dataset/seed/mailman/templates/mailman-web.py

# This file is imported by the Mailman Suite. It is used to override
# the default settings from /usr/share/mailman3-web/settings.py.

# SECURITY WARNING: keep the secret key used in production secret!
#>GNUNUX
SECRET_KEY = '{{ general.mailman.postorius_secret_key }}'
#<GNUNUX


#FIXME
#ADMINS = (
#     ('Mailman Suite Admin', 'root@localhost'),
#)

# Hosts/domain names that are valid for this site; required if DEBUG is False
# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
# Set to '*' per default in the Deian package to allow all hostnames. Mailman3
# is meant to run behind a webserver reverse proxy anyway.
ALLOWED_HOSTS = [
    #"localhost",  # Archiving API from Mailman, keep it.
    # "lists.your-domain.org",
    # Add here all production URLs you may have.
#>GNUNUX
    #'*'
    '{{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }}'
#<GNUNUX
]

#>GNUNUX
# Mailman API credentials
#MAILMAN_REST_API_URL = 'http://localhost:8001'
#MAILMAN_REST_API_USER = 'restadmin'
#MAILMAN_REST_API_PASS = 'T0zVrLFZBJrftkW9Sjs660sEr/P3zehYGYPuo93LSGZT1KHd'
#MAILMAN_ARCHIVER_KEY = 'BzzgFI+QbeFOsGFy0Q6wfD5cp9fQvk1o'
#MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
#<GNUNUX

# Application definition

#FIXME
INSTALLED_APPS = (
    'hyperkitty',
    'postorius',
    'django_mailman3',
    # Uncomment the next line to enable the admin:
    'django.contrib.admin',
    # Uncomment the next line to enable admin documentation:
    # 'django.contrib.admindocs',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.sites',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'rest_framework',
    'django_gravatar',
    'compressor',
    'haystack',
    'django_extensions',
    'django_q',
    'allauth',
    'allauth.account',
    'allauth.socialaccount',
    #'django_mailman3.lib.auth.fedora',
    #'allauth.socialaccount.providers.openid',
    #'allauth.socialaccount.providers.github',
    #'allauth.socialaccount.providers.gitlab',
    #'allauth.socialaccount.providers.google',
    #'allauth.socialaccount.providers.facebook',
    #'allauth.socialaccount.providers.twitter',
    #'allauth.socialaccount.providers.stackexchange',
)


# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases

DATABASES = {
    'default': {
        # Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
#>GNUNUX
        #'ENGINE': 'django.db.backends.sqlite3',
        #'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
#<GNUNUX
        #'ENGINE': 'django.db.backends.mysql',
        # DB name or path to database file if using sqlite3.
#>GNUNUX
        #'NAME': '/var/lib/mailman3/web/mailman3web.db',
#<GNUNUX
        # The following settings are not used with sqlite3:
#>GNUNUX
        #'USER': '',
        #'PASSWORD': '',
#<GNUNUX
        # HOST: empty for localhost through domain sockets or '127.0.0.1' for
        # localhost through TCP.
#>GNUNUX
        #'HOST': '',
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
#FIXME same database has mailman?
        'NAME': '{{ general.postgresql.pg_client_database }}',
        'USER': '{{ general.postgresql.pg_client_username }}',               # PostgreSQL username
        'PASSWORD': '{{ general.postgresql.pg_client_password }}',           # PostgreSQL password
        'HOST': '{{ general.postgresql.pg_client_server_domainname }}',      # Database server
        #        'CONN_MAX_AGE': 300,
#>GNUNUX
        # PORT: set to empty string for default.
        'PORT': '',
        # OPTIONS: Extra parameters to use when connecting to the database.
        'OPTIONS': {
            # Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
            # https://docs.djangoproject.com/en/1.11/ref/
            #     databases/#setting-sql-mode
            #'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
#>GNUNUX
            'sslmode': 'verify-full',
            'sslcert': '{{ general.tls_cert_directory }}/postgresql_postorius.crt',
            'sslkey': '{{ general.tls_key_directory }}/postgresql_postorius.key',
            'sslrootcert': '{{ general.tls_ca_directory }}/PostgreSQL.crt',
#<GNUNUX
        },
    }
}

#>GNUNUX
LOGGING = {
    'version': 1,
    'disable_existing_loggers': False,
    'formatters': {
        'verbose': {
            'format': '%(levelname)s - [%(asctime)s] - %(name)s.%(funcName)s:%(lineno)s - %(message)s'
        }
    },
    'handlers': {
        'apps': {
            'level': 'DEBUG',
            'class': 'logging.handlers.SysLogHandler',
            'formatter': 'verbose',
            'facility': 'local7',
            'address': '/dev/log',
        }
    },
    'loggers': {
        'apps': {
            'handlers': ['apps'],
            'level': 'DEBUG',
            'propagate': True,
        }
    }
}
#<GNUNUX

