From c16160b3d4f3a5933bfa6b333c9af768b4560ed4 Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Fri, 25 Aug 2023 21:17:33 -0400
Subject: mastodon: disable anonymous access by default

---
 roles/mastodon/defaults/main.yml                                  | 4 ++++
 roles/mastodon/templates/opt/mastodon/mastodon/.env.production.j2 | 2 ++
 2 files changed, 6 insertions(+)

(limited to 'roles')

diff --git a/roles/mastodon/defaults/main.yml b/roles/mastodon/defaults/main.yml
index a166350..cc879f7 100644
--- a/roles/mastodon/defaults/main.yml
+++ b/roles/mastodon/defaults/main.yml
@@ -23,3 +23,7 @@ mastodon_streaming_port: 8009
 mastodon_sysaccount_username: mastodon
 
 mastodon_login_cidrs: []
+
+# Leaving anonymous access *disabled* by default until this issue is resolved:
+# https://github.com/mastodon/mastodon/issues/22620
+mastodon_disallow_unauthenticated_api_access: yes
diff --git a/roles/mastodon/templates/opt/mastodon/mastodon/.env.production.j2 b/roles/mastodon/templates/opt/mastodon/mastodon/.env.production.j2
index 03af34a..b28a94b 100644
--- a/roles/mastodon/templates/opt/mastodon/mastodon/.env.production.j2
+++ b/roles/mastodon/templates/opt/mastodon/mastodon/.env.production.j2
@@ -7,6 +7,8 @@ WEB_DOMAIN={{ mastodon_web_domain }}
 
 DEFAULT_LOCALE={{ mastodon_default_locale }}
 
+DISALLOW_UNAUTHENTICATED_API_ACCESS={{ mastodon_disallow_unauthenciated_api_access | bool | to_json }}
+
 # Redis
 # -----
 REDIS_HOST=localhost
-- 
cgit