225 lines
7.0 KiB
Bash
Executable File
225 lines
7.0 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
cat << EOF
|
|
# This file is imported by the Mailman Suite. It is used to override
|
|
# the default settings from /usr/share/mailman3-web/settings.py.
|
|
|
|
# SECURITY WARNING: keep the secret key used in production secret!
|
|
SECRET_KEY = '${DJANGO_SECRET:?}'
|
|
|
|
ADMINS = (
|
|
('Postmaster', 'postmaster@recycled.cloud'),
|
|
)
|
|
|
|
# Hosts/domain names that are valid for this site; required if DEBUG is False
|
|
# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
|
|
# Set to '*' per default in the Deian package to allow all hostnames. Mailman3
|
|
# is meant to run behind a webserver reverse proxy anyway.
|
|
ALLOWED_HOSTS = [
|
|
#"localhost", # Archiving API from Mailman, keep it.
|
|
# "lists.your-domain.org",
|
|
# Add here all production URLs you may have.
|
|
'*'
|
|
]
|
|
|
|
# Mailman API credentials
|
|
MAILMAN_REST_API_URL = 'http://localhost:8001'
|
|
MAILMAN_REST_API_USER = 'restadmin'
|
|
MAILMAN_REST_API_PASS = '${ADMIN_PASS:?}'
|
|
MAILMAN_ARCHIVER_KEY = '${HYPERKITTY_API_KEY}'
|
|
MAILMAN_ARCHIVER_FROM = ${MAILMAN_ARCHIVER_FROM:?}
|
|
|
|
# Application definition
|
|
|
|
INSTALLED_APPS = (
|
|
'hyperkitty',
|
|
'postorius',
|
|
'django_mailman3',
|
|
# Uncomment the next line to enable the admin:
|
|
'django.contrib.admin',
|
|
# Uncomment the next line to enable admin documentation:
|
|
# 'django.contrib.admindocs',
|
|
'django.contrib.auth',
|
|
'django.contrib.contenttypes',
|
|
'django.contrib.sessions',
|
|
'django.contrib.sites',
|
|
'django.contrib.messages',
|
|
'django.contrib.staticfiles',
|
|
'rest_framework',
|
|
'django_gravatar',
|
|
'compressor',
|
|
'haystack',
|
|
'django_extensions',
|
|
'django_q',
|
|
'allauth',
|
|
'allauth.account',
|
|
'allauth.socialaccount',
|
|
#'django_mailman3.lib.auth.fedora',
|
|
#'allauth.socialaccount.providers.openid',
|
|
#'allauth.socialaccount.providers.github',
|
|
#'allauth.socialaccount.providers.gitlab',
|
|
#'allauth.socialaccount.providers.google',
|
|
#'allauth.socialaccount.providers.facebook',
|
|
#'allauth.socialaccount.providers.twitter',
|
|
#'allauth.socialaccount.providers.stackexchange',
|
|
)
|
|
|
|
# Keep ModelBackend around for per-user permissions and maybe a local
|
|
# superuser.
|
|
AUTHENTICATION_BACKENDS = (
|
|
"django_auth_ldap.backend.LDAPBackend",
|
|
"django.contrib.auth.backends.ModelBackend",
|
|
)
