diff --git a/defaults/main.yml b/defaults/main.yml index 2810a08..7f750e6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,16 +1,24 @@ --- mailman_user: 'mailman' +mailman_srv_user: '{{ mailman_user }}' +mailman_api_user: 'restadmin' mailman_home: '/opt/{{ mailman_user }}' mailman_conf_dir: '/etc/mailman' mailman_var_dir: '/var/lib/mailman' mailman_log_dir: '/var/log/mailman' +mailman_lock_dir: '/var/lock/mailman' +mailman_spool_dir: '/var/spool/mailman' mailman_layout: 'fhs' mailman_site_owner: 'mailman@example.com' mailman_noreply_addr: 'noreply' +mailman_admins: + - "'Mailman Suite Admin', 'mailman@example.com'" + mailman_rh_dependencies: - python3 - python3-pip + - python36-virtualenv - git - lynx @@ -51,7 +59,8 @@ mailman_smtp_auth: False mailman_smtp_user: '' mailman_smtp_pwd: '' mailman_smtp_secure_mode: starttls -mailman_smtp_conf: '/etc/mailman/postfix-mailman.cfg' +mailman_smtp_conf: '{{ mailman_conf_dir }}/postfix-mailman.cfg' +mailman_transport_file_type: regex mailman_password_length: 12 mailman_webservice_hostname: 'localhost' @@ -71,4 +80,28 @@ mailman_antispam_header_checks: - 'X-Spam-Flag: (YES)' #- 'Authentication-Results: mail.example.com; dmarc=(fail|quarantine)' -mailman_start_nntp_runner: 'no' \ No newline at end of file +mailman_start_nntp_runner: 'no' + +mailman_repository: 'https://gitlab.com/mailman/mailman-suite.git' +mailman_postorious_log_dir: /var/log/mailmansuite +mailman_postorious_dir: '{{ mailman_home }}/mailman-suite/mailman-suite_project' +mailman_postorious_http_port: 8000 +# 'systemd_logger,logfile,python36' +mailman_postorious_uwsgi_plugins: 'systemd_logger,python36' +# 1 is the predefined one, that must be deleted +mailman_postorious_site_id: 2 +mailman_postorious_allowed_hosts: + - 'localhost' + - '{{ ansible_fqdn }}' + +mailman_postorious_settings_files: + - { name: 'manage.py', perms: '0750' } + - { name: 'settings.py', perms: '0440' } + - { name: 'wsgi.py', perms: '0440' } + +mailman_postorious_db_engine: 'django.db.backends.postgresql_psycopg2' +mailman_postorious_db_name: mailmansuite +mailman_postorious_db_user: mailmansuite_u +# mailman_postorious_db_password: +mailman_postorious_db_host: 'localhost' +mailman_postorious_db_port: '' diff --git a/tasks/main.yml b/tasks/main.yml index 4b5a260..db82c2b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -17,3 +17,129 @@ when: ansible_distribution_file_variety == "RedHat" tags: [ 'mailman' ] + +- name: Create the mailman environment + block: + - name: Mailman directory tree + file: dest={{ item }} state=directory owner={{ mailman_user }} group={{ mailman_user }} + with_items: + - '{{ mailman_conf_dir }}' + - '{{ mailman_var_dir }}' + - '{{ mailman_log_dir }}' + - '{{ mailman_lock_dir }}' + - '{{ mailman_spool_dir }}' + + - name: Create the mailman virtualenv. Manually, because python 3.6 + become: True + become_user: '{{ mailman_user }}' + shell: cd '{{ mailman_home }}' && python3 -m venv '{{ mailman_virtualenv_name }}' + args: + creates: '{{ mailman_bindir }}/activate' + + - name: Install the required packages in the mailman virtualenv + become: True + become_user: '{{ mailman_user }}' + pip: + #virtualenv: '{{ mailman_virtualenv_name }}' + executable: '{{ mailman_bindir }}/pip3' + virtualenv_command: '/bin/virtualenv-3' + virtualenv_site_packages: no + name: '{{ item.pkg }}' + extra_args: "{{ item.extra_args | default('') }}" + version: "{{ item.version | default('') }}" + editable: no # not required. Pass the editable flag. + with_items: '{{ mailman_pip_packages }}' + + - name: Install the mailman and postfix configuration files + template: src={{ item }}.j2 dest={{ mailman_conf_dir }}/{{ item }} owner=root group={{ mailman_user }} mode=0440 + with_items: + - 'mailman.cfg' + - 'postfix-mailman.cfg' + register: mailman_conf_install + + - name: