diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-10-20 17:41:50 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-12-16 22:03:30 +0000 |
commit | 79a0b19ce40d60739ddb0c3005e79f6e722dcf24 (patch) | |
tree | 8b841177bf4a1bf0b1a90f9634659489a7f4794c /nixpkgs/pkgs/servers/mail | |
parent | 4590ad4c3004506c5657eff390b3a4dc326f6400 (diff) | |
download | nixlib-79a0b19ce40d60739ddb0c3005e79f6e722dcf24.tar nixlib-79a0b19ce40d60739ddb0c3005e79f6e722dcf24.tar.gz nixlib-79a0b19ce40d60739ddb0c3005e79f6e722dcf24.tar.bz2 nixlib-79a0b19ce40d60739ddb0c3005e79f6e722dcf24.tar.lz nixlib-79a0b19ce40d60739ddb0c3005e79f6e722dcf24.tar.xz nixlib-79a0b19ce40d60739ddb0c3005e79f6e722dcf24.tar.zst nixlib-79a0b19ce40d60739ddb0c3005e79f6e722dcf24.zip |
nixos/mailman: don't keep secrets in the Nix store
This replaces all Mailman secrets with ones that are generated the first time the service is run. This replaces the hyperkittyApiKey option, which would lead to a secret in the world-readable store. Even worse were the secrets hard-coded into mailman-web, which are not just world-readable, but identical for all users! services.mailman.hyperkittyApiKey has been removed, and so can no longer be used to determine whether to enable Hyperkitty. In its place, there is a new option, services.mailman.hyperkitty.enable. For consistency, services.mailman.hyperkittyBaseUrl has been renamed to services.mailman.hyperkitty.baseUrl.
Diffstat (limited to 'nixpkgs/pkgs/servers/mail')
-rw-r--r-- | nixpkgs/pkgs/servers/mail/mailman/settings.py | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/nixpkgs/pkgs/servers/mail/mailman/settings.py b/nixpkgs/pkgs/servers/mail/mailman/settings.py index 5f246db41ad1..7c3cec92002b 100644 --- a/nixpkgs/pkgs/servers/mail/mailman/settings.py +++ b/nixpkgs/pkgs/servers/mail/mailman/settings.py @@ -39,9 +39,6 @@ BASE_DIR = os.path.dirname(os.path.abspath(__file__)) # Quick-start development settings - unsuitable for production # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/ -# SECURITY WARNING: keep the secret key used in production secret! -SECRET_KEY = '$!-7^wl#wiifjbh)5@f7ji%x!vp7s1vzbvwt26hxv$idixq0u0' - # SECURITY WARNING: don't run with debug turned on in production! DEBUG = False @@ -64,7 +61,6 @@ ALLOWED_HOSTS = [ MAILMAN_REST_API_URL = 'http://localhost:8001' MAILMAN_REST_API_USER = 'restadmin' MAILMAN_REST_API_PASS = 'restpass' -MAILMAN_ARCHIVER_KEY = "@ARCHIVER_KEY@" MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1') # Application definition |