app/mailman-web: create
There's a lot of ugly hacks here, but this has been the state of prod
for months now, so we should reflect that.
Also, this bumps a bunch of workspace deps.
Change-Id: I744e0d3aff27036cfed73416cf442c7d62444a8b
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1473
Reviewed-by: q3k <q3k@hackerspace.pl>
diff --git a/app/mailman-web/BUILD b/app/mailman-web/BUILD
new file mode 100644
index 0000000..f79e0e3
--- /dev/null
+++ b/app/mailman-web/BUILD
@@ -0,0 +1,150 @@
+load("@pydeps//:requirements.bzl", "requirement")
+load("@rules_python//python:defs.bzl", "py_binary")
+load("@io_bazel_rules_docker//python:image.bzl", "py_layer")
+load("@io_bazel_rules_docker//python3:image.bzl", "py3_image")
+load("@io_bazel_rules_docker//container:container.bzl", "container_layer", "container_image")
+load("@io_bazel_rules_docker//docker/util:run.bzl", "container_run_and_extract", "container_run_and_commit_layer")
+load("@io_bazel_rules_docker//docker/package_managers:download_pkgs.bzl", "download_pkgs")
+load("@io_bazel_rules_docker//docker/package_managers:install_pkgs.bzl", "install_pkgs")
+
+# - - base docker stuff - -
+
+download_pkgs(
+ name = "apt_py_is_py3",
+ image_tar = "@python-debian//image",
+ packages = [
+ # rules_docker python wants /usr/bin/python
+ "python-is-python3",
+ ],
+)
+
+install_pkgs(
+ name = "base_image",
+ output_image_name = "base_image",
+ image_tar = "@python-debian//image",
+ installables_tar = ":apt_py_is_py3.tar",
+ installation_cleanup_commands = "rm -rf /var/lib/apt/lists/* /usr/share/doc && apt remove -y libbluetooth3 mariadb-common tk && apt autoremove -y",
+)
+
+BASE_IMAGE = ":base_image"
+
+# overkill rube goldberg setup to build static files begins
+# - - - -
+
+container_run_and_extract(
+ name = "static_pack",
+ commands = [
+ "tar cpJvf /out.tar.xz -C /opt/mailman/web/static ./",
+ ],
+ extract_file = "/out.tar.xz",
+ image = ":static_build_image.tar",
+)
+
+container_image(
+ name = "static_build_image",
+ layers = [":static_build_layer"],
+ base = BASE_IMAGE,
+)
+
+# this will also contain .pyc files, but the python binary will be the same
+# on prod, so it's fine
+container_run_and_commit_layer(
+ name = "static_build_layer",
+ commands = [
+ "./app/mailman-web/manage collectstatic",
+ "./app/mailman-web/manage compress",
+ # gettext is cursed, TODO make this work
+ #"./app/mailman-web/manage compilemessages",
+ ],
+ image = ":build_container.tar",
+ docker_run_flags = ["--entrypoint="],
+)
+
+py3_image(
+ name = "build_container",
+ srcs = [":manage"],
+ main = "manage.py",
+ base = ":build_tools_container",
+ layers = [":deps_layer"],
+ # this doesn't work for some reason - this is always rebuilt, unless
+ # you pass --nostamp globally
+ stamp = 0,
+)
+
+download_pkgs(
+ name = "build_tools",
+ image_tar = "@python-debian//image",
+ packages = [
+ "sassc",
+ "gettext",
+ ],
+)
+
+install_pkgs(
+ name = "build_tools_container",
+ output_image_name = "build_tools_container",
+ image_tar = BASE_IMAGE + '.tar',
+ installables_tar = ":build_tools.tar",
+ installation_cleanup_commands = "rm -rf /var/lib/apt/lists/* /usr/share/doc",
+)
+
+# - - - -
+# overkill rube goldberg setup to build static files ends
+
+
+# - - python stuff - -
+
+# this is purely a build optimization - put the pip deps into a separate layer
+py_layer(
+ name = "deps_layer",
+ deps = [
+ requirement("Django"),
+ requirement("postorius"),
+ requirement("hyperkitty"),
+ requirement("gunicorn"),
+ requirement("psycopg2-binary"),
+ ],
+)
+
+py_library(
+ name = "django_base",
+ srcs = ["settings.py", "urls.py"]
+ + glob(["upstream_settings/*.py"]),
+ deps = [
+ requirement("Django"),
+ requirement("postorius"),
+ requirement("hyperkitty"),
+ requirement("gunicorn"),
+ requirement("psycopg2-binary"),
+ ],
+)
+
+py_binary(
+ name = "manage",
+ srcs = ["manage.py"],
+ deps = [":django_base"],
+)
+
+py_binary(
+ name = "serve",
+ srcs = ["serve.py"],
+ deps = [":django_base"],
+)
+
+# prod docker image
+
+py3_image(
+ name = "mailman-web",
+ srcs = ["container_main.py"],
+ deps = [
+ ":django_base",
+ ":manage",
+ ":serve",
+ ],
+ layers = [
+ ":deps_layer",
+ ],
+ main = "container_main.py",
+ #base = ":base_container"
+ base = ":static_build_image",
+)
diff --git a/app/mailman-web/LICENSE b/app/mailman-web/LICENSE
new file mode 100644
index 0000000..4e2fa46
--- /dev/null
+++ b/app/mailman-web/LICENSE
@@ -0,0 +1,3 @@
+Mailman and its components (postorius, hyperkitty) are licensed under GPLv3 and we link/import that code here directly.