The mailman executables must be visible to systemd + file: src={{ mailman_bindir }}/{{ item }} dest=/sbin/{{ item }} state=link + with_items: + - 'mailman' + - 'master' + - 'runner' + - 'dkimsign' + - 'arcverify' + - 'arcsign' + - 'dknewkey' + - 'dkimverify' + - 'falcon-print-routes' + - 'falcon-bench' + - 'mako-render' + - 'alembic' + - 'mailman' + + - name: Install the mailman startup unit + template: src=mailman.service.systemd.j2 dest=/lib/systemd/system/mailman.service owner=root group=root mode=0644 + register: mailman_unit_install + + - name: Reload the systemd configuration + systemd: daemon_reload=yes + when: mailman_unit_install is changed + + - name: Ensure that the mailman service is started and enabled + service: name=mailman state=started enabled=yes + + - name: Restart mailman if the configuration changed + service: name=mailman state=restarted + when: mailman_conf_install | bool + + tags: [ 'mailman', 'mailman_conf' ] + +- name: Create the postorious and hyperkitty environments + block: + - name: Set httpd_can_network_connect flag on and keep it persistent across reboots + seboolean: + name: httpd_can_network_connect + state: yes + persistent: yes + + - name: Create the Postorious log directory + file: dest={{ item }} state=directory owner={{ mailman_user }} group={{ mailman_user }} + with_items: + - '{{ mailman_postorious_log_dir }}' + + - name: Download the mailmansuite repository + become: True + become_user: '{{ mailman_user }}' + git: + dest: '{{ mailman_home }}/mailman-suite' + repo: '{{ mailman_repository }}' + force: yes + track_submodules: no + clone: yes + update: yes + recursive: yes + + - name: Install the postorious setting files + become: True + become_user: '{{ mailman_user }}' + template: src=postorious_{{ item.name }}.j2 dest={{ mailman_postorious_dir }}/{{ item.name }} mode={{ item.perms }} + with_items: '{{ mailman_postorious_settings_files }}' + register: postorious_conf + + - name: Install the UWSGI configuration + template: src=postorious_{{ item }}.j2 dest=/etc/{{ item }} mode=0640 + with_items: + - 'uwsgi.ini' + + - name: Setup postorius and hyperkitty + become_user: '{{ mailman_user }}' + shell: cd '{{ mailman_postorious_dir }}' && {{ mailman_home }}/{{ mailman_virtualenv_name }}/bin/python3 manage.py migrate && {{ mailman_home }}/{{ mailman_virtualenv_name }}/bin/python3 manage.py collectstatic + args: + creates: '{{ mailman_postorious_dir }}/static/admin/js/actions.js' + + - name: Ensure that the UWSGI postorius service is started and enabled + service: name=uwsgi state=started enabled=yes + + - name: Restart the UWSGI service if needed + service: name=uwsgi state=restarted + when: postorious_conf is changed + + tags: [ 'mailman', 'postorious', 'hyperkitty' ] + diff --git a/templates/mailman.cfg.j2 b/templates/mailman.cfg.j2 index a62f704..22917c0 100644 --- a/templates/mailman.cfg.j2 +++ b/templates/mailman.cfg.j2 @@ -24,7 +24,7 @@ site_owner: {{ mailman_site_owner }} # address must not bounce and it must not point to a Mailman process. noreply_address: {{ mailman_noreply_addr }} -layout: 'fhs' +layout: {{ mailman_layout }} [database] {% if mailman_db == 'postgresql' %} @@ -100,9 +100,9 @@ lock_file: $lock_dir/master.lck [paths.fhs] var_dir: {{ mailman_var_dir }} # This is where the Mailman queue files directories will be created. -queue_dir: /var/spool/mailman +queue_dir: {{ mailman_spool_dir }} log_dir: {{ mailman_log_dir }} -lock_dir: /var/lock/mailman +lock_dir: {{ mailman_lock_dir }} # Directory for configuration files and such. etc_dir: {{ mailman_conf_dir }} list_data_dir: $var_dir/lists @@ -137,10 +137,9 @@ show_tracebacks: {{ mailman_webservice_tracebacks }} api_version: 3.1 # The administrative username. -admin_user: restadmin +admin_user: {{ mailman_api_user }} # The administrative