# This file is imported by the Mailman Suite. It is used to override # the default settings from /usr/share/mailman3-web/settings.py. # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = '{{ mailman.web.secretkey }}' ADMINS = ( ) # Hosts/domain names that are valid for this site; required if DEBUG is False # See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts # Set to '*' per default in the Deian package to allow all hostnames. Mailman3 # is meant to run behind a webserver reverse proxy anyway. ALLOWED_HOSTS = [ #"localhost", # Archiving API from Mailman, keep it. # "lists.your-domain.org", # Add here all production URLs you may have. '*' ] # Mailman API credentials MAILMAN_REST_API_URL = 'http://{{ mailman.api.hostname }}:{{ mailman.api.port }}' MAILMAN_REST_API_USER = '{{ mailman.api.admin.name }}' MAILMAN_REST_API_PASS = '{{ mailman.api.admin.pw }}' MAILMAN_ARCHIVER_KEY = '{{ mailman.archiver.key }}' MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1') MIDDLEWARE = ( # defaults 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django_mailman3.middleware.TimezoneMiddleware', 'postorius.middleware.PostoriusMiddleware', {% if mailman.web.remote_user %} 'django.contrib.auth.middleware.PersistentRemoteUserMiddleware', {% endif %} {% if mailman.web.ldap %} 'postorius_ldap_membership_management.middleware.SessionTimeoutMiddleware', {% endif %} ) # Application definition INSTALLED_APPS = ( 'hyperkitty', 'postorius', 'django_mailman3', 'django.contrib.admin', 'django.contrib.admindocs', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'django_gravatar', 'compressor', 'haystack', 'django_extensions', 'django_q', 'allauth', 'allauth.account', 'allauth.socialaccount', {% if mailman.web.ldap %} 'postorius_ldap_membership_management', {% endif %} ) AUTHENTICATION_BACKENDS = ( {% if mailman.web.remote_user and mailman.web.ldap %} 'postorius_ldap_membership_management.backends.LdapRemoteUserBackend', {% else %} {% if mailman.web.remote_user %} 'django.contrib.auth.backends.RemoteUserBackend', {% endif %} {% if mailman.web.ldap %} 'django_auth_ldap.backend.LDAPBackend', {% endif %} {% endif %} 'django.contrib.auth.backends.ModelBackend', ) # Database # https://docs.djangoproject.com/en/1.8/ref/settings/#databases DATABASES = { 'default': {{ mailman.web.db|pprint|indent(15) }} #{ # Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'. #'ENGINE': 'django.db.backends.sqlite3', #'ENGINE': 'django.db.backends.postgresql_psycopg2', #'ENGINE': 'django.db.backends.mysql', # DB name or path to database file if using sqlite3. #'NAME': '/var/lib/mailman3/web/mailman3web.db', # The following settings are not used with sqlite3: #'USER': '', #'PASSWORD': '', # HOST: empty for localhost through domain sockets or '127.0.0.1' for # localhost through TCP. #'HOST': '', # PORT: set to empty string for default. #'PORT': '', # OPTIONS: Extra parameters to use when connecting to the database. #'OPTIONS': { # Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See # https://docs.djangoproject.com/en/1.11/ref/ # databases/#setting-sql-mode #'init_command': "SET sql_mode='STRICT_TRANS_TABLES'", #}, #} } # If you're behind a proxy, use the X-Forwarded-Host header # See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host USE_X_FORWARDED_HOST = True # And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER # https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header # SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https') # Other security settings # SECURE_SSL_REDIRECT = True # If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT # contains at least this line: # SECURE_REDIRECT_EXEMPT = [ # "archives/api/mailman/.