+Also, a good portion of this wsgi launcher is copied from https://gitlab.com/mailman/mailman-web, GPLv3 as well.
+Therefore, this entire directory likely falls under GPLv3.
diff --git a/app/mailman-web/README.md b/app/mailman-web/README.md
new file mode 100644
index 0000000..36da2a6
--- /dev/null
+++ b/app/mailman-web/README.md
@@ -0,0 +1,7 @@
+Web parts of mailman3 - postorius and hyperkitty.
+Postgres only, TODO attempt cockroachization.
+
+This currently serves static files via an extremely cursed hack:
+lists.hackerspace.pl points to boston-packets, which serves /static/* from
+a local directory there, made by extracting :static_pack there; and proxy_passes
+every other path to the k8s Service defined here.
diff --git a/app/mailman-web/container_main.py b/app/mailman-web/container_main.py
new file mode 100644
index 0000000..b6797a7
--- /dev/null
+++ b/app/mailman-web/container_main.py
@@ -0,0 +1,13 @@
+from sys import argv, exit
+
+# simple wrapper so we don't need two container entrypoints
+assert len(argv) > 1, "specify a command"
+if argv[1] == "serve":
+ import serve
+ serve.main()
+elif argv[1] == "manage":
+ import manage
+ manage.main(argv[1:])
+else:
+ print("unknown command", argv[1])
+ exit(1)
diff --git a/app/mailman-web/kube/mailman.libsonnet b/app/mailman-web/kube/mailman.libsonnet
new file mode 100644
index 0000000..c71de4e
--- /dev/null
+++ b/app/mailman-web/kube/mailman.libsonnet
@@ -0,0 +1,215 @@
+local kube = import "../../../kube/kube.libsonnet";
+
+{
+ local app = self,
+ local cfg = app.cfg,
+
+ cfg:: {
+ namespace: error "cfg.namespace must be set",
+ webDomain: error "cfg.webDomain must be set",
+ images: {
+ web: "registry.k0.hswaw.net/implr/mailman-web:0.6",
+ # https://github.com/octeep/wireproxy
+ wireproxy: "registry.k0.hswaw.net/implr/wireproxy:1.0.5"
+ },
+ passwords: {
+ postgres: error "cfg.secrets.postgres must be set",
+ mailmanRest: error "cfg.secrets.mailmanRest must be set",
+ mailmanArchiver: error "cfg.secrets.mailmanArchiver must be set",
+ },
+ smtp: {
+ user: "postorius",
+ # from mail server
+ password: error "cfg.smtp.password must be set",
+ },
+ secrets: {
+ djangoSecretKey: error "cfg.secrets.djangoSecretKey must be set",
+ },
+ wg: {
+ peerPubkey: error "cfg.wg.peerPubkey must be set",
+ privkey: error "cfg.wg.privkey must be set",
+ endpoint: error "cfg.wg.endpoint must be set",
+ },
+ },
+
+ env:: {
+ WEB_DOMAIN: cfg.webDomain,
+ BIND_ADDR: "0.0.0.0:8080",
+
+ //DB_HOST: app.postgres.svc.host,
+ DB_HOST: "boston-packets.hackerspace.pl",
+ DB_USER: "mailman",
+ DB_NAME: "mailman-web",
+ DB_PASS: kube.SecretKeyRef(app.config, "postgres-pass"),
+ DB_PORT: "5432",
+
+
+ SMTP_HOST: "mail.hackerspace.pl",
+ SMTP_PORT: "587",
+ SMTP_USER: "postorius",
+ SMTP_PASSWORD: kube.SecretKeyRef(app.config, "smtp-password"),
+
+ SECRET_KEY: kube.SecretKeyRef(app.config, "django-secret-key"),
+ MAILMAN_REST_API_PASS: kube.SecretKeyRef(app.config, 'mailman-api-password'),
+ MAILMAN_ARCHIVER_KEY: kube.SecretKeyRef(app.config, 'mailman-archiver-key'),
+
+ },
+
+ namespace: kube.Namespace(cfg.namespace),
+ local ns = self.namespace,
+
+
+ web: ns.Contain(kube.Deployment("web")) {
+ spec+: {
+ minReadySeconds: 10,
+ replicas: 1,
+ template+: {
+ spec+: {
+ initContainers_: {