password. -#admin_pass: '{{ mailman_vault_rest_api_pwd }}' admin_pass: '{{ mailman_rest_api_pwd }}' # Number of workers to start. diff --git a/templates/mailman.service.systemd.j2 b/templates/mailman.service.systemd.j2 index 00cd01d..f28a178 100644 --- a/templates/mailman.service.systemd.j2 +++ b/templates/mailman.service.systemd.j2 @@ -5,6 +5,8 @@ Documentation=https://mailman.readthedocs.io/ ConditionPathExists={{ mailman_conf_dir }}/mailman.cfg [Service] +WorkingDirectory={{ mailman_home }}/{{ mailman_virtualenv_name }} +Environment=PATH={{ mailman_bindir }} ExecStart={{ mailman_bindir }}/mailman -C {{ mailman_conf_dir }}/mailman.cfg start ExecReload={{ mailman_bindir }}/mailman -C {{ mailman_conf_dir }}/mailman.cfg restart ExecStop={{ mailman_bindir }}/mailman -C {{ mailman_conf_dir }}/mailman.cfg stop @@ -13,5 +15,7 @@ PIDFile={{ mailman_var_dir }}/master.pid SyslogIdentifier=mailman User={{ mailman_user }} Group={{ mailman_user }} +Restart=on-failure +RestartSec=5s [Install] diff --git a/templates/postfix-mailman.cfg.j2 b/templates/postfix-mailman.cfg.j2 index 9b49182..494adf6 100644 --- a/templates/postfix-mailman.cfg.j2 +++ b/templates/postfix-mailman.cfg.j2 @@ -1,15 +1,9 @@ [postfix] -transport_file_type: regex - +# hash or regex. If hash, a local postmap command is required +transport_file_type: {{ mailman_transport_file_type }} # This variable describe the program to use for regenerating the transport map # db file, from the associated plain text files. The file being updated will # be appended to this string (with a separating space), so it must be # appropriate for os.system(). postmap_command: /sbin/postmap - -# This variable describes the type of transport maps that will be generated by -# mailman to be used with postfix for LMTP transport. By default, it is set to -# hash, but mailman also supports `regex` tables. -#transport_file_type: hash - diff --git a/templates/postorious_manage.py.j2 b/templates/postorious_manage.py.j2 new file mode 100644 index 0000000..7904297 --- /dev/null +++ b/templates/postorious_manage.py.j2 @@ -0,0 +1,10 @@ +#!{{ mailman_bindir }}/python3 +import os +import sys + +if __name__ == "__main__": + os.environ.setdefault("DJANGO_SETTINGS_MODULE", "settings") + + from django.core.management import execute_from_command_line + + execute_from_command_line(sys.argv) diff --git a/templates/postorious_settings.py.j2 b/templates/postorious_settings.py.j2 new file mode 100644 index 0000000..6bc8eb4 --- /dev/null +++ b/templates/postorious_settings.py.j2 @@ -0,0 +1,496 @@ +# -*- coding: utf-8 -*- +# Copyright (C) 1998-2016 by the Free Software Foundation, Inc. +# +# This file is part of Mailman Suite. +# +# Mailman Suite is free sofware: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the Free +# Software Foundation, either version 3 of the License, or (at your option) +# any later version. +# +# Mailman Suite is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# for more details. + +# You should have received a copy of the GNU General Public License along +# with Mailman Suite. If not, see . +""" +Django Settings for Mailman Suite (hyperkitty + postorius) + +For more information on this file, see +https://docs.djangoproject.com/en/1.8/topics/settings/ + +For the full list of settings and their values, see +https://docs.djangoproject.com/en/1.8/ref/settings/ +""" + +# Build paths inside the project like this: os.path.join(BASE_DIR, ...) +import os + +BASE_DIR = os.path.dirname(os.path.abspath(__file__)) + +# SECURITY WARNING: keep the secret key used in production secret! +SECRET_KEY = '{{ mailman_crypt_key }}' + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = False + +ADMINS = ( +{% for adm in mailman_admins %} + ({{ adm }}), +{% endfor %} +) + +SITE_ID = {{ mailman_postorious_site_id }} + +# Hosts/domain