Mailman: Difference between revisions

(13 intermediate revisions by 6 users not shown)

Line 1:

[https://www.list.org/ Mailman] is free software for managing electronic mail discussion and e-newsletter lists. Mailman and its web interface can be configured using the corresponding NixOS module.

This article extends the documentation in [https://nixos.org/manual/nixos/stable/#module-services-mailman NixOS manual].

__TOC__

== Running Mailman on NixOS ==

= Running Mailman on NixOS =

~~Requires at least NixOS 20.03; the <code>services.mailman</code> module in NixOS 19.09 is insufficient.~~

This example includes:

Line 11:

Line 13:

* letsencrypt to acquire TLS certificates for nginx

=== Deployment steps ===

== Deployment steps ==

* Edit <code>/etc/nixos/configuration.nix</code> and add this stuff:

Line 26:

Line 28:

enable = true;

relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];

sslCert = config.security.acme.certs.${MAILMAN_HOST}.directory + "/full.pem";

sslKey = config.security.acme.certs.${MAILMAN_HOST}.directory + "/key.pem";

config = {

transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];

Line 37:

Line 41:

webUser = config.services.uwsgi.user;

hyperkitty.enable = true;

# Have mailman talk directly to hyperkitty, bypassing nginx:

hyperkitty.baseUrl = "http://localhost:33141/hyperkitty/";

webHosts = [MAILMAN_HOST];

};

Line 49:

Line 55:

# Tweak permissions so nginx can read and serve the static assets

# (/var/lib/mailman-web ~~defaults to~~ mode 0600)

# (otherwise /var/lib/mailman-web is mode 0600)

systemd.services.~~uwsgi~~.~~preStart~~ = ''

systemd.services.mailman-settings.script = ''

chmod o+x /var/lib/mailman-web

'';

Line 65:

Line 71:

}; [ mailman-web ]

);

# uwsgi protocol socket for nginx

socket = "127.0.0.1:33140";

# http socket for mailman core to reach the hyperkitty API directly

http-socket = "127.0.0.1:33141";

wsgi-file = "${config.services.mailman.webRoot}/mailman_web/wsgi.py";

chdir = "/var/lib/mailman-web";

Line 79:

Line 88:

services.nginx = {

enable = true;

recommendedGzipSettings = true;

recommendedProxySettings = true;

recommendedTlsSettings = true;

virtualHosts.${MAILMAN_HOST} = {

enableACME = true;

forceSSL = true;

locations."/static/".alias = "/var/lib/mailman-web/static/";

# If you're coming from Mailman 2, you might want these redirects:

# locations."~ ^/(?:pipermail|private)/([a-z-]+)/".return = "303 https://${MAILMAN_HOST}/hyperkitty/list/$1.${MAILMAN_HOST}/";

# locations."~ ^/(?:listadmin)/([a-z-]+)".return = "303 https://${MAILMAN_HOST}/postorius/lists/$1.${MAILMAN_HOST}/settings/";

# locations."~ ^/(?:listinfo|options)/([a-z-]+)".return = "303 https://${MAILMAN_HOST}/postorius/lists/$1.${MAILMAN_HOST}/";

# locations."/create".return = "301 https://${MAILMAN_HOST}/postorius/lists/new";

locations."/".extraConfig = ''

uwsgi_pass 127.0.0.1:33140;

Line 91:

Line 107:

};

networking.firewall.allowedTCPPorts = [ 80 443 ];

networking.firewall.allowedTCPPorts = [ 25 80 443 ];

}

</syntaxhighlight>

Line 122:

Line 138:

At this point you should have a working Mailman installation. Create and manage lists using the web interface or the <code>mailman</code> commandline tool, and refer to the [https://docs.mailman3.org/ upstream documentation] for lots more information.

== Optional extras ==

=== Social logins ===

Mailman 3 uses [https://docs.allauth.org/en/latest/ django-allauth] to allow logins via many external auth providers, such as GitHub and Google. To enable these we need to update our Django settings and add some per-provider specifics in the admin UI.

In this example we're just adding GitHub, but there are [https://docs.allauth.org/en/latest/socialaccount/providers/ lots of other providers] available.

* Add to your <code>configuration.nix</code> and run <code>nixos-rebuild switch</code>:

# Extend the django settings.py directly since this can't all be

# done via JSON settings (services.mailman.webSettings)

environment.etc."mailman3/settings.py".text = ''

INSTALLED_APPS.extend([

"allauth.socialaccount.providers.github",

])

'';

</syntaxhighlight>

* Register a new OAuth application on GitHub at https://github.com/settings/applications/new. Your Authorization Callback URL will be <code>https://<your_mailman_hostname>/accounts/github/login/callback/</code>. Save the Client ID and Client Secret that GitHub gives you at the end of this process.

* Navigate to <code>https://<your_mailman_hostname>/admin/socialaccount/socialapp/add/</code> and fill in the values you got from GitHub. Make sure you click '''Choose all''' to enable this auth provide for your django site, then click '''Save'''.