+ migrate: kube.Container("migrate") {
+ image: cfg.images.web,
+ env_: app.env,
+ args: [
+ "manage", "migrate",
+ ],
+ },
+ },
+ volumes_: {
+ config: kube.SecretVolume(app.wireproxyConfig),
+ },
+ containers_: {
+ default: kube.Container("default") {
+ image: cfg.images.web,
+ env_: app.env,
+ args: ["serve"],
+ ports_: {
+ web: { containerPort: 8080 },
+ },
+ # readinessProbe: {
+ # httpGet: {
+ # path: "/",
+ # port: "web",
+ # },
+ # failureThreshold: 10,
+ # periodSeconds: 5,
+ # },
+ resources: {
+ requests: {
+ cpu: "250m",
+ memory: "1024M",
+ },
+ limits: {
+ cpu: "1",
+ memory: "1024M",
+ },
+ },
+ },
+ wireproxy: kube.Container("wireproxy") {
+ image: cfg.images.wireproxy,
+ resources: {
+ requests: {
+ cpu: "100m",
+ memory: "64M",
+ },
+ limits: {
+ cpu: "200m",
+ memory: "128M",
+ },
+ },
+ volumeMounts_: {
+ config: { mountPath: "/etc/wireproxy/config", subPath: "config" }
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+
+ local manifestIniMultisection(sname, values) = std.join('\n',
+ [std.manifestIni({
+ sections: {
+ [sname]: i,
+ }}) for i in values]),
+ wireproxyConfig: ns.Contain(kube.Secret("wireproxy-config")) {
+ data: {
+ config: std.base64(std.manifestIni({
+ sections: {
+ Interface: {
+ Address: cfg.wg.address,
+ PrivateKey: cfg.wg.privkey,
+ },
+ Peer: {
+ PublicKey: cfg.wg.peerPubkey,
+ Endpoint: cfg.wg.endpoint,
+ },
+
+ },
+ }) + manifestIniMultisection("TCPClientTunnel", [
+ # {
+ # # postgres
+ # ListenPort: 5432,
+ # Target: "localhost:5432",
+ # },
+ {
+ # mailman core api
+ BindAddress: "127.0.0.1:8001",
+ Target: "172.17.1.1:8001",
+ },
+ ])),
+ },
+ },
+
+
+ svcWeb: ns.Contain(kube.Service("web")) {
+ target_pod: app.web.spec.template,
+ spec+: {
+ # hax
+ type: "LoadBalancer",
+ externalTrafficPolicy: "Local",
+ },
+ },
+
+
+ #ingress: ns.Contain(kube.Ingress("mailman")) {
+ # metadata+: {
+ # annotations+: {
+ # "kubernetes.io/tls-acme": "true",
+ # "certmanager.k8s.io/cluster-issuer": "letsencrypt-prod",
+ # "nginx.ingress.kubernetes.io/proxy-body-size": "0",
+ # },
+ # },
+ # spec+: {
+ # tls: [
+ # {
+ # hosts: [cfg.webDomain],
+ # secretName: "mailman-ingress-tls",
+ # },
+ # ],
+ # rules: [
+ # {
+ # host: cfg.webDomain,
+ # http: {
+ # paths: [
+ # { path: "/", backend: app.svcWeb.name_port },
+ # //{ path: "/static/", backend: app.svcStatic.name_port },
+ # ],
+ # },
+ # },
+ # ],
+ # },
+ #},
+
+ config: ns.Contain(kube.Secret("config")) {
+ data_: {
+ "postgres-pass": cfg.passwords.postgres,
+ "django-secret-key": cfg.secrets.djangoSecretKey,
+
+ "smtp-password": cfg.smtp.password,
+
+ "mailman-api-password": cfg.mailmanCore.mailmanApiPass,
+ "mailman-archiver-key": cfg.mailmanCore.mailmanArchiverKey,
+
+ },
+ },
+}
diff --git a/app/mailman-web/kube/prod.jsonnet b/app/mailman-web/kube/prod.jsonnet
new file mode 100644
index 0000000..3fdd75a
--- /dev/null
+++ b/app/mailman-web/kube/prod.jsonnet
@@ -0,0 +1,20 @@
+local mailman = import "mailman.libsonnet";
+local secrets = import "secrets/plain/prod.libsonnet";
+
+mailman {
+ cfg+: secrets {
+ namespace: "mailman-hackerspace-prod",
+ webDomain: "lists2.hackerspace.pl",
+
+ wg+: {
+ address: "172.17.1.2/32",
+ peerPubkey: "sKobxe3U6Gz72MWXEETTr8fSFIPSuX/WOGGFwd3oXy8=",
