Allow-listing mode for pods
(Part of our roadmap for 0.20, see the forum topic)
In it's default configuration, a Funkwhale pod accepts traffic and messages from any other pod. This is fine, but some setups need more security and control about their interactions on the network, and especially with possible bad/unwanted actors.
To achieve that we'll provide an allow-listing (or bastion) mode, where all interactions with other pods are blocked by default, but admin/mods can manually approve specific pods to be part of a trusted network.
All federation messages from/to other pods would be discarded.
Todo
- Allow-listing settings (enable/disable and expose/hide the allowed domains in the API/Nodeinfo) (!781 (merged))
-
Adding an
allowedfield on theDomainmodel, with a default value atNone(no choice made) (!781 (merged)) - Drop ActivityPub requests/messages from/to unallowed domains when allow-listing is enabled (!789 (merged))
- UI for mods to allow/disallow a domain, filter allowed/disallowed domains, for instance admins to manage allow-listing settings (!800 (merged))
- Expose allow listing settings in NodeInfo (!793 (merged))
- Prevent fetches from unauthenticated actors / disallowed domains when allow-listing is enabled (!799 (merged))
- Write documentation (!804 (merged))