opendev/system-config
Code Issues Proposed changes
system-config/inventory/service/group_vars/mailman3.yaml
Clark Boylan 0d23743dc9 Add vmware migration list to lists.openinfra.dev 
This has been requested by Jimmy at the foundation.

Change-Id: I997783b29b98dc001152d1fd8e3d8f439caece9a
2024-07-18 12:03:33 -07:00

333 lines
14 KiB
YAML
Raw Blame History

# System Configs
iptables_extra_public_tcp_ports:
- 25
- 80
- 443
- 465
letsencrypt_certs:
lists-opendev-org-main:
- "{{ inventory_hostname }}"
- lists.opendev.org
- lists.airshipit.org
- lists.katacontainers.io
- lists.openinfra.dev
- lists.openstack.org
- lists.starlingx.io
- lists.zuul-ci.org
borg_backup_excludes_extra:
# db is backed up in dumps, don't capture live files
- /var/lib/mailman/database
# backed up by streaming backup
- /var/backups/mailman-mariadb
# Can regenerate indexes from source email files
- /var/lib/mailman/web-data/fulltext_index
# Exim Configs
exim_queue_interval: '1m'
exim_queue_run_max: '50'
exim_smtp_accept_max: '100'
exim_smtp_accept_max_per_host: '10'
# This should be set to more than mailman's mta.max_recipients value.
exim_smtp_accept_queue_per_connection: '50'
exim_routers:
- mailman_verp_router: |
{% raw -%}
driver = dnslookup
condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\
{eq{$sender_host_address}{::1}}}{yes}{no}}
{% endraw %}
domains = !+local_domains
ignore_target_hosts = <; 0.0.0.0; \
127.0.0.0/8; \
::1/128;fe80::/10;fe \
c0::/10;ff00::/8
senders = "*-bounces@*"
transport = mailman_verp_smtp
- dnslookup: '{{ exim_dnslookup_router }}'
- system_aliases: '{{ exim_system_aliases_router }}'
- domain_aliases: |
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part@$domain}lsearch{/etc/aliases.domain}}
file_transport = address_file
pipe_transport = address_pipe
- localuser: '{{ exim_localuser_router }}'
- mailman_router: |
driver = accept
domains = {{ mm_domains }}
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
local_part_suffix_optional
require_files = /var/lib/mailman/core/var/lists/${local_part}.${domain}
transport = mailman_transport
exim_transports:
- mailman_transport: |
debug_print = "Email for mailman"
driver = smtp
protocol = lmtp
allow_localhost
hosts = localhost
port = 8024
rcpt_include_affixes = true
- mailman_verp_smtp: |
driver = smtp
headers_add = Errors-To: ${return_path}
headers_remove = Errors-To
max_rcpt = 1
return_path = ${local_part:$return_path}+$local_part=$domain@${domain:$return_path}
# Mailman Configs
mailman_multihost: true
mm_domains: 'lists.openstack.org:lists.zuul-ci.org:lists.airshipit.org:lists.starlingx.io:lists.opendev.org:lists.openinfra.dev:lists.katacontainers.io'
exim_local_domains: "@:{{ mm_domains }}"
exim_enable_spf: true
exim_aliases:
root: "{{ ','.join(listadmins|default([])) }}"
interop-wg: openstack-discuss
openstack: openstack-discuss
openstack-dev: openstack-discuss
openstack-infra: openstack-discuss
openstack-operators: openstack-discuss
openstack-security: openstack-discuss
openstack-sigs: openstack-discuss
openstack-tc: openstack-discuss
user-committee: openstack-discuss
airship-discuss-owner: spam
community-owner: spam
edge-computing-owner: spam
foundation-board-confidential-owner: spam
foundation-board-owner: spam
foundation-owner: spam
legal-discuss-owner: spam
mailman-owner: spam
marketing-owner: spam
openstack-announce-owner: spam
openstack-docs-owner: spam
openstack-fr-owner: spam
openstack-i18n-owner: spam
openstack-infra-owner: spam
openstack-ko-owner: spam
openstack-qa-owner: spam
product-wg-owner: spam
user-committee-owner: spam
spam: ':fail: delivery temporarily disabled due to ongoing spam flood'
# This is the local username for mailman processes, but it does not send nor
# need to receive messages.
mailman: ':blackhole: this address does not accept email'