+ endpoint: "boston-packets.hackerspace.pl:51820"
+ },
+
+ //objectStorage+: {
+ //bucket: "mailman-prod",
+ //},
+
+ },
+}
diff --git a/app/mailman-web/manage.py b/app/mailman-web/manage.py
new file mode 100644
index 0000000..1dc0f86
--- /dev/null
+++ b/app/mailman-web/manage.py
@@ -0,0 +1,13 @@
+import os
+import sys
+
+def main(argv):
+ os.environ['DJANGO_SETTINGS_MODULE'] = "settings"
+
+ os.environ['DJANGO_IS_MANAGEMENT_COMMAND'] = '1'
+ from django.core.management import execute_from_command_line
+ execute_from_command_line(argv)
+
+
+if __name__ == "__main__":
+ main(sys.argv)
diff --git a/app/mailman-web/serve.py b/app/mailman-web/serve.py
new file mode 100644
index 0000000..e56bd04
--- /dev/null
+++ b/app/mailman-web/serve.py
@@ -0,0 +1,38 @@
+import os
+import gunicorn.app.base
+from django.core.wsgi import get_wsgi_application
+
+
+class StandaloneApplication(gunicorn.app.base.BaseApplication):
+
+ def __init__(self, app, options=None):
+ self.options = options or {}
+ self.application = app
+ super().__init__()
+
+ def load_config(self):
+ config = {key: value for key, value in self.options.items()
+ if key in self.cfg.settings and value is not None}
+ for key, value in config.items():
+ self.cfg.set(key.lower(), value)
+
+ def load(self):
+ return self.application
+
+
+def main():
+ options = {
+ 'bind': os.environ.get('BIND_ADDR', '127.0.0.1:8080'),
+ 'workers': int(os.environ.get("GUNICORN_WORKERS", "4")),
+ 'capture_output': True,
+ 'disable_redirect_access_to_syslog': True,
+ 'accesslog': '-',
+ 'errorlog': '-',
+ }
+ os.environ['DJANGO_SETTINGS_MODULE'] = "settings"
+ application = get_wsgi_application()
+ StandaloneApplication(application, options).run()
+
+
+if __name__ == '__main__':
+ main()
diff --git a/app/mailman-web/settings.py b/app/mailman-web/settings.py
new file mode 100644
index 0000000..8cbfb2b
--- /dev/null
+++ b/app/mailman-web/settings.py
@@ -0,0 +1,102 @@
+import sys
+import os
+
+from upstream_settings.base import *
+from upstream_settings.mailman import *
+
+# we're in a container, stdout only
+LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'formatters': {
+ 'verbose': {
+ 'format': '%(asctime)s %(name)-12s %(levelname)-8s %(message)s',
+ },
+ },
+ 'handlers': {
+ 'console': {
+ 'level': 'INFO',
+ 'class': 'logging.StreamHandler',
+ 'stream': sys.stdout,
+ 'formatter': 'verbose'
+ },
+ },
+ 'loggers': {
+ '': {
+ 'handlers': ['console'],
+ 'level': 'INFO',
+ 'propagate': True,
+ },
+ },
+ }
+
+SECRET_KEY = os.environ.get("SECRET_KEY", "hackme")
+# assert len(SECRET_KEY) > 16
+ROOT_URLCONF = "urls"
+
+ALLOWED_HOSTS = [
+ "localhost", # Archiving API from Mailman, keep it.
+ os.environ.get('WEB_DOMAIN', "lists.hackerspace.pl"),
+]
+
+ALLOWED_HOSTS = ["*"] # TODO deleteme
+
+MAILMAN_REST_API_URL = 'http://localhost:8001'
+MAILMAN_REST_API_USER = 'restadmin'
+MAILMAN_REST_API_PASS = os.environ.get('MAILMAN_REST_API_PASS')
+MAILMAN_ARCHIVER_KEY = os.environ.get('MAILMAN_ARCHIVER_KEY')
+MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1', '185.236.240.38', "2a0d:eb00:2137:2::10")
+
+DATABASES = {
+ 'default': {
+ # Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
+ 'ENGINE': 'django.db.backends.postgresql_psycopg2',
+ # DB name or path to database file if using sqlite3.