names that are valid for this site; required if DEBUG is False +# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts +ALLOWED_HOSTS = [ +{% for h in mailman_postorious_allowed_hosts %} + "{{ h }}", +{% endfor %} +] + +# Mailman API credentials +MAILMAN_REST_API_URL = 'http://localhost:8001' +MAILMAN_REST_API_USER = '{{ mailman_api_user }}' +MAILMAN_REST_API_PASS = '{{ mailman_vault_rest_api_pwd }}' +MAILMAN_ARCHIVER_KEY = '{{ mailman_archiver_crypt_key }}' +MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1') + +# Application definition + +INSTALLED_APPS = ( + 'hyperkitty', + 'postorius', + 'django_mailman3', + # Uncomment the next line to enable the admin: + 'django.contrib.admin', + # Uncomment the next line to enable admin documentation: + 'django.contrib.admindocs', + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + 'django.contrib.sites', + 'django.contrib.messages', + 'django.contrib.staticfiles', + 'rest_framework', + 'django_gravatar', + 'compressor', + 'haystack', + 'django_extensions', + 'django_q', + 'allauth', + 'allauth.account', + 'allauth.socialaccount', + 'django_mailman3.lib.auth.fedora', + 'allauth.socialaccount.providers.openid', + 'allauth.socialaccount.providers.github', + 'allauth.socialaccount.providers.gitlab', + 'allauth.socialaccount.providers.google', + # 'allauth.socialaccount.providers.facebook', + 'allauth.socialaccount.providers.twitter', + 'allauth.socialaccount.providers.stackexchange', +) + + +MIDDLEWARE = ( + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.middleware.locale.LocaleMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'django.middleware.security.SecurityMiddleware', + 'django_mailman3.middleware.TimezoneMiddleware', + 'postorius.middleware.PostoriusMiddleware', +) + +ROOT_URLCONF = 'urls' + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [], + 'APP_DIRS': True, + 'OPTIONS': { + 'context_processors': [ + 'django.template.context_processors.debug', + 'django.template.context_processors.i18n', + 'django.template.context_processors.media', + 'django.template.context_processors.static', + 'django.template.context_processors.tz', + 'django.template.context_processors.csrf', + 'django.template.context_processors.request', + 'django.contrib.auth.context_processors.auth', + 'django.contrib.messages.context_processors.messages', + 'django_mailman3.context_processors.common', + 'hyperkitty.context_processors.common', + 'postorius.context_processors.postorius', + ], + }, + }, +] + +WSGI_APPLICATION = 'wsgi.application' + +# Database +# https://docs.djangoproject.com/en/1.8/ref/settings/#databases + +DATABASES = { + 'default': { + # Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'. + 'ENGINE': 'django.db.backends.postgresql_psycopg2', + # DB name or path to database file if using sqlite3. + 'NAME': '{{ mailman_postorious_db_name }}', + # The following settings are not used with sqlite3: + 'USER': '{{ mailman_postorious_db_user }}', + 'PASSWORD': '{{ mailman_postorious_db_password }}', + # HOST: empty for localhost through domain sockets or '127.0.0.1' for + # localhost through TCP. + 'HOST': '{{ mailman_postorious_db_host }}', + # PORT: set to empty string for default. + 'PORT': '{{ mailman_postorious_db_port }}', + } +} + +# If you're behind a proxy, use the X-Forwarded-Host header +# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host +USE_X_FORWARDED_HOST = True + +# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER +# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header +SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') +SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https') + +# Other security settings +# SECURE_SSL_REDIRECT = True +# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT +# contains at least this line: +# SECURE_REDIRECT_EXEMPT = [ +# "archives/api/mailman/.