Well, the queen died which gave me a day off from work to sink into the software. It longer than anticipated, but I now have some simple forum software written in pure python with no external dependencies. (though it uses a stack of stdlib modules). 

Building this software has shown me just how BIG building a complete forum software would be. I've implemented a tiny fraction - auth, sessions and text posts, and I've made shortcuts to get here: I don't parse the complete HTTP spec, I don't validate posts for malicious content, I don't support formatting. It is the bare minimum of a forum. It's probably still under a week of full-time work if you counted hours spent typing, but there's been a lot of thought going into it additional to that (gg research about password encryption and how INNER JOIN works). 

One thing I've learned through this project is that it is hard to do encryption without access the internet. This is designed to be a standalone device, and so the normal TLS doesn't work as it depends on a centralised trust network. The only way I'd be able to implement forum software securely would be to roll my own encryption in the frontend - which is way above what I want to do here.

Another lesson has been about how powerful modern CSS is, and how some older HTML technologies (forms, cookies) solve problems very neatly and efficiently.

I reckon I'm unlikely to take this chunk of software much further as it fulfils it's goals of making this device capable of sending messages between people. I did have other goals for it (eg file sharing), but I've now sunk enough time into this and it's time for other projects (or other parts of this project....)

Code is available on the project's github. It's about 2Kloc, which is a bit bigger than can fit into my working memory, but I'm rather happy with the code quality - it's all mypy compliant and has tests for all the SQL and auth. Tooling definitely makes things much easier.