+ 'NAME': os.environ.get('DB_NAME', 'mailman-web'),
+ # The following settings are not used with sqlite3:
+ 'USER': os.environ.get('DB_USER', 'mailman'),
+ 'PASSWORD': os.environ.get('DB_PASS'),
+ # HOST: empty for localhost through domain sockets or '127.0.0.1' for
+ # localhost through TCP.
+ 'HOST': os.environ.get('DB_HOST', '127.0.0.1'),
+ # PORT: set to empty string for default.
+ 'PORT': os.environ.get('DB_PORT', ''),
+ # OPTIONS: for mysql engine only, do not use with other engines.
+ # 'OPTIONS': {'charset': 'utf8mb4'} # Enable utf8 4-byte encodings.
+ }
+}
+
+# TODO check this
+USE_X_FORWARDED_HOST = True # behind an Ingress
+
+# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
+# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
+# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
+
+DEFAULT_FROM_EMAIL = 'postorius@hackerspace.pl'
+SERVER_EMAIL = 'bofh@hackerspace.pl'
+
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+EMAIL_HOST = os.environ.get('SMTP_HOST', '127.0.0.1')
+EMAIL_PORT = int(os.environ.get('SMTP_PORT', '465'))
+EMAIL_HOST_USER = os.environ.get('SMTP_USER', 'postorius')
+EMAIL_HOST_PASSWORD = os.environ.get('SMTP_PASSWORD')
+EMAIL_TIMEOUT=3
+EMAIL_USE_TLS=True
+
+HAYSTACK_CONNECTIONS = {
+ 'default': {
+ 'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine',
+ 'PATH': os.environ.get('FULLTEXT_INDEX_PATH', "fulltext_index"),
+ # You can also use the Xapian engine, it's faster and more accurate,
+ # but requires another library.
+ # http://django-haystack.readthedocs.io/en/v2.4.1/installing_search_engines.html#xapian
+ # Example configuration for Xapian:
+ # 'ENGINE': 'xapian_backend.XapianEngine'
+ },
+}
+
+# Only display mailing-lists from the same virtual host as the webserver
+FILTER_VHOST = False
+POSTORIUS_TEMPLATE_BASE_URL = 'https://lists.hackerspace.pl'
diff --git a/app/mailman-web/upstream_settings/README b/app/mailman-web/upstream_settings/README
new file mode 100644
index 0000000..9700643
--- /dev/null
+++ b/app/mailman-web/upstream_settings/README
@@ -0,0 +1 @@
+Unmodified copy of default settings from mailman-web.
diff --git a/app/mailman-web/upstream_settings/__init__.py b/app/mailman-web/upstream_settings/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/app/mailman-web/upstream_settings/__init__.py
diff --git a/app/mailman-web/upstream_settings/base.py b/app/mailman-web/upstream_settings/base.py
new file mode 100644
index 0000000..7333588
--- /dev/null
+++ b/app/mailman-web/upstream_settings/base.py
@@ -0,0 +1,300 @@
+# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
+import os
+from django.contrib.messages import constants as messages
+from pathlib import Path
+
+#: The base directory for logs and database.
+BASE_DIR = Path('/opt/mailman/web')
+
+#: Default list of admins who receive the emails from error logging.
+ADMINS = (
+ ('Mailman Suite Admin', 'root@localhost'),
+)
+
+#: Hosts/domain names that are valid for this site; required if DEBUG is False.
+#: See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
+ALLOWED_HOSTS = [
+ "localhost", # Archiving API from Mailman, keep it.
+ # "lists.your-domain.org",
+ # Add here all production URLs you may have.
+]
+
+#: Enable Development Mode.
+DEBUG = False
+
+
+#: URL Configuration for Django
+ROOT_URLCONF = 'mailman_web.urls'
+
+
+#: Default list of django applications.
+#: Each social account provider is an application and by default no social auth
+#: providers are enabled. To enable a social auth provider, you can add them
+#: to list of INSTALLED_APPS. For example::
+#:
+#: DJANGO_SOCIAL_AUTH_PROVIDERS = [
+#: 'allauth.socialaccount.providers.openid',
+#: 'django_mailman3.lib.auth.fedora',
+#: 'allauth.socialaccount.providers.github',
+#: 'allauth.socialaccount.providers.gitlab',
+#: 'allauth.socialaccount.providers.google',
+#: 'allauth.socialaccount.providers.facebook',
+#: 'allauth.socialaccount.providers.twitter',
+#: 'allauth.socialaccount.providers.stackexchange',
+#: ]
+#: INSTALLED_APPS += DJANGO_SOCIAL_AUTH_PROVIDERS
+#:
+#: A full list of providers can be found at
+#: https://django-allauth.readthedocs.io/en/latest/providers.html
+#: Please also note that extra configuration is required after
+#: a provider is enabled. Django-allauth's documentation mentioned
+#: above provides more details about how to configure one.