|
|
|
|
# Database
|
|
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
|
|
|
|
DATABASES = {
|
|
'default': {
|
|
# Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
|
|
'ENGINE': 'django.db.backends.sqlite3',
|
|
#'ENGINE': 'django.db.backends.postgresql_psycopg2',
|
|
#'ENGINE': 'django.db.backends.mysql',
|
|
# DB name or path to database file if using sqlite3.
|
|
'NAME': '/var/lib/mailman3/web/mailman3web.db',
|
|
# The following settings are not used with sqlite3:
|
|
'USER': '',
|
|
'PASSWORD': '',
|
|
# HOST: empty for localhost through domain sockets or '127.0.0.1' for
|
|
# localhost through TCP.
|
|
'HOST': '',
|
|
# PORT: set to empty string for default.
|
|
'PORT': '',
|
|
# OPTIONS: Extra parameters to use when connecting to the database.
|
|
'OPTIONS': {
|
|
# Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
|
|
# https://docs.djangoproject.com/en/1.11/ref/
|
|
# databases/#setting-sql-mode
|
|
#'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
|
|
},
|
|
}
|
|
}
|
|
|
|
|
|
# If you're behind a proxy, use the X-Forwarded-Host header
|
|
# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
|
|
USE_X_FORWARDED_HOST = True
|
|
|
|
# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
|
|
# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
|
|
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
|
|
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
|
|
|
|
# Other security settings
|
|
# SECURE_SSL_REDIRECT = True
|
|
# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT
|
|
# contains at least this line:
|
|
# SECURE_REDIRECT_EXEMPT = [
|
|
# "archives/api/mailman/.*", # Request from Mailman.
|
|
# ]
|
|
# SESSION_COOKIE_SECURE = True
|
|
# SECURE_CONTENT_TYPE_NOSNIFF = True
|
|
# SECURE_BROWSER_XSS_FILTER = True
|
|
# CSRF_COOKIE_SECURE = True
|
|
# CSRF_COOKIE_HTTPONLY = True
|
|
# X_FRAME_OPTIONS = 'DENY'
|
|
|
|
|
|
# Internationalization
|
|
# https://docs.djangoproject.com/en/1.8/topics/i18n/
|
|
|
|
LANGUAGE_CODE = 'en-us'
|
|
|
|
TIME_ZONE = 'UTC'
|
|
|
|
USE_I18N = True
|
|
USE_L10N = True
|
|
USE_TZ = True
|
|
|
|
|
|
# Set default domain for email addresses.
|
|
EMAILNAME = '${EMAILNAME:?}'
|
|
|
|
# If you enable internal authentication, this is the address that the emails
|
|
# will appear to be coming from. Make sure you set a valid domain name,
|
|
# otherwise the emails may get rejected.
|
|
# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
|
|
# DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org"
|
|
DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME)
|
|
|
|
# If you enable email reporting for error messages, this is where those emails
|
|
# will appear to be coming from. Make sure you set a valid domain name,
|
|
# otherwise the emails may get rejected.
|
|
# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
|
|
# SERVER_EMAIL = 'root@your-domain.org'
|
|
SERVER_EMAIL = 'root@{}'.format(EMAILNAME)
|
|
|
|
|
|
# Django Allauth
|
|
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
|
|
|
|
|
|
#
|
|
# Social auth
|
|
#
|
|
SOCIALACCOUNT_PROVIDERS = {
|
|
#'openid': {
|
|
# 'SERVERS': [
|
|
# dict(id='yahoo',
|
|
# name='Yahoo',
|
|
# openid_url='http://me.yahoo.com'),
|
|
# ],
|
|
#},
|
|
#'google': {
|
|
# 'SCOPE': ['profile', 'email'],
|
|
# 'AUTH_PARAMS': {'access_type': 'online'},
|
|
#},
|
|
#'facebook': {
|
|
# 'METHOD': 'oauth2',
|
|
# 'SCOPE': ['email'],
|
|
# 'FIELDS': [
|
|
# 'email',
|
|
# 'name',
|
|
# 'first_name',
|
|
# 'last_name',
|
|
# 'locale',
|
|
# 'timezone',
|
|
# ],
|
|
# 'VERSION': 'v2.4',
|
|
#},
|
|
}
|
|
|
|
# On a production setup, setting COMPRESS_OFFLINE to True will bring a
|
|
# significant performance improvement, as CSS files will not need to be
|
|
# recompiled on each requests. It means running an additional "compress"
|
|
# management command after each code upgrade.
|
|
# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
|
|
COMPRESS_OFFLINE = True
|
|
|
|
POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'
|
|
|
|
# LDAP authentication backend.
|
|
AUTH_LDAP_SERVER_URI = "${LDAP_SERVER_URI:?}"
|
|
AUTH_LDAP_BIND_DN = "${LDAP_BIND_DN:?}"
|
|
AUTH_LDAP_BIND_PASSWORD = "${LDAP_BIND_PASSWORD:?}"
|
|
|
|
AUTH_LDAP_USER_ATTR_MAP = {
|
|
"username": "uid",
|
|
"first_name": "givenName",
|
|
"last_name": "sn",
|
|
"email": "mail"}
|
|
|
|
import ldap
|
|
from django_auth_ldap.config import LDAPSearch, LDAPSearchUnion
|
|
|
|
AUTH_LDAP_USER_SEARCH = LDAPSearch("${LDAP_USER_BASE_DN:?}", ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
|
|
|
|
from django_auth_ldap.config import PosixGroupType
|
|
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
|
|
AUTH_LDAP_GROUP_SEARCH = LDAPSearch("${LDAP_GROUP_BASE_DN:?}",ldap.SCOPE_SUBTREE, "(objectClass='posixGroup')")
|
|
|
|
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
|
|
"is_superuser": "${SUPERUSER_LDAP_DN:?}"
|
|
}
|
|
EOF
|