# TODO It would be better to bypass verification for postorius@listdomain
# and set a :fail: rule for anyone trying to send email to this addr.
# But that requires updating our main exim config so that needs more thought.
postorius: ':blackhole: outgoing email only from this address'
exim_domain_aliases:
community@lists.openstack.org: community@lists.openinfra.dev
edge-computing@lists.openstack.org: edge-computing@lists.opendev.org
foundation@lists.openstack.org: foundation@lists.openinfra.dev
foundation-board@lists.openstack.org: foundation-board@lists.openinfra.dev
foundation-board-confidential@lists.openstack.org: foundation-board-confidential@lists.openinfra.dev
goldmembers@lists.openstack.org: goldmembers@lists.openinfra.dev
marketing@lists.openstack.org: marketing@lists.openinfra.dev
staff@lists.openstack.org: staff@lists.openinfra.dev
summit-programming-committee@lists.openinfra.dev: summit-track-chairs@lists.openinfra.dev
summitsponsors@lists.openstack.org: summitsponsors@lists.openinfra.dev
openinfralabs@lists.opendev.org: ':fail: this mailing list is not in use'
mailman_sites:
# First entry in this list is the primary web domain
- listdomain: lists.opendev.org
install_languages: ['en']
lists:
- name: computing-force-network
description: 'Organizing efforts around Computing Force Network related area'
owner: 'niujie@outlook.com'
- name: edge-computing
description: 'Organizing efforts around the edge-computing focus area.'
owner: 'ildiko@openinfra.dev'
- name: floss-mooc
description: 'Discussions & Coordination around the FLOSS MOOC being collaboratively developed here: https://gitlab.com/mooc-floss/mooc-floss'
owner: 'knelson@openinfra.dev'
- name: floss-mentoring
description: 'Discussions focused on building and maintaining OSS mentorship programs at academic institutions.'
owner: 'knelson@openinfra.dev'
- name: nbmp-discuss
description: 'Collaborating on Network Based Media Processing related platform and infrastructure systems usage and development.'
owner: 'ildiko@openstack.org'
- name: openinfralabs
description: 'No longer active'
owner: 'mnaser@vexxhost.com'
- name: rust-vmm
description: 'Collaborating on Rust-based virtual machine monitors.'
owner: 'claire@openstack.org'
- name: rustyk8s
description: 'Collaborating on Rust-based Kubernetes API.'
owner: 'allison@lohutok.net'
- name: service-announce
description: 'Announcement list for OpenDev services.'
owner: 'cboylan@sapwetik.org'
- name: service-discuss
description: 'Discussion list for OpenDev services.'
owner: 'cboylan@sapwetik.org'
- name: service-incident
description: 'Private list for OpenDev incident coordination.'
owner: 'cboylan@sapwetik.org'
private: true
- listdomain: lists.zuul-ci.org
install_languages: ['en']
lists:
- name: zuul-announce
description: 'Announcements of Zuul releases and other important information.'
owner: 'corvus@inaugust.com'
- name: zuul-discuss
description: 'Discussion of Zuul usage and development.'
owner: 'corvus@inaugust.com'
- name: zuul-jobs-failures
description: 'Gets notifications about zuul-jobs periodic job failures.'
owner: 'corvus@inaugust.com'
- listdomain: lists.airshipit.org
install_languages: ['en']
lists:
- name: airship-announce
description: 'Announcements of Airship releases and other important information.'
owner: 'jonathan@openstack.org'
- name: airship-discuss
description: 'Discussion of Airship usage and development.'
owner: 'jonathan@openstack.org'
- name: airship-embargo-notice
description: 'Embargoed security vulnerability announcements for Airship consumers.'
owner: 'andrew.walters@att.com'
private: true
- name: airship-job-failures
description: 'Notification messages for failures from CICD jobs.'
owner: 'roman.gorshunov@att.com'
- name: airship-security
description: 'Public Airship security advisories.'
owner: 'andrew.walters@att.com'
- listdomain: lists.katacontainers.io
install_languages: ['en']
lists:
- name: embargo-notice
description: 'Announcements of embargoed notices for the Kata Containers project'
owner: 'jonathan@openstack.org'
private: true
- name: kata-dev
description: 'Kata Containers Development Mailing List (not for usage questions)'
owner: 'jonathan@openstack.org'
- name: kata-hypervisor
description: 'Discussion of security and virtualization targeted at container use cases'
owner: 'jonathan@openstack.org'
- listdomain: lists.openinfra.dev
install_languages: ['en']
lists:
- name: asia-advisory-board
description: 'Private coordination within the OpenInfra Asia Advisory Board.'
owner: 'wes@openinfra.dev'
private: true
- name: community
description: 'The OpenInfra Community team is the main contact point for anybody running a local OpenInfra Group.'
