From: Jonas Meurer <jonas@freesources.org>
Date: Sat, 23 Jan 2021 21:16:26 +0100
Subject: Adjust settings.py for Debian mailman3-web

* Disable debugging mode.
* Disable all allauth socialaccount providers for privacy reasons.
* Set postgresql as default database engine.
* Enable 'USE_X_FORWARDED_HOST'.
* Adjust 'STATIC_ROOT' and 'STATIC_URL' paths.
* Adjust 'DEFAULT_FROM_EMAIL' and 'SERVER_EMAIL'.
* Use smtp email backend per default to send mails.
* Set 'ACCOUNT_DEFAULT_HTTP_PROTOCOL' to 'https'.
* Change logging level for most logging channels to 'INFO'.
* Set queue polling inteval vor django-q cluster to 5 seconds (defaults
  to 0.2 seconds) to decrease the database load.
* Remove lessc from COMPRESS_COMPILERS, mailman3 django projects don't
  use/require less at all.
* Uncomment COMPRESS_COMPILERS altogether. Hyperkitty in Debian compiles
  scss files at build time, so no sass compiler is needed at runtime.

Forwarded: not-needed
Last-Update: 2021-01-23
---
 mailman-suite_project/settings.py | 109 ++++++++++++++++++++------------------
 1 file changed, 56 insertions(+), 53 deletions(-)

diff --git a/mailman-suite_project/settings.py b/mailman-suite_project/settings.py
index e5cc413..0a06a3f 100644
--- a/mailman-suite_project/settings.py
+++ b/mailman-suite_project/settings.py
@@ -34,7 +34,7 @@ BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 SECRET_KEY = 'change-this-on-your-production-server'
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = False
 
 ADMINS = (
      ('Mailman Suite Admin', 'root@localhost'),
@@ -85,13 +85,13 @@ INSTALLED_APPS = (
     'allauth.account',
     'allauth.socialaccount',
     'django_mailman3.lib.auth.fedora',
-    'allauth.socialaccount.providers.openid',
-    'allauth.socialaccount.providers.github',
-    'allauth.socialaccount.providers.gitlab',
-    'allauth.socialaccount.providers.google',
+    # 'allauth.socialaccount.providers.openid',
+    # 'allauth.socialaccount.providers.github',
+    # 'allauth.socialaccount.providers.gitlab',
+    # 'allauth.socialaccount.providers.google',
     # 'allauth.socialaccount.providers.facebook',
-    'allauth.socialaccount.providers.twitter',
-    'allauth.socialaccount.providers.stackexchange',
+    # 'allauth.socialaccount.providers.twitter',
+    # 'allauth.socialaccount.providers.stackexchange',
 )
 
 
@@ -145,9 +145,9 @@ WSGI_APPLICATION = 'wsgi.application'
 DATABASES = {
     'default': {
         # Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
-        'ENGINE': 'django.db.backends.sqlite3',
+        'ENGINE': 'django.db.backends.postgresql_psycopg2',
         # DB name or path to database file if using sqlite3.
-        'NAME': os.path.join(BASE_DIR, 'mailmansuite.db'),
+        'NAME': 'mailman3web',
         # The following settings are not used with sqlite3:
         'USER': 'mailmansuite',
         'PASSWORD': 'mmpass',
@@ -176,7 +176,7 @@ DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
 
 # If you're behind a proxy, use the X-Forwarded-Host header
 # See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
-# USE_X_FORWARDED_HOST = True
+USE_X_FORWARDED_HOST = True
 
 # And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
 # https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
@@ -241,11 +241,11 @@ USE_TZ = True
 # Don't put anything in this directory yourself; store your static files
 # in apps' "static/" subdirectories and in STATICFILES_DIRS.
 # Example: "/var/www/example.com/static/"
-STATIC_ROOT = os.path.join(BASE_DIR, 'static')
+STATIC_ROOT = '/var/lib/mailman3/web/static'
 
 # URL prefix for static files.
 # Example: "http://example.com/static/", "http://static.example.com/"
-STATIC_URL = '/static/'
+STATIC_URL = '/mailman3/static/'
 
 # Additional locations of static files
 STATICFILES_DIRS = (
@@ -269,23 +269,24 @@ LOGIN_URL = 'account_login'
 LOGIN_REDIRECT_URL = 'list_index'
 LOGOUT_URL = 'account_logout'
 
+HOSTNAME = 'localhost.local'
 
 # If you enable internal authentication, this is the address that the emails
 # will appear to be coming from. Make sure you set a valid domain name,
 # otherwise the emails may get rejected.
 # https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
 # DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org"
-DEFAULT_FROM_EMAIL = 'postorius@localhost.local'
+DEFAULT_FROM_EMAIL = 'postorius@{}'.format(HOSTNAME)
 
 # If you enable email reporting for error messages, this is where those emails
 # will appear to be coming from. Make sure you set a valid domain name,
 # otherwise the emails may get rejected.
 # https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
 # SERVER_EMAIL = 'root@your-domain.org'
-SERVER_EMAIL = 'root@localhost.local'
+SERVER_EMAIL = 'root@{}'.format(HOSTNAME)
 