*", # Request from Mailman. +# ] +# SESSION_COOKIE_SECURE = True +# SECURE_CONTENT_TYPE_NOSNIFF = True +# SECURE_BROWSER_XSS_FILTER = True +# CSRF_COOKIE_SECURE = True +# CSRF_COOKIE_HTTPONLY = True +# X_FRAME_OPTIONS = 'DENY' + + +# Password validation +# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators + +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': +'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': +'django.contrib.auth.password_validation.MinimumLengthValidator', + }, + { + 'NAME': +'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': +'django.contrib.auth.password_validation.NumericPasswordValidator', + }, +] + +# Internationalization +# https://docs.djangoproject.com/en/1.8/topics/i18n/ + +LANGUAGE_CODE = 'en-us' + +TIME_ZONE = 'UTC' + +USE_I18N = True + +USE_L10N = True + +USE_TZ = True + + +# Static files (CSS, JavaScript, Images) +# https://docs.djangoproject.com/en/1.8/howto/static-files/ + +# Absolute path to the directory static files should be collected to. +# Don't put anything in this directory yourself; store your static files +# in apps' "static/" subdirectories and in STATICFILES_DIRS. +# Example: "/var/www/example.com/static/" +STATIC_ROOT = os.path.join(BASE_DIR, 'static') + +# URL prefix for static files. +# Example: "http://example.com/static/", "http://static.example.com/" +STATIC_URL = '/static/' + +# Additional locations of static files +STATICFILES_DIRS = ( + # Put strings here, like "/home/html/static" or "C:/www/django/static". + # Always use forward slashes, even on Windows. + # Don't forget to use absolute paths, not relative paths. + # BASE_DIR + '/static/', +) + +# List of finder classes that know how to find static files in +# various locations. +STATICFILES_FINDERS = ( + 'django.contrib.staticfiles.finders.FileSystemFinder', + 'django.contrib.staticfiles.finders.AppDirectoriesFinder', + # 'django.contrib.staticfiles.finders.DefaultStorageFinder', + 'compressor.finders.CompressorFinder', +) + +# Django 1.6+ defaults to a JSON serializer, but it won't work with +# django-openid, see +# https://bugs.launchpad.net/django-openid-auth/+bug/1252826 +SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' + + +LOGIN_URL = 'account_login' +LOGIN_REDIRECT_URL = 'list_index' +LOGOUT_URL = 'account_logout' + + +# If you enable internal authentication, this is the address that the emails +# will appear to be coming from. Make sure you set a valid domain name, +# otherwise the emails may get rejected. +# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email +# DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org" +DEFAULT_FROM_EMAIL = 's2i2s@isti.cnr.it' + +# If you enable email reporting for error messages, this is where those emails +# will appear to be coming from. Make sure you set a valid domain name, +# otherwise the emails may get rejected. +# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL +# SERVER_EMAIL = 'root@your-domain.org' +SERVER_EMAIL = 'mailman@isti.cnr.it' + +# Change this when you have a real email backend +#EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' +EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' +#EMAIL_HOST = 'smtp-srv.isti.cnr.it' +#EMAIL_PORT = 587 +#EMAIL_HOST_USER = 'mailman-svc' +#EMAIL_HOST_PASSWORD = '4e544458bcb74a8' +#EMAIL_USE_TLS = True +EMAIL_HOST = '127.0.0.1' +EMAIL_PORT = 25 +EMAIL_USE_TLS = False + +# Compatibility with Bootstrap 3 +from django.contrib.messages import constants as messages # flake8: noqa +MESSAGE_TAGS = { + messages.ERROR: 'danger' +} + +# +# Social auth +# +AUTHENTICATION_BACKENDS = ( + 'django.contrib.auth.backends.ModelBackend', + 'allauth.account.auth_backends.AuthenticationBackend', +) + +# Django Allauth +ACCOUNT_AUTHENTICATION_METHOD = "username_email" +ACCOUNT_EMAIL_REQUIRED = True +ACCOUNT_EMAIL_VERIFICATION = "mandatory" +# You probably want https in production, but this is a dev setup file +ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https" +ACCOUNT_UNIQUE_EMAIL = True + +SOCIALACCOUNT_PROVIDERS = { + 'openid': { + 'SERVERS': [ + dict(id='yahoo', + name='Yahoo', + openid_url='http://me.yahoo.com'), + ], + }, + 'google': { + 'SCOPE': ['profile', 'email'], + 'AUTH_PARAMS': {'access_type': 'online'}, + }, + 'facebook': { + 'METHOD': 'oauth2', + 'SCOPE': ['email'], + 'FIELDS': [ + 'email', + 'name', + 'first_name', + 'last_name', + 'locale', + 'timezone', + ], + 'VERSION': 'v2.4', + }, +} + +# +# Gravatar +# https://github.com/twaddington/django-gravatar +# +# Gravatar base url. +GRAVATAR_URL = 'http://cdn.libravatar.org/' +# Gravatar base secure https url. +GRAVATAR_SECURE_URL = 'https://seccdn.libravatar.org/' +# Gravatar size in pixels. +GRAVATAR_DEFAULT_SIZE = '80' +# An image url or one of the following: 'mm', 'identicon', 'monsterid', +# 'wavatar', 'retro'. +GRAVATAR_DEFAULT_IMAGE = 'mm' +# One of the following: 'g', 'pg', 'r', 'x'. +GRAVATAR_DEFAULT_RATING = 'g' +# True to use https by default, False for plain http. +GRAVATAR_DEFAULT_SECURE = True + +# +# django-compressor +# https://pypi.python.org/pypi/django_compressor +# +COMPRESS_PRECOMPILERS = ( + ('text/less', 'lessc {infile} {outfile}'), + ('text/x-scss', 'sassc -t compressed {infile} {outfile}'), + ('text/x-sass', 'sassc -t compressed {infile} {outfile}'), +) +# On a production setup, setting COMPRESS_OFFLINE to True will bring a +# significant performance improvement, as CSS files will not need to be +# recompiled on each requests. It means running an additional "compress" +# management command after each code upgrade. +# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression +# COMPRESS_OFFLINE = True + +# Needed for debug mode +# INTERNAL_IPS = ('127.0.0.1',) + +# +# Full-text search engine +# +HAYSTACK_CONNECTIONS = { + 'default': { + 'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine', + 'PATH': os.path.join(BASE_DIR, "fulltext_index"), + # You can also use the Xapian engine, it's faster and more accurate, + # but requires another library. + # http://django-haystack.readthedocs.io/en/v2.4.1/installing_search_engines.html#xapian + # Example configuration for Xapian: + #'ENGINE': 'xapian_backend.XapianEngine' + }, +} + + +# +# Asynchronous tasks +# +Q_CLUSTER = { + 'timeout': 300, + 'save_limit': 100, + 'orm': 'default', +} + + +# A sample logging configuration. The only tangible logging +# performed by this configuration is to send an email to +# the site admins on every HTTP 500 error when DEBUG=False. +# See http://docs.djangoproject.com/en/dev/topics/logging for +# more details on how to customize your logging configuration. +LOGGING = { + 'version': 1, + 'disable_existing_loggers': False, + 'filters': { + 'require_debug_false': { + '()': 'django.utils.log.RequireDebugFalse' + } + }, + 'handlers': { + 'mail_admins': { + 'level': 'ERROR', + 'filters': ['require_debug_false'], + 'class': 'django.utils.log.AdminEmailHandler' + }, + 'file':{ + 'level': 'INFO', + #'class': 'logging.handlers.RotatingFileHandler', + 'class': 'logging.handlers.WatchedFileHandler', + 'filename': os.path.join(BASE_DIR, 'logs', 'mailmansuite.log'), + 'formatter': 'verbose', + }, + 'console': { + 'class': 'logging.StreamHandler', + 'formatter': 'simple', + }, + }, + 'loggers': { + 'django.request': { + 'handlers': ['mail_admins', 'file'], + 'level': 'ERROR', + 'propagate': True, + }, + 'django': { + 'handlers': ['file'], + 'level': 'ERROR', + 'propagate': True, + }, + 'hyperkitty': { + 'handlers': ['file'], + 'level': 'DEBUG', + 'propagate': True, + }, + 'postorius': { + 'handlers': ['console', 'file'], + 'level': 'INFO', + }, + }, + 