owner: 'allison@openinfra.dev'
- name: europe-advisory-board
description: 'Private coordination within the OpenInfra EU Advisory Board.'
owner: 'wes@openinfra.dev'
private: true
- name: foundation
description: 'General discussion list for activities of the OpenInfra Foundation'
owner: 'jonathan@openinfra.dev'
- name: foundation-board
description: 'OpenInfra Foundation Board of Directors'
owner: 'jonathan@openinfra.dev'
- name: foundation-board-confidential
description: 'OpenInfra Foundation Board of Directors'
owner: 'jonathan@openinfra.dev'
private: true
- name: goldmembers
description: 'The discussion list for Gold Members of the OpenInfra Foundation'
owner: 'jonathan@openinfra.dev'
private: true
- name: marketing
description: 'The OpenInfra Marketing list is the meant to facilitate discussion and best practice sharing among marketers and event organizers in the OpenInfra community.'
owner: 'allison@openinfra.dev'
- name: nordix
description: 'Discussion and coordination of Nordix environment'
owner: 'robert.tomczyk@est.tech'
- name: openinfra-asia
description: 'Discussion related to the OpenInfra Asia hub.'
owner: 'wes@openinfra.dev'
- name: openinfra-europe
description: 'Discussion related to the OpenInfra EU hub.'
owner: 'wes@openinfra.dev'
- name: staff
description: 'Private list for OpenInfra Foundation staff members'
owner: 'mark@openinfra.dev'
private: true
- name: summit-track-chairs
description: 'OpenInfra Summit track chair communications'
owner: 'erin@openinfra.dev'
private: true
- name: summitsponsors
description: 'Coordination among OpenInfra Summit event sponsors'
owner: 'erin@openinfra.dev'
private: true
- name: vmware-migration-wg
description: 'Discussion related to VMWare migration efforts'
owner: 'jimmy@openinfra.dev'
private: true
- listdomain: lists.starlingx.io
install_languages: ['en']
lists:
- name: starlingx-announce
description: 'Announcements of StarlingX releases and other important information.'
owner: 'jonathan@openstack.org'
- name: starlingx-discuss
description: 'Discussion of StarlingX usage and development.'
owner: 'jonathan@openstack.org'
- listdomain: lists.openstack.org
install_languages: ['de', 'fr', 'it', 'ko', 'ru', 'vi', 'zh_TW']
lists:
- name: embargo-notice
description: 'Announcements to stakeholders for embargoed security vulnerabilities.'
owner: 'fungi@yuggoth.org'
private: true
- name: legal-discuss
description: 'Discussions on legal matters related to the project'
owner: 'thierry@openinfra.dev'
- name: openstack-announce
description: 'Key announcements about OpenStack & Security advisories'
owner: 'fungi@yuggoth.org'
- name: openstack-discuss
description: 'Discussion of OpenStack usage and development.'
owner: 'fungi@yuggoth.org'
- name: openstack-es
description: 'Lista de correo acerca de OpenStack en español'
owner: 'flavio@redhat.com'
- name: openstack-fr
description: 'List of the OpenStack french user group'
owner: 'erwan@erwan.com'
- name: openstack-hpc
description: 'High-Performance Computing OpenStack List'
owner: 'brian.schott@nimbisservices.com'
- name: openstack-i18n
description: 'List of the OpenStack Internationalization team.'
owner: 'guoyingc@cn.ibm.com'
- name: openstack-it
description: 'Discussioni su OpenStack in italiano'
owner: 'stefano@openstack.org'
- name: openstack-ko
description: 'OpenStack Korea Community Discussions in Korean (오픈스택 한국 커뮤니티 메일링리스트)'
owner: 'ianyrchoi@gmail.com'
- name: openstack-mentoring
description: 'List to coordinate interactions between mentors and mentees of the OpenStack mentoring program. Also for questions about the mentoring program (i.e. how to get involved, how it works, etc.'
owner: 'amy@demarco.com'
- name: openstack-stable-maint
description: 'A mailing list for the OpenStack Stable Branch test reports.'
owner: 'tony@bakeyournoodle.com'
- name: openstack-zh
description: 'OpenStack社区中文讨论群组'
owner: 'yeluaiesec@gmail.com'
- name: release-announce
description: 'Announcement of official OpenStack releases.'
owner: 'thierry@openstack.org'
- name: release-job-failures
description: 'Notification messages for failures from release-related build jobs.'
owner: 'doug@doughellmann.com'
View Git Blame Copy Permalink