*: [[File:Django_admin_add_social_application.png]]

Now you should be able to login to your mailman site with GitHub, and see your account's connections at <code>https://<your_mailman_hostname>/accounts/social/connections/</code>

[[Category:Mail Server]]

[[Category:Server]]

[[Category:Web Applications]]

[[Category:Django]]

[[Category:NixOS Manual]]

@@ Line 1: / Line 1: @@
+[https://www.list.org/ Mailman] is free software for managing electronic mail discussion and e-newsletter lists. Mailman and its web interface can be configured using the corresponding NixOS module.
+This article extends the documentation in [https://nixos.org/manual/nixos/stable/#module-services-mailman NixOS manual].
 __TOC__
-== Running Mailman on NixOS ==
+= Running Mailman on NixOS =
-Requires at least NixOS 20.03; the <code>services.mailman</code> module in NixOS 19.09 is insufficient.
 This example includes:
@@ Line 11: / Line 13: @@
 * letsencrypt to acquire TLS certificates for nginx
-=== Deployment steps ===
+== Deployment steps ==
 * Edit <code>/etc/nixos/configuration.nix</code> and add this stuff:
@@ Line 26: / Line 28: @@
      enable = true;
      relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
+    sslCert = config.security.acme.certs.${MAILMAN_HOST}.directory + "/full.pem";
+    sslKey = config.security.acme.certs.${MAILMAN_HOST}.directory + "/key.pem";
      config = {
        transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
@@ Line 37: / Line 41: @@
      webUser = config.services.uwsgi.user;
      hyperkitty.enable = true;
+    # Have mailman talk directly to hyperkitty, bypassing nginx:
+    hyperkitty.baseUrl = "http://localhost:33141/hyperkitty/";
      webHosts = [MAILMAN_HOST];
    };
@@ Line 49: / Line 55: @@
    # Tweak permissions so nginx can read and serve the static assets
-   # (/var/lib/mailman-web defaults to mode 0600)
+   # (otherwise /var/lib/mailman-web is mode 0600)
-   systemd.services.uwsgi.preStart = ''
+   systemd.services.mailman-settings.script = ''
      chmod o+x /var/lib/mailman-web
    '';
@@ Line 65: / Line 71: @@
          }; [ mailman-web ]
        );
+      # uwsgi protocol socket for nginx
        socket = "127.0.0.1:33140";
+      # http socket for mailman core to reach the hyperkitty API directly
+      http-socket = "127.0.0.1:33141";
        wsgi-file = "${config.services.mailman.webRoot}/mailman_web/wsgi.py";
        chdir = "/var/lib/mailman-web";
@@ Line 79: / Line 88: @@
    services.nginx = {
      enable = true;
+    recommendedGzipSettings = true;
      recommendedProxySettings = true;
+    recommendedTlsSettings = true;
      virtualHosts.${MAILMAN_HOST} = {
        enableACME = true;
        forceSSL = true;
        locations."/static/".alias = "/var/lib/mailman-web/static/";
+      # If you're coming from Mailman 2, you might want these redirects:
+      # locations."~ ^/(?:pipermail|private)/([a-z-]+)/".return = "303 https://${MAILMAN_HOST}/hyperkitty/list/$1.${MAILMAN_HOST}/";
+      # locations."~ ^/(?:listadmin)/([a-z-]+)".return = "303 https://${MAILMAN_HOST}/postorius/lists/$1.${MAILMAN_HOST}/settings/";
+      # locations."~ ^/(?:listinfo|options)/([a-z-]+)".return = "303 https://${MAILMAN_HOST}/postorius/lists/$1.${MAILMAN_HOST}/";
+      # locations."/create".return = "301 https://${MAILMAN_HOST}/postorius/lists/new";
        locations."/".extraConfig = ''
          uwsgi_pass 127.0.0.1:33140;
@@ Line 91: / Line 107: @@
    };
-   networking.firewall.allowedTCPPorts = [ 80 443 ];
+   networking.firewall.allowedTCPPorts = [ 25 80 443 ];
 }
 </syntaxhighlight>
@@ Line 122: / Line 138: @@
 At this point you should have a working Mailman installation.  Create and manage lists using the web interface or the <code>mailman</code> commandline tool, and refer to the [https://docs.mailman3.org/ upstream documentation] for lots more information.
+== Optional extras ==
+=== Social logins ===
+Mailman 3 uses [https://docs.allauth.org/en/latest/ django-allauth] to allow logins via many external auth providers, such as GitHub and Google.  To enable these we need to update our Django settings and add some per-provider specifics in the admin UI.
+In this example we're just adding GitHub, but there are [https://docs.allauth.org/en/latest/socialaccount/providers/ lots of other providers] available.
+* Add to your <code>configuration.nix</code> and run <code>nixos-rebuild switch</code>:
+<syntaxhighlight lang="nix">
+  # Extend the django settings.py directly since this can't all be
+  # done via JSON settings (services.mailman.webSettings)
+  environment.etc."mailman3/settings.py".text = ''
+    INSTALLED_APPS.extend([
+      "allauth.socialaccount.providers.github",
+    ])
+  '';
+</syntaxhighlight>
+* Register a new OAuth application on GitHub at https://github.com/settings/applications/new.  Your Authorization Callback URL will be <code>https://<your_mailman_hostname>/accounts/github/login/callback/</code>.  Save the Client ID and Client Secret that GitHub gives you at the end of this process.
+* Navigate to <code>https://<your_mailman_hostname>/admin/socialaccount/socialapp/add/</code> and fill in the values you got from GitHub.  Make sure you click '''Choose all''' to enable this auth provide for your django site, then click '''Save'''.
+*: [[File:Django_admin_add_social_application.png]]
+Now you should be able to login to your mailman site with GitHub, and see your account's connections at <code>https://<your_mailman_hostname>/accounts/social/connections/</code>
+[[Category:Mail Server]]
+[[Category:Server]]
+[[Category:Web Applications]]
+[[Category:Django]]
+[[Category:NixOS Manual]]