infra/ansible-role-mailman
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-mailman/templates/mailman-web.py.j2
nd 08bc91dec4
add session timeout
2021-03-08 15:03:14 +01:00

241 lines
8 KiB
Django/Jinja
Raw Blame History

# This file is imported by the Mailman Suite. It is used to override
# the default settings from /usr/share/mailman3-web/settings.py.
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = '{{ mailman.web.secretkey }}'
ADMINS = (
)
# Hosts/domain names that are valid for this site; required if DEBUG is False
# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
# Set to '*' per default in the Deian package to allow all hostnames. Mailman3
# is meant to run behind a webserver reverse proxy anyway.
ALLOWED_HOSTS = [
#"localhost", # Archiving API from Mailman, keep it.
# "lists.your-domain.org",
# Add here all production URLs you may have.
'*'
]
# Mailman API credentials
MAILMAN_REST_API_URL = 'http://{{ mailman.api.hostname }}:{{ mailman.api.port }}'
MAILMAN_REST_API_USER = '{{ mailman.api.admin.name }}'
MAILMAN_REST_API_PASS = '{{ mailman.api.admin.pw }}'
MAILMAN_ARCHIVER_KEY = '{{ mailman.archiver.key }}'
MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
MIDDLEWARE = (
# defaults
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django_mailman3.middleware.TimezoneMiddleware',
'postorius.middleware.PostoriusMiddleware',
{% if mailman.web.remote_user %}
'django.contrib.auth.middleware.PersistentRemoteUserMiddleware',
{% endif %}
'django_auth_ldap_remoteuser.middleware.SessionTimeoutMiddleware',
)
# Application definition
INSTALLED_APPS = (
'hyperkitty',
'postorius',
'django_mailman3',
'django.contrib.admin',
'django.contrib.admindocs',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'django_gravatar',
'compressor',
'haystack',
'django_extensions',
'django_q',
'allauth',
'allauth.account',
'allauth.socialaccount',
{% if mailman.web.remote_user and mailman.web.ldap %}
'django_auth_ldap_remoteuser',
{% endif %}
)
AUTHENTICATION_BACKENDS = (
{% if mailman.web.remote_user and mailman.web.ldap %}
'django_auth_ldap_remoteuser.backends.LdapRemoteUserBackend',
{% else %}
{% if mailman.web.remote_user %}
'django.contrib.auth.backends.RemoteUserBackend',
{% endif %}
{% if mailman.web.ldap %}
'django_auth_ldap.backend.LDAPBackend',
{% endif %}
{% endif %}
'django.contrib.auth.backends.ModelBackend',
)
# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
DATABASES = {
'default': {
# Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
'ENGINE': 'django.db.backends.sqlite3',
#'ENGINE': 'django.db.backends.postgresql_psycopg2',
#'ENGINE': 'django.db.backends.mysql',
# DB name or path to database file if using sqlite3.
'NAME': '/var/lib/mailman3/web/mailman3web.db',
# The following settings are not used with sqlite3:
'USER': '',
'PASSWORD': '',
# HOST: empty for localhost through domain sockets or '127.0.0.1' for
# localhost through TCP.
'HOST': '',
# PORT: set to empty string for default.
'PORT': '',
# OPTIONS: Extra parameters to use when connecting to the database.
'OPTIONS': {
# Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
# https://docs.djangoproject.com/en/1.11/ref/
# databases/#setting-sql-mode
#'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
},
}
}
# If you're behind a proxy, use the X-Forwarded-Host header
# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
USE_X_FORWARDED_HOST = True
# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
# Other security settings
# SECURE_SSL_REDIRECT = True
# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT
# contains at least this line:
# SECURE_REDIRECT_EXEMPT = [
# "archives/api/mailman/.*", # Request from Mailman.
# ]
# SESSION_COOKIE_SECURE = True
# SECURE_CONTENT_TYPE_NOSNIFF = True
# SECURE_BROWSER_XSS_FILTER = True
# CSRF_COOKIE_SECURE = True
# CSRF_COOKIE_HTTPONLY = True
# X_FRAME_OPTIONS = 'DENY'
# Internationalization
# https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Set default domain for email addresses.
EMAILNAME = '{{ mailman.default_domain }}'
# If you enable internal authentication, this is the address that the emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
# DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org"
DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME)
# If you enable email reporting for error messages, this is where those emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
# SERVER_EMAIL = 'root@your-domain.org'
SERVER_EMAIL = '{{ mailman.site_owner }}'
# Django Allauth
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
#
# Social auth
#
SOCIALACCOUNT_PROVIDERS = {
#'google': {
# 'SCOPE': ['profile', 'email'],
# 'AUTH_PARAMS': {'access_type': 'online'},
#}
}
# On a production setup, setting COMPRESS_OFFLINE to True will bring a
# significant performance improvement, as CSS files will not need to be
# recompiled on each requests. It means running an additional "compress"
# management command after each code upgrade.
# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
COMPRESS_OFFLINE = True
POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'
# Disable Gravatar because some idiot thought it would be a good idea to include it in the first place
# we serve a dummy png using nginx
GRAVATAR_SECURE_URL = '/'
ACCOUNT_FORMS = {
{% if not mailman.web.signup %}
# Signup is disabled
'signup': 'none',
{% endif %}
{% if not mailman.web.change_pw %}
# Signup is disabled
'change_password': 'none',
'reset_password': 'none',
'reset_password_from_key': 'none',
'set_password': 'none',
{% endif %}
}
{% if mailman.web.ldap %}
import ldap
from django_auth_ldap.config import *
AUTH_LDAP_SERVER_URI = "{{ mailman.web.ldap.url }}"
AUTH_LDAP_BIND_DN = "{{ mailman.web.ldap.bind_dn|d('') }}"
AUTH_LDAP_BIND_PASSWORD = "{{ mailman.web.ldap.bind_password|d('') }}"
AUTH_LDAP_CONNECTION_OPTIONS = {{ mailman.web.ldap.options|d('{}') }}
AUTH_LDAP_USER_DN_TEMPLATE = "{{ mailman.web.ldap.user_filter|d('') }}"
AUTH_LDAP_USER_SEARCH = {{ mailman.web.ldap.user_search|d('None') }}
AUTH_LDAP_USER_SEARCH_ALL_NAME = {{ mailman.web.ldap.user_search_all_name|d('None') }}
AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn", "email": "mail"}
AUTH_LDAP_GROUP_SEARCH = {{ mailman.web.ldap.group_search|d('') }}
AUTH_LDAP_GROUP_TYPE = {{ mailman.web.ldap.group_type|d('') }}
ACCOUNT_EMAIL_VERIFICATION = 'none'
AUTH_LDAP_ALWAYS_UPDATE_USER = True
AUTH_LDAP_CACHE_TIMEOUT = 0
AUTH_LDAP_FIND_GROUP_PERMS = True
AUTH_LDAP_REQUIRE_GROUP = "{{ mailman.web.ldap.group_require|d('') }}"
AUTH_LDAP_DENY_GROUP = "{{ mailman.web.ldap.group_require|d('') }}"
AUTH_LDAP_USER_FLAGS_BY_GROUP = {{ mailman.web.ldap.mappings|d({})|to_json }}
{% endif %}
SESSION_EXPIRE_SECONDS = {{ mailman.web.session_timeout }}
Reference in a new issue View git blame Copy permalink