https://galaxy.ansible.com/galaxyproject/opendkim)
 - [galaxyproject.nginx](https://galaxy.ansible.com/galaxyproject/nginx)
 
+A default installation of this role `cppalliance.mailman3` will include those packages, as discussed below.   
+
+PostgreSQL
+----------
+
+The playbook `playbooks/mailman3-playbook.yml` includes a database-specific play and will call `postgres.yml` to install the database.  
+
+```
+---
+- hosts: mailman3-database
+  tasks:
+    - name: Install DB
+      ansible.builtin.include_role:
+        name: cppalliance.mailman3
+        tasks_from: database/main.yml
+```
+
+Decide which server will host the database. It might be the mailman instance or a backend DB server. Add that server to the inventory (the hosts file) in the `mailman3-database` group. Run the playbook. 
+
+Otherwise, to manage the DB externally, don't put any hosts to the `mailman3-database` group. Or modify the play. Follow your own method to install a database.  
+
+Postgres configuration variables (named mailman3_database_) can be found in `defaults/main.yml`.
+
+Postfix
+-------
+
+The factor determining whether Postfix will be installed is the `mailman3_mta` variable in defaults/main.yml. If you choose to set the value of `mailman3_mta` to anything other than `postfix` it will avoid a Postfix installation.
+
+Postfix related variables include `mailman3_relayhost` and `mailman3_sasl_passwd`. You _should_ configure those, but you may also choose to set each of those variables to an empty string `''` so they are not added in postfix/main.cf.  
+
+`postfix/main.cf` is a role template and may be customized or replaced.  
+
+Nginx
+-----
+
+The factor determining whether Nginx will be installed is the `mailman3_install_nginx` variable in defaults/main.yml. If you choose to set the value to `false` it will avoid an Nginx installation.
+
+This role doesn't install SSL certificates, but you should likely add them. Review the `mailman3_nginx_ssl_certs` variable which starts out using self-signed certificates. After you have installed valid certificates set that variable to use another configuration.  
+
 Example Playbook
 ----------------
 
-A relatively simple, single-site setup using PostgreSQL as the database backend:
+A playbook has been included in playbooks/mailman3-playbook.yml:  
+
+```
+---
+- hosts: mailman3-database
+  become: true
+  remote_user: ubuntu
+  tasks:
+    - name: Install DB
+      ansible.builtin.include_role:
+        name: cppalliance.mailman3
+        tasks_from: database/main.yml
+
+- hosts: mailman3
+  become: true
+  remote_user: ubuntu
+  roles:
+    - role: cppalliance.mailman3
+
+```
+
+In the inventory `hosts` file add servers to the `mailman3` and `mailman3-database` groups. Configure variables in a file such as host_vars/mailman.example.org/vars.  
+The following example uses a network connection to reach the database:  
 
 ```yaml
-- name: Install Mailman 3
-  hosts: all
-  vars:
-    mailman3_django_superusers:
-      - name: admin
-        pass: admin
-        email: [email protected]
-    mailman3_core_api_admin_user: adminuser
-    mailman3_core_api_admin_pass: adminpass
-    mailman3_archiver_key: archiverkey
-    mailman3_config:
-      mailman:
-        site_owner: [email protected]
-      database:
-        class: mailman.database.postgresql.PostgreSQLDatabase
-        url: postgres:///mailman3_core?host=/var/run/postgresql
-    mailman3_django_config:
-      secret_key: supersecret
-      hyperkitty_attachment_folder: "{{ mailman3_web_var_dir }}/attachments"
-      databases:
-        default:
-          ENGINE: django.db.backends.postgresql_psycopg2
-          NAME: mailman3_web
-          HOST: /var/run/postgresql
-    mailman3_extra_packages:
-      - psycopg2-binary
+mailman3_django_superusers:
+  - name: admin
+    pass: admin
+    email: [email protected]
+mailman3_core_api_admin_user: adminuser
+mailman3_core_api_admin_pass: adminpass
+mailman3_archiver_key: archiverkey
+mailman3_config:
+  mailman:
+    site_owner: [email protected]
+  database:
+    class: mailman.database.postgresql.PostgreSQLDatabase
+    url: postgresql://mailman3_core:[email protected]/mailman3_core
+mailman3_django_config:
+  secret_key: supersecret
+  # Don't define hyperkitty_attachment_folder. If not set, it will store attachments in the db.
+  # hyperkitty_attachment_folder: "{{ mailman3_web_var_dir }}/attachments"
+  csrf_trusted_origins:
+    - http://mailman.example.org
+    - https://mailman.example.org
+  databases:
+    default:
+      ENGINE: 'django.db.backends.postgresql_psycopg2'
+      NAME: 'mailman3_web'
+      HOST: 'mailman.example.org'
+      USER: 'mailman3_web'
+      PASSWORD: 'mypassword'
+      PORT: '5432'
+mailman3_extra_packages:
+  - psycopg2-binary
+mailman3_nginx_ssl_certs: |
+  include snippets/snakeoil.conf;
+      # ssl_certificate /etc/letsencrypt/live/{{ mailman3_web_url }}/fullchain.pem;
+      # ssl_certificate_key /etc/letsencrypt/live/{{ mailman3_web_url }}/privkey.pem;
+mailman3_sasl_passwd: smtp.mailgun.org [email protected]:555555555
+mailman3_relayhost: smtp.mailgun.org:587
+mailman3_database_list:
+  - name: mailman3_web
+    username: mailman3_web
+    password: mypassword
+    subnet: "0.0.0.0/0"
+  - name: mailman3_core
+    username: mailman3_core
+    password: mypassword
+    subnet: "0.0.0.0/0"
+```
+
+Similarly, an example with a unix socket to reach the database. Notice the database username change:    
+
+```yaml
+mailman3_django_superusers:
+  - name: admin
+    pass: admin
+    email: [email protected]
+mailman3_core_api_admin_user: adminuser
+mailman3_core_api_admin_pass: adminpass
+mailman3_archiver_key: archiverkey
+mailman3_config:
+  mailman:
+    site_owner: [email protected]
+  database:
+    class: mailman.database.postgresql.PostgreSQLDatabase
+    url: postgres:///mailman3_core?host=/var/run/postgresql
+mailman3_django_config:
+  secret_key: supersecret
+  # Don't define hyperkitty_attachment_folder. If not set, it will store attachments in the db.
+  # hyperkitty_attachment_folder: "{{ mailman3_web_var_dir }}/attachments"
+  csrf_trusted_origins:
+    - http://mailman.example.org
+    - https://mailman.example.org
+  databases:
+    default:
+      ENGINE: django.db.backends.postgresql_psycopg2
+      NAME: mailman3_web
+      HOST: /var/run/postgresql
+mailman3_extra_packages:
+  - psycopg2-binary
+mailman3_nginx_ssl_certs: |
+  include snippets/snakeoil.conf;
+      # ssl_certificate /etc/letsencrypt/live/{{ mailman3_web_url }}/fullchain.pem;
+      # ssl_certificate_key /etc/letsencrypt/live/{{ mailman3_web_url }}/privkey.pem;
+mailman3_sasl_passwd: smtp.mailgun.org [email protected]:555555555
+mailman3_relayhost: smtp.mailgun.org:587
+mailman3_database_list:
+  - name: mailman3_web
+    # With a unix socket the db username should match the linux username, which is often "mailman3-web".  
+    username: mailman3-web
+    password: mypassword
+    subnet: "0.0.0.0/0"
+  - name: mailman3_core
+    username: mailman3_core
+    password: mypassword
+    subnet: "0.0.0.0/0"
 ```
 