# If you're behind a proxy, use the X-Forwarded-Host header
# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
USE_X_FORWARDED_HOST = True

# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
#>GNUNUX
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
#<GNUNUX

# Other security settings
# SECURE_SSL_REDIRECT = True
# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT
# contains at least this line:
# SECURE_REDIRECT_EXEMPT = [
#     "archives/api/mailman/.*",  # Request from Mailman.
#     ]
# SESSION_COOKIE_SECURE = True
# SECURE_CONTENT_TYPE_NOSNIFF = True
# SECURE_BROWSER_XSS_FILTER = True
# CSRF_COOKIE_SECURE = True
# CSRF_COOKIE_HTTPONLY = True
# X_FRAME_OPTIONS = 'DENY'
#>GNUNUX
CSRF_TRUSTED_ORIGINS = ['{{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }}']
#<GNUNUX

# Internationalization
# https://docs.djangoproject.com/en/1.8/topics/i18n/

#>GNUNUX
#LANGUAGE_CODE = 'en-us'
LANGUAGE_CODE = 'fr'
#<GNUNUX

TIME_ZONE = 'UTC'

USE_I18N = True
USE_L10N = True
USE_TZ = True


# Set default domain for email addresses.
#FIXME
EMAILNAME = 'localhost.local'

# If you enable internal authentication, this is the address that the emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
# DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org"
#>GNUNUX
#DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME)
DEFAULT_FROM_EMAIL = '{{ general.mailman.mailman_mail_owner }}'
#<GNUNUX

# If you enable email reporting for error messages, this is where those emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
# SERVER_EMAIL = 'root@your-domain.org'
#>GNUNUX
#SERVER_EMAIL = 'root@{}'.format(EMAILNAME)
SERVER_EMAIL = '{{ general.mailman.mailman_mail_owner }}'
EMAIL_HOST = "{{ general.smtp.smtp_relay_address }}"
EMAIL_PORT = 25
EMAIL_HOST_USER = "{{ general.smtp.smtp_relay_user }}@{{ general.smtp.smtp_client_ip }}"
EMAIL_HOST_PASSWORD = "{{ general.smtp.smtp_relay_password }}"
EMAIL_USE_TLS = True
#FIXME
EMAIL_SUBJECT_PREFIX = '[Django] '


#STATIC_URL = '/mailman/postorius_static/'
#FORCE_SCRIPT_NAME = '/mailman'
#<GNUNUX

# Django Allauth
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"


#
# Social auth
#
SOCIALACCOUNT_PROVIDERS = {
    #'openid': {
    #    'SERVERS': [
    #        dict(id='yahoo',
    #             name='Yahoo',
    #             openid_url='http://me.yahoo.com'),
    #    ],
    #},
    #'google': {
    #    'SCOPE': ['profile', 'email'],
    #    'AUTH_PARAMS': {'access_type': 'online'},
    #},
    #'facebook': {
    #   'METHOD': 'oauth2',
    #   'SCOPE': ['email'],
    #   'FIELDS': [
    #       'email',
    #       'name',
    #       'first_name',
    #       'last_name',
    #       'locale',
    #       'timezone',
    #       ],
    #   'VERSION': 'v2.4',
    #},
    'risotto': {
        'LEMONLDAP_NAME': 'Authentification centralisée',
        'LEMONLDAP_URL': 'https://{{ general.oauth2_client.oauth2_server_domainname }}',
        'LEMONLDAP_LOCAL_URL': 'https://{{ general.oauth2_client.oauth2_client_server_domainname }}',
        'ACCOUNT_EMAIL_REQUIRED': True,
        'ACCOUNT_UNIQUE_EMAIL': True,
        'ACCOUNT_USERNAME_REQUIRED': False,
        'ACCOUNT_AUTHENTICATION_METHOD': 'email',
        'SOCIALACCOUNT_AUTO_SIGNUP': True,
        'VERIFIED_EMAIL': True,
    },
}
#>GNUNUX
SOCIALACCOUNT_EMAIL_VERIFICATION = 'none'
#<GNUNUX

# On a production setup, setting COMPRESS_OFFLINE to True will bring a
# significant performance improvement, as CSS files will not need to be
# recompiled on each requests. It means running an additional "compress"
# management command after each code upgrade.
# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
COMPRESS_OFFLINE = True

#>GNUNUX
#POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'
{% set location = general.revprox.revprox_client.revprox_client_external_domainnames[0].revprox_client_location %}
POSTORIUS_TEMPLATE_BASE_URL = 'https://{{ general.revprox.revprox_client.revprox_client_external_domainnames[0] }}/{{ location }}'
#<GNUNUX