Skip to content
Ansible role to install & maintain Schleuder (including schleuder-cli and schleuder-web)
Branch: master
Clone or download
Latest commit 29c089d Sep 16, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
defaults Choose more secure list-defaults Sep 12, 2019
handlers Initial commit Aug 22, 2019
meta Changed role name and badges Aug 23, 2019
molecule Enable and enhance yamllint Sep 16, 2019
tasks Improve ansible linting Sep 16, 2019
templates Enable and enhance yamllint Sep 16, 2019
.gitignore Initial commit Aug 22, 2019
.travis.yml Enable and enhance yamllint Sep 16, 2019
.yamllint Initial commit Aug 22, 2019
README.md Choose more secure list-defaults Sep 12, 2019

README.md

ansible-role-schleuder

Build Status Ansible Galaxy

Install and maintain a schleuder service and it's schleuder lists.

What is installed during the ansible run ?

This role will setup schleuder, schleuder-cli, schleuder-web by default.

The web interface is accessible via localhost:3000 and you can login with schleuders default credentials ("root@localhost" - "slingit!").

Additionally you can install the schleuder-gitlab-ticketing-plugin and hook your schleuder lists to a gitlab instance. Therefore you have set schleuder_install_gitlab_ticket_plugin: True in your vars file.

What else is needed?

You need to have to setup and install a mail transport on the server where schleuder is running. Additionally you need to have a running web server with a vhost pointing to your schleuder-web interface and it's port.

Please consult the schleuder documentation for additional information.

How can new lists/list admins manage their lists?

If a public key of the list admin is present, this role/schleuder will inform you about the list creation.

Schleuder list admins can request their password by logging in through web interface, after their list was created.

Role Variables

### Define which playbooks should be run:
schleuder_install_web: True
schleuder_install_cli: True
schleuder_install_gitlab_ticket_plugin: False

### schleuder vars:
schleuder_schleuder_user: "schleuder"
schleuder_gpg_use_tor: True
schleuder_gpg_tor_keyserver: "hkp://jirk5u4osbsr34t5.onion"
schleuder_admin_keys_path: "/var/lib/schleuder/adminkeys"

schleuder_lists: []
  #- name: foobar@cryptolists.systemli.org
  #  admin: admin@systemli.org
  #  # be sure to copy public_key of list admin to
  #  # files/schleuder/adminkeys/{{ name }}_{{ admin }}.pub
  #  # else set admin_pubkey_present to false
  #  # ---
  #  send_list_key: True
  #  present: True
  #  # ---
  #  admin_pubkey_present: True
  #  # if admin_pubkey_present is set to false
  #  schleuder list will be created, but is not functional

### schleuder-web vars:
schleuder_schleuder_web_repo: https://0xacab.org/schleuder/schleuder-web
schleuder_schleuder_web_home: "/var/www/schleuder-web"
schleuder_schleuder_web_user: schleuder-web
schleuder_schleuder_web_path: "{{ schleuder_schleuder_web_home }}/schleuder-web"
schleuder_schleuder_web_git_update: False
schleuder_schleuder_web_systemd_path: "/etc/systemd/system/schleuder-web.service"
schleuder_schleuder_web_environment_vars_path: "/etc/default/schleuder-web"
# set to false will make rails server listen on localhost only
schleuder_schleuder_web_allow_access_from_outside: True

### schleuder-gitlab-ticketing-plugin vars:
schleuder_gitlab_plugin_repo: https://0xacab.org/schleuder/schleuder-gitlab-ticketing
schleuder_gitlab_plugin_path: "/opt/local/gitlab-ticketing"
schleuder_gitlab_plugin_git_update: False

### schleuder-cli vars:
schleuder_cli_path: "/root/.schleuder-cli"

###### File Section

### schleuder/schleuder.yml.j2
schleuder_lists_dir: "/var/lib/schleuder/lists"
schleuder_listlogs_dir: "/var/lib/schleuder/lists"
schleuder_plugins_dir: "/etc/schleuder/plugins"
schleuder_filters_dir: "/usr/local/lib/schleuder/filters"
schleuder_log_level: "warn"
schleuder_keyserver: "hkps://hkps.pool.sks-keyservers.net"
schleuder_superadmin: "root@localhost"
schleuder_smtp_settings:
  address: localhost
  port: 25
  #domain:
  #enable_starttls_auto:
  #openssl_verify_mode:
  #authentication:
  #user_name:
  #password:
schleuder_database:
  production:
    adapter: "'sqlite3'"
    database: "/var/lib/schleuder/db.sqlite"
    pool: 5
    timeout: 5000
schleuder_api:
  host: localhost
  port: 4443
  # Certificate and key to use. You can create new ones with `schleuder cert generate`.
  tls_cert_file: "/etc/schleuder/schleuder-certificate.pem"
  tls_key_file: "/etc/schleuder/schleuder-private-key.pem"