*", # Request from Mailman. # ] # SESSION_COOKIE_SECURE = True # SECURE_CONTENT_TYPE_NOSNIFF = True # SECURE_BROWSER_XSS_FILTER = True # CSRF_COOKIE_SECURE = True # CSRF_COOKIE_HTTPONLY = True # X_FRAME_OPTIONS = 'DENY' # Internationalization # https://docs.djangoproject.com/en/1.8/topics/i18n/ LANGUAGE_CODE = 'en-us' TIME_ZONE = 'UTC' USE_I18N = True USE_L10N = True USE_TZ = True # Set default domain for email addresses. EMAILNAME = '{{ mailman.default_domain }}' # If you enable internal authentication, this is the address that the emails # will appear to be coming from. Make sure you set a valid domain name, # otherwise the emails may get rejected. # https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email # DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org" DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME) # If you enable email reporting for error messages, this is where those emails # will appear to be coming from. Make sure you set a valid domain name, # otherwise the emails may get rejected. # https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL # SERVER_EMAIL = 'root@your-domain.org' SERVER_EMAIL = '{{ mailman.site_owner }}' # Django Allauth ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https" # # Social auth # SOCIALACCOUNT_PROVIDERS = { #'google': { # 'SCOPE': ['profile', 'email'], # 'AUTH_PARAMS': {'access_type': 'online'}, #} } # On a production setup, setting COMPRESS_OFFLINE to True will bring a # significant performance improvement, as CSS files will not need to be # recompiled on each requests. It means running an additional "compress" # management command after each code upgrade. # http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression COMPRESS_OFFLINE = True POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/' # Disable Gravatar because some idiot thought it would be a good idea to include it in the first place # we serve a dummy png using nginx GRAVATAR_SECURE_URL = '/' ACCOUNT_FORMS = { {% if not mailman.web.signup %} # Signup is disabled 'signup': 'none', {% endif %} {% if not mailman.web.change_pw %} # Signup is disabled 'change_password': 'none', 'reset_password': 'none', 'reset_password_from_key': 'none', 'set_password': 'none', {% endif %} } {% if mailman.web.ldap %} import ldap from django_auth_ldap.config import * AUTH_LDAP_SERVER_URI = "{{ mailman.web.ldap.url }}" AUTH_LDAP_BIND_DN = "{{ mailman.web.ldap.bind_dn|d('') }}" AUTH_LDAP_BIND_PASSWORD = "{{ mailman.web.ldap.bind_password|d('') }}" AUTH_LDAP_CONNECTION_OPTIONS = {{ mailman.web.ldap.options|d('{}') }} AUTH_LDAP_USER_DN_TEMPLATE = "{{ mailman.web.ldap.user_filter|d('') }}" AUTH_LDAP_USER_SEARCH = {{ mailman.web.ldap.user_search|d('None') }} AUTH_LDAP_USER_SEARCH_ALL_NAME = {{ mailman.web.ldap.user_search_all_name|d('None') }} AUTH_LDAP_USER_ATTR_MAP = {"first_name": "cn", "email": "mail"} AUTH_LDAP_GROUP_SEARCH = {{ mailman.web.ldap.group_search|d('') }} AUTH_LDAP_GROUP_TYPE = {{ mailman.web.ldap.group_type|d('') }} ACCOUNT_EMAIL_VERIFICATION = 'none' AUTH_LDAP_ALWAYS_UPDATE_USER = True AUTH_LDAP_CACHE_TIMEOUT = 0 AUTH_LDAP_FIND_GROUP_PERMS = True AUTH_LDAP_REQUIRE_GROUP = "{{ mailman.web.ldap.group_require|d('') }}" AUTH_LDAP_DENY_GROUP = "{{ mailman.web.ldap.group_require|d('') }}" AUTH_LDAP_USER_FLAGS_BY_GROUP = {{ mailman.web.ldap.mappings|d({})|to_json }} null = None true = True false = False LDAP_MEMBERSHIP_SYNC = {{ mailman.lists|expand_dict_keys_with_defaults(mailman.list_defaults)|to_json }} {% endif %} SESSION_EXPIRE_SECONDS = {{ mailman.web.session_timeout }} HYPERKITTY_ENABLE_GRAVATAR = False HYPERKITTY_ALLOW_WEB_POSTING = False