+INSTALLED_APPS = [
+ 'hyperkitty',
+ 'postorius',
+ 'django_mailman3',
+ 'django.contrib.admin',
+ 'django.contrib.auth',
+ 'django.contrib.contenttypes',
+ 'django.contrib.sessions',
+ 'django.contrib.sites',
+ 'django.contrib.messages',
+ 'django.contrib.staticfiles',
+ 'rest_framework',
+ 'django_gravatar',
+ 'compressor',
+ 'haystack',
+ 'django_extensions',
+ 'django_q',
+ 'allauth',
+ 'allauth.account',
+ 'allauth.socialaccount',
+]
+
+
+#: Default Django Middlewares.
+MIDDLEWARE = (
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
+ 'django.middleware.locale.LocaleMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+ 'django.middleware.security.SecurityMiddleware',
+ 'django_mailman3.middleware.TimezoneMiddleware',
+ 'postorius.middleware.PostoriusMiddleware',
+)
+
+#: Default Template finders.
+TEMPLATES = [
+ {
+ 'BACKEND': 'django.template.backends.django.DjangoTemplates',
+ 'DIRS': [],
+ 'APP_DIRS': True,
+ 'OPTIONS': {
+ 'context_processors': [
+ 'django.template.context_processors.debug',
+ 'django.template.context_processors.i18n',
+ 'django.template.context_processors.media',
+ 'django.template.context_processors.static',
+ 'django.template.context_processors.tz',
+ 'django.template.context_processors.csrf',
+ 'django.template.context_processors.request',
+ 'django.contrib.auth.context_processors.auth',
+ 'django.contrib.messages.context_processors.messages',
+ 'django_mailman3.context_processors.common',
+ 'hyperkitty.context_processors.common',
+ 'postorius.context_processors.postorius',
+ ],
+ },
+ },
+]
+
+#: Wsgi application import path. This will be used by the WSGI server which
+#: will be used to deploy this application.
+WSGI_APPLICATION = 'mailman_web.wsgi.application'
+
+#: Default Database to be used.
+#: Example for PostgreSQL (**recommanded for production**)::
+#:
+#: 'default': {
+#: 'ENGINE': 'django.db.backends.postgresql_psycopg2',
+#: 'NAME': 'database_name',
+#: 'USER': 'database_user',
+#: 'PASSWORD': 'database_password',
+#: 'HOST': 'localhost',
+#: }
+#:
+#: For MySQL/MariaDB also add the following to the the configuration::
+#:
+#: 'OPTIONS': {'charset': 'utf8mb4'} # Enable utf8 4-byte encodings.
+#:
+#: Check out
+#: `Django documentation
+#: <https://docs.djangoproject.com/en/3.0/ref/settings/#databases>`_ for
+#: more details.
+DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.sqlite3',
+ 'NAME': os.path.join(BASE_DIR, 'mailman-web.db'),
+ 'HOST': '',
+ 'PORT': '',
+ }
+}
+
+# Maintain type of autogenerated keys going forward
+# https://docs.djangoproject.com/en/3.2/releases/3.2/#customizing-type-of-auto-created-primary-keys
+DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
+
+
+#: Default password validators.
+AUTH_PASSWORD_VALIDATORS = [
+ {
+ 'NAME':
+ 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', # noqa: E501
+ },
+ {
+ 'NAME':
+ 'django.contrib.auth.password_validation.MinimumLengthValidator',
+ },
+ {
+ 'NAME':
+ 'django.contrib.auth.password_validation.CommonPasswordValidator',
+ },
+ {
+ 'NAME':
+ 'django.contrib.auth.password_validation.NumericPasswordValidator',
+ },
+]
+
+#: Default Language code.
+LANGUAGE_CODE = 'en-us'
+
+#: Default timezone.
+TIME_ZONE = 'UTC'
+
+#: Enable internationalization.
+USE_I18N = True
+
+#: Enable localization.
+USE_L10N = True
+
+#: Use the timezone information.
+USE_TZ = True
+
+
+#: Default path where static files will be placed.
+STATIC_ROOT = os.path.join(BASE_DIR, 'static')
+
+#: URL prefix for static files.
+#: Example: "http://example.com/static/", "http://static.example.com/"
+STATIC_URL = '/static/'
+
+#: Additional locations of static files
+STATICFILES_DIRS = (
+ # Put strings here, like "/home/html/static" or "C:/www/django/static".