# List of api_keys to allow access to the API.
# Example:
# valid_api_keys:
#   - abcdef...
#   - zyxwvu...
schleuder_valid_api_keys: []


### schleuder/list-defaults.yml.j2
schleuder_send_encrypted_only: "true"
schleuder_receive_encrypted_only: "true"
schleuder_receive_signed_only: "false"
schleuder_receive_authenticated_only: "false"
schleuder_receive_from_subscribed_emailaddresses_only: "true"
schleuder_receive_admin_only: "false"
schleuder_headers_to_meta:
  - from
  - to
  - cc
  - date
  - sig
  - enc
schleuder_keep_msgid: "true"
schleuder_keywords_admin_only:
  - subscribe
  - unsubscribe
  - delete-key
schleuder_keywords_admin_notify:
  - add-key
schleuder_internal_footer: ""
schleuder_public_footer: ""
schleuder_subject_prefix: ""
schleuder_subject_prefix_in: ""
schleuder_subject_prefix_out: ""
schleuder_bounces_drop_all: "false"
schleuder_bounces_drop_on_headers:
  x-spam-flag: "yes"
schleuder_bounces_notify_admins: "true"
schleuder_include_list_headers: "true"
schleuder_include_openpgp_header: "true"
schleuder_openpgp_header_preference: signencrypt
schleuder_max_message_size_kb: 10240
schleuder_lists_log_level: warn
schleuder_logfiles_to_keep: 2
# Available: en, de.
schleuder_language: en
schleuder_forward_all_incoming_to_admins: "false"

### schleuder-web/database.yml
# schleuder-web uses it's own database to store user credentials
schleuder_web_database:
  production:
    adapter: "'sqlite3'"
    database: "db/production.sqlite"
    pool: 5
    timeout: 5000

### schleuder/gitlab.yml
# global settings
schleuder_gitlab_default_subject_filters: []
schleuder_gitlab_default_sender_filters: []
schleuder_gitlab_default_gitlab_connection: {}

# settings per list
# see https://0xacab.org/schleuder/schleuder-gitlab-ticketing
schleuder_gitlab_lists: []
#  - test@schleuder.example.com:
#      project: tickets
#      namespace: support
#      subject_filters:
#        - 'ignore me'
#  - testz@schleuder.example.com:
#      gitlab:
#        endpoint: https://gitlab2.example.com/api/v4
#        token: aaaa
#      sender_filters:
#        - 'noreply@example\.com'

Download

Download latest release with ansible-galaxy

ansible-galaxy install systemli.schleuder

Example Playbook

- hosts: servers
  roles:
     - { role: systemli.schleuder }

Extended Variables Example

schleuder_lists:
  - name: foobar@cryptolists.systemli.org
    admin: admin@systemli.org
    # public key has to be in 
    # files/adminkeys/{{ name }}_{{ admin }}.pub
  - name: no_pub_key_of_listadmin@cryptolists.systemli.org
    admin: test@systemli.org
    admin_pubkey_present: False
    send_list_key: False
    # public key is not put to server
    # list is created but not functional
    # list_key is not not sent to subscribers
  - name: will_be_deleted@cryptolists.systemli.org
    admin: test@systemli.org
    state: absent
    # list will be deleted in the next ansible run         


# gitlab settings per list
# see https://0xacab.org/schleuder/schleuder-gitlab-ticketing
schleuder_gitlab_lists:
  - foobar@cryptolists.systemli.org 
      project: tickets
      namespace: support
      subject_filters:
        - 'ignore me'
  - testz@schleuder.example.com:
      gitlab:
        endpoint: https://gitlab2.example.com/api/v4
        token: 1234aaaa1234
      sender_filters:
        - 'noreply@example\.com'

Testing & Development

For developing and testing the role we use Travis CI and Molecule with Vagrant.

Requires Molecule, Vagrant and python-vagrant to be installed.

On the local environment you can easily test the role with

molecule test

This will spin up two virtual machines with Debian Stretch and Debian Buster. Afterwards you can connect to the Schleuder web interface via:

Stretch: http://localhost:3001
Buster: http://localhost:3000

License

GPLv3

Author Information

https://www.systemli.org

You can’t perform that action at this time.