'formatters': { + 'verbose': { + 'format': '%(levelname)s %(asctime)s %(process)d %(name)s %(message)s' + }, + 'simple': { + 'format': '%(levelname)s %(message)s' + }, + }, + #'root': { + # 'handlers': ['file'], + # 'level': 'INFO', + #}, +} + + +# Using the cache infrastructure can significantly improve performance on a +# production setup. This is an example with a local Memcached server. +#CACHES = { +# 'default': { +# 'BACKEND': 'django.core.cache.backends.memcached.PyLibMCCache', +# 'LOCATION': '127.0.0.1:11211', +# } +#} + + +# When DEBUG is True, don't actually send emails to the SMTP server, just store +# them in a directory. This way you won't accidentally spam your mailing-lists +# while you're fiddling with the code. +if DEBUG == True: + EMAIL_BACKEND = 'django.core.mail.backends.filebased.EmailBackend' + EMAIL_FILE_PATH = os.path.join(BASE_DIR, 'emails') + + +# +# HyperKitty-specific +# + +# Only display mailing-lists from the same virtual host as the webserver +FILTER_VHOST = False + + +POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost:8000' + +try: + from settings_local import * +except ImportError: + pass diff --git a/templates/postorious_uwsgi.ini.j2 b/templates/postorious_uwsgi.ini.j2 new file mode 100644 index 0000000..aa639ae --- /dev/null +++ b/templates/postorious_uwsgi.ini.j2 @@ -0,0 +1,43 @@ +[uwsgi] +uid = {{ mailman_user }} +gid = {{ mailman_user }} +#pidfile = /run/uwsgi/uwsgi.pid +emperor = /etc/uwsgi.d +#stats = /run/uwsgi/stats.sock +chmod-socket = 660 +emperor-tyrant = true +cap = setgid,setuid +plugins = {{ mailman_postorious_uwsgi_plugins }} +#plugins = systemd_logger,python36 + +# Port on which uwsgi will be listening. +uwsgi-socket = 127.0.0.1:{{ mailman_postorious_http_port }} + +# Move to the directory wher the django files are. +chdir = {{ mailman_postorious_dir }}/ + +# Use the wsgi file provided with the django project. +wsgi-file = wsgi.py + +# Setup default number of processes and threads per process. +master = true +process = 2 +threads = 2 + +# Setup the django_q related worker processes. +attach-daemon = ./manage.py qcluster + +# Setup the request log. +req-logger = file:{{ mailman_postorious_log_dir }}/uwsgi.log + +# Log cron seperately. +logger = cron file:{{ mailman_postorious_log_dir }}/uwsgi-cron.log +log-route = cron uwsgi-cron + +# Log qcluster commands seperately. +logger = qcluster file:{{ mailman_postorious_log_dir }}/uwsgi-qcluster.log +log-route = qcluster uwsgi-daemons + +# Last log and it logs the rest of the stuff. +logger = file:{{ mailman_postorious_log_dir }}/uwsgi-error.log + diff --git a/templates/postorious_wsgi.py.j2 b/templates/postorious_wsgi.py.j2 new file mode 100644 index 0000000..eb468c1 --- /dev/null +++ b/templates/postorious_wsgi.py.j2 @@ -0,0 +1,36 @@ +{% raw %} +""" +WSGI config for HyperKitty project. + +It exposes the WSGI callable as a module-level variable named ``application``. + +For more information on this file, see +https://docs.djangoproject.com/en/{{ docs_version }}/howto/deployment/wsgi/ +""" +{% endraw %} + +import os + +import sys +import site + +# For some unknown reason, sometimes mod_wsgi fails to set the python paths to +# the virtualenv, with the 'python-path' option. You can do it here too. +# +# Remember original sys.path. +prev_sys_path = list(sys.path) +# Add the virtualenv +site.addsitedir('{{ mailman_home }}/{{ mailman_virtualenv_name }}/lib/python3.6/site-packages') +# Reorder sys.path so new directories at the front. +new_sys_path = [] +for item in list(sys.path): + if item not in prev_sys_path: + new_sys_path.append(item) + sys.path.remove(item) + sys.path[:0] = new_sys_path + +from django.core.wsgi import get_wsgi_application + +os.environ.setdefault("DJANGO_SETTINGS_MODULE", "settings") + +application = get_wsgi_application()