-A more complex setup with multiple list domains, Xapian haystack engine, distribution of Postfix lmtp maps to MX
+The next example comes from the original galaxyproject role. A more complex setup with multiple list domains, Xapian haystack engine, distribution of Postfix lmtp maps to MX
 servers, and DKIM:
 
 ```yaml
@@ -137,4 +266,5 @@ MIT
 Author Information
 ------------------
 
+The [CPPAlliance](https://cppalliance.org)  
 The [Galaxy Community](https://galaxyproject.org/) and [contributors](https://github.com/galaxyproject/ansible-mailman3/graphs/contributors)

defaults/main.yml

@@ -431,9 +431,28 @@ __mailman3_os: >-
 # Server name nginx should listen on, defaults to inventory_hostname.
 mailman3_web_url: "{{ inventory_hostname }}"
 mailman3_install_nginx: true
-# Override this will a value similar to mailman3_web_url. Used in /etc/mailman3/hyperkitty.cfg:
-mailman3_hyperkitty_server_url: "http://localhost"
+# Similar to mailman3_web_url. Used in /etc/mailman3/hyperkitty.cfg:
+mailman3_hyperkitty_server_url: "https://{{ inventory_hostname }}"
 mailman3_nginx_ssl_certs: "include snippets/snakeoil.conf;"
 mailman3_mta: postfix
 mailman3_relayhost: smtp.mailgun.org:587
 mailman3_sasl_passwd: smtp.mailgun.org [email protected]:12345
+
+# Database variables
+mailman3_database_type: postgres
+mailman3_database_pg_packages:
+  - postgresql-15
+  # - postgresql-contrib
+  - libpq-dev
+  - python3-pip
+mailman3_database_super_password: superpassword
+mailman3_postgresql_config_dir: "/etc/postgresql/15"
+mailman3_database_list:
+  - name: mailman3_web
+    username: mailman3_web
+    password: mypassword
+    subnet: "0.0.0.0/0"
+  - name: mailman3_core
+    username: mailman3_core
+    password: mypassword
+    subnet: "0.0.0.0/0"

docs/README.md

@@ -0,0 +1,15 @@
+# /etc/cron.d/mailman-web
+#Ansible: hourly
+@hourly mailman3-web MAILMAN_WEB_CONFIG=/var/lib/mailman3/web/project/settings.py /opt/mailman3/bin/mailman-web runjobs hourly
+#Ansible: daily
+@daily mailman3-web MAILMAN_WEB_CONFIG=/var/lib/mailman3/web/project/settings.py /opt/mailman3/bin/mailman-web runjobs daily
+#Ansible: weekly
+@weekly mailman3-web MAILMAN_WEB_CONFIG=/var/lib/mailman3/web/project/settings.py /opt/mailman3/bin/mailman-web runjobs weekly
+#Ansible: monthly
+@monthly mailman3-web MAILMAN_WEB_CONFIG=/var/lib/mailman3/web/project/settings.py /opt/mailman3/bin/mailman-web runjobs monthly
+#Ansible: yearly
+@yearly mailman3-web MAILMAN_WEB_CONFIG=/var/lib/mailman3/web/project/settings.py /opt/mailman3/bin/mailman-web runjobs yearly
+#Ansible: minutely
+* * * * * mailman3-web MAILMAN_WEB_CONFIG=/var/lib/mailman3/web/project/settings.py /opt/mailman3/bin/mailman-web runjobs minutely
+#Ansible: quarter_hourly
+2,17,32,47 * * * * mailman3-web MAILMAN_WEB_CONFIG=/var/lib/mailman3/web/project/settings.py /opt/mailman3/bin/mailman-web runjobs quarter_hourly