+ # Always use forward slashes, even on Windows.
+ # Don't forget to use absolute paths, not relative paths.
+ # BASE_DIR + '/static/',
+)
+
+#: List of finder classes that know how to find static files in
+#: various locations.
+STATICFILES_FINDERS = (
+ 'django.contrib.staticfiles.finders.FileSystemFinder',
+ 'django.contrib.staticfiles.finders.AppDirectoriesFinder',
+ # 'django.contrib.staticfiles.finders.DefaultStorageFinder',
+ 'compressor.finders.CompressorFinder',
+)
+
+
+#: Default Django URL to redirect to for Login.
+LOGIN_URL = 'account_login'
+#: Default Django URL to redirect to after a successful login.
+LOGIN_REDIRECT_URL = 'list_index'
+#: Default Django URL to Logout the user.
+LOGOUT_URL = 'account_logout'
+
+#: If you enable email reporting for error messages, this is where those emails
+#: will appear to be coming from. Make sure you set a valid domain name,
+#: otherwise the emails may get rejected.
+#: https://docs.djangoproject.com/en/dev/ref/settings/#std:setting-SERVER_EMAIL
+SERVER_EMAIL = 'root@localhost.local'
+
+#: The default implementation to send out emails. This can be customized to
+#: something else for testing purposes.
+#: https://docs.djangoproject.com/en/dev/topics/email/#email-backends
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+
+MESSAGE_TAGS = {
+ messages.ERROR: 'danger'
+}
+
+
+#: Default Logging configuration.
+LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'filters': {
+ 'require_debug_false': {
+ '()': 'django.utils.log.RequireDebugFalse'
+ }
+ },
+ 'handlers': {
+ 'mail_admins': {
+ 'level': 'ERROR',
+ 'filters': ['require_debug_false'],
+ 'class': 'django.utils.log.AdminEmailHandler'
+ },
+ 'file': {
+ 'level': 'INFO',
+ 'class': 'logging.handlers.WatchedFileHandler',
+ 'filename': os.path.join(BASE_DIR, 'logs', 'mailmanweb.log'),
+ 'formatter': 'verbose',
+ },
+ 'console': {
+ 'class': 'logging.StreamHandler',
+ 'formatter': 'simple',
+ },
+ },
+ 'loggers': {
+ 'django.request': {
+ 'handlers': ['mail_admins', 'file'],
+ 'level': 'ERROR',
+ 'propagate': True,
+ },
+ 'django': {
+ 'handlers': ['file'],
+ 'level': 'ERROR',
+ 'propagate': True,
+ },
+ 'hyperkitty': {
+ 'handlers': ['file'],
+ 'level': 'DEBUG',
+ 'propagate': True,
+ },
+ 'postorius': {
+ 'handlers': ['console', 'file'],
+ 'level': 'INFO',
+ },
+ 'q': {
+ 'level': 'WARNING',
+ 'propagate': False,
+ 'handlers': ['console', 'file'],
+ },
+ },
+ 'formatters': {
+ 'verbose': {
+ 'format': '%(levelname)s %(asctime)s %(process)d %(name)s %(message)s' # noqa: E501
+ },
+ 'simple': {
+ 'format': '%(levelname)s %(message)s'
+ },
+ },
+}
+
+#: Current Django Site being served. This is used to customize the web host
+#: being used to serve the current website. For more details about Django
+#: site, see: https://docs.djangoproject.com/en/dev/ref/contrib/sites/
+SITE_ID = 1
diff --git a/app/mailman-web/upstream_settings/mailman.py b/app/mailman-web/upstream_settings/mailman.py
new file mode 100644
index 0000000..f69a706
--- /dev/null
+++ b/app/mailman-web/upstream_settings/mailman.py
@@ -0,0 +1,124 @@
+#: Mailman Core default API Path
+MAILMAN_REST_API_URL = 'http://localhost:8001'
+#: Mailman Core API user
+MAILMAN_REST_API_USER = 'restadmin'
+#: Mailman Core API user's password.
+MAILMAN_REST_API_PASS = 'restpass'
+#: Mailman Core Shared archiving key. This value is set in the :
+#: mailman-hyperkitty's configuration file.
+MAILMAN_ARCHIVER_KEY = 'SecretArchiverAPIKey'
+#: Host for Mailman Core, from where Hyperkitty will accept connections
+#: for archiving.
+MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
+
+#: Base URL where Django/Mailman-web would be listening for requests. Used by
+#: Mailman Core for fetching templates.
+POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost:8000'
+
+#: Use gravatar in HyperKitty and Postorius.