 # Change this when you have a real email backend
-EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
 
 # Compatibility with Bootstrap 3
 from django.contrib.messages import constants as messages  # flake8: noqa
@@ -307,35 +308,35 @@ ACCOUNT_AUTHENTICATION_METHOD = "username_email"
 ACCOUNT_EMAIL_REQUIRED = True
 ACCOUNT_EMAIL_VERIFICATION = "mandatory"
 # You probably want https in production, but this is a dev setup file
-ACCOUNT_DEFAULT_HTTP_PROTOCOL = "http"
+ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
 ACCOUNT_UNIQUE_EMAIL  = True
 ACCOUNT_EMAIL_UNKNOWN_ACCOUNTS = False
 
 SOCIALACCOUNT_PROVIDERS = {
-    'openid': {
-        'SERVERS': [
-            dict(id='yahoo',
-                 name='Yahoo',
-                 openid_url='http://me.yahoo.com'),
-        ],
-    },
-    'google': {
-        'SCOPE': ['profile', 'email'],
-        'AUTH_PARAMS': {'access_type': 'online'},
-    },
-    'facebook': {
-       'METHOD': 'oauth2',
-       'SCOPE': ['email'],
-       'FIELDS': [
-           'email',
-           'name',
-           'first_name',
-           'last_name',
-           'locale',
-           'timezone',
-           ],
-       'VERSION': 'v2.4',
-    },
+    #'openid': {
+    #    'SERVERS': [
+    #        dict(id='yahoo',
+    #             name='Yahoo',
+    #             openid_url='http://me.yahoo.com'),
+    #    ],
+    #},
+    #'google': {
+    #    'SCOPE': ['profile', 'email'],
+    #    'AUTH_PARAMS': {'access_type': 'online'},
+    #},
+    #'facebook': {
+    #   'METHOD': 'oauth2',
+    #   'SCOPE': ['email'],
+    #   'FIELDS': [
+    #       'email',
+    #       'name',
+    #       'first_name',
+    #       'last_name',
+    #       'locale',
+    #       'timezone',
+    #       ],
+    #   'VERSION': 'v2.4',
+    #},
 }
 
 
@@ -361,11 +362,11 @@ SOCIALACCOUNT_PROVIDERS = {
 # django-compressor
 # https://pypi.python.org/pypi/django_compressor
 #
-COMPRESS_PRECOMPILERS = (
-   ('text/less', 'lessc {infile} {outfile}'),
-   ('text/x-scss', 'sassc -t compressed {infile} {outfile}'),
-   ('text/x-sass', 'sassc -t compressed {infile} {outfile}'),
-)
+#COMPRESS_PRECOMPILERS = (
+#   ('text/less', 'lessc {infile} {outfile}'),
+#   ('text/x-scss', 'sassc -t compressed {infile} {outfile}'),
+#   ('text/x-sass', 'sassc -t compressed {infile} {outfile}'),
+#)
 # On a production setup, setting COMPRESS_OFFLINE to True will bring a
 # significant performance improvement, as CSS files will not need to be
 # recompiled on each requests. It means running an additional "compress"
@@ -383,7 +384,7 @@ COMPRESS_PRECOMPILERS = (
 HAYSTACK_CONNECTIONS = {
     'default': {
         'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine',
-        'PATH': os.path.join(BASE_DIR, "fulltext_index"),
+        'PATH': '/var/lib/mailman3/web/fulltext_index',
         # You can also use the Xapian engine, it's faster and more accurate,
         # but requires another library.
         # http://django-haystack.readthedocs.io/en/v2.4.1/installing_search_engines.html#xapian
@@ -401,6 +402,7 @@ Q_CLUSTER = {
     'save_limit': 100,
     'orm': 'default',
     'retry': 360,
+    'poll': 5,
 }
 
 
@@ -425,9 +427,9 @@ LOGGING = {
         },
         'file':{
             'level': 'INFO',
-            #'class': 'logging.handlers.RotatingFileHandler',
-            'class': 'logging.handlers.WatchedFileHandler',
-            'filename': os.path.join(BASE_DIR, 'logs', 'mailmansuite.log'),
+            'class': 'logging.handlers.RotatingFileHandler',
+            #'class': 'logging.handlers.WatchedFileHandler',
+            'filename': '/var/log/mailman3/web/mailman-web.log',
             'formatter': 'verbose',
         },
         'console': {
@@ -438,22 +440,23 @@ LOGGING = {
     'loggers': {
         'django.request': {
             'handlers': ['mail_admins', 'file'],
-            'level': 'ERROR',
+            'level': 'INFO',
             'propagate': True,
         },
         'django': {
             'handlers': ['file'],
-            'level': 'ERROR',
+            'level': 'INFO',
             'propagate': True,
         },
         'hyperkitty': {
             'handlers': ['file'],
-            'level': 'DEBUG',
+            'level': 'INFO',
             'propagate': True,
         },
         'postorius': {
-            'handlers': ['console', 'file'],
+            'handlers': ['file'],
             'level': 'INFO',
+            'propagate': True,
         },
     },
     'formatters': {