+#: If disabled django_gravatar can be removed from INSTALLED_APPS:
+#: INSTALLED_APPS.remove('django_gravatar')
+HYPERKITTY_ENABLE_GRAVATAR = True
+
+#: Filter visible Mailing Lists based on the current host being used to serve.
+FILTER_VHOST = False
+
+#: Sender in Emails sent out by Postorius.
+DEFAULT_FROM_EMAIL = 'postorius@localhost'
+
+
+#: Django Allauth
+ACCOUNT_AUTHENTICATION_METHOD = "username_email"
+ACCOUNT_EMAIL_REQUIRED = True
+ACCOUNT_EMAIL_VERIFICATION = "mandatory"
+ACCOUNT_UNIQUE_EMAIL = True
+
+#: Protocol for URLs generated for authentication, like email
+#: confirmation.
+ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
+
+
+#: Extra configuration for Social auth. For these configuration to be used.
+#: each of the social account providers must be first added in INSTALLED_APPS.
+#: See :py:data:`mailman_web.settings.base.INSTALLED_APPS` for more
+#: configuration.
+SOCIALACCOUNT_PROVIDERS = {
+ 'openid': {
+ 'SERVERS': [
+ dict(id='yahoo',
+ name='Yahoo',
+ openid_url='http://me.yahoo.com'),
+ ],
+ },
+ 'google': {
+ 'SCOPE': ['profile', 'email'],
+ 'AUTH_PARAMS': {'access_type': 'online'},
+ },
+ 'facebook': {
+ 'METHOD': 'oauth2',
+ 'SCOPE': ['email'],
+ 'FIELDS': [
+ 'email',
+ 'name',
+ 'first_name',
+ 'last_name',
+ 'locale',
+ 'timezone',
+ ],
+ 'VERSION': 'v2.4',
+ },
+}
+
+
+#: django-compressor
+#: https://pypi.python.org/pypi/django_compressor
+COMPRESS_PRECOMPILERS = (
+ ('text/x-scss', 'sassc -t compressed {infile} {outfile}'),
+ ('text/x-sass', 'sassc -t compressed {infile} {outfile}'),
+)
+
+
+# Social auth
+#
+#: Authentication backends for Django to be used.
+AUTHENTICATION_BACKENDS = (
+ 'django.contrib.auth.backends.ModelBackend',
+ 'allauth.account.auth_backends.AuthenticationBackend',
+)
+
+#
+# Full-text search engine
+#
+#: Django-Haystack connection parameters.
+HAYSTACK_CONNECTIONS = {
+ 'default': {
+ 'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine',
+ 'PATH': "fulltext_index",
+ # You can also use the Xapian engine, it's faster and more accurate,
+ # but requires another library.
+ # http://django-haystack.readthedocs.io/en/v2.4.1/installing_search_engines.html#xapian
+ # Example configuration for Xapian:
+ # 'ENGINE': 'xapian_backend.XapianEngine'
+ },
+}
+
+
+# Asynchronous tasks
+#
+#: Django Q connection parameters.
+Q_CLUSTER = {
+ 'retry': 360,
+ 'timeout': 300,
+ 'save_limit': 100,
+ 'orm': 'default',
+}
+
+#: On a production setup, setting COMPRESS_OFFLINE to True will bring a
+#: significant performance improvement, as CSS files will not need to be
+#: recompiled on each requests. It means running an additional "compress"
+#: management command after each code upgrade.
+#: http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
+COMPRESS_OFFLINE = True
+
+# Needed for debug mode
+# INTERNAL_IPS = ('127.0.0.1',)
diff --git a/app/mailman-web/urls.py b/app/mailman-web/urls.py
new file mode 100644
index 0000000..e9359c7
--- /dev/null
+++ b/app/mailman-web/urls.py
@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+# Copyright (C) 1998-2016 by the Free Software Foundation, Inc.
+#
+# This file is part of Postorius.
+#
+# Postorius is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free
+# Software Foundation, either version 3 of the License, or (at your option)
+# any later version.
+#
+# Postorius is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+# more details.
+#
+# You should have received a copy of the GNU General Public License along with
+# Postorius. If not, see <http://www.gnu.org/licenses/>.
+
+
+from django.conf.urls import include
+from django.contrib import admin
+from django.urls import path, reverse_lazy
+from django.views.generic import RedirectView
+
+urlpatterns = [
+ path(
+ '',
+ RedirectView.as_view(url=reverse_lazy('list_index'), permanent=True),
+ ),
+ path('mailman3/', include('postorius.urls')),
+ path('archives/', include('hyperkitty.urls')),
+ path('', include('django_mailman3.urls')),
+ path('accounts/', include('allauth.urls')),
+ path('admin/', admin.site.urls),
+]