...
 
Commits (2)
......@@ -124,6 +124,7 @@ Role Variables
| `funkwhale_database_user` | `funkwhale` | Postgresql username to login as |
| `funkwhale_env_vars` | `[]` | List of environment variables to append to the generated `.env` file. Example: `["AWS_ACCESS_KEY_ID=myawsid", "AWS_SECRET_ACCESS_KEY=myawskey"]` |
| `funkwhale_external_storage_enabled` | `false` | If `true`, set up the proper configuration to use an extenal storage for media files |
| `funkwhale_disable_django_admin` | `false` | If `true`, returns a 403 (Forbidden) for `/api/admin` |
| `funkwhale_install_path` | `/srv/funkwhale` | Path were frontend, api and virtualenv files should be stored (**no trailing slash**) |
| `funkwhale_letsencrypt_certbot_flags` | `null` | Additional flags to pass to `certbot` |
| `funkwhale_letsencrypt_enabled` | `true` | If `true`, will configure SSL with certbot and Let's Encrypt |
......
......@@ -6,6 +6,7 @@ funkwhale_static_path: /srv/funkwhale/data/static
funkwhale_music_path: /srv/funkwhale/data/music
funkwhale_config_path: /srv/funkwhale/config
funkwhale_external_storage_enabled: false
funkwhale_disable_django_admin: false
funkwhale_username: funkwhale
funkwhale_database_managed: true
funkwhale_frontend_managed: true
......
......@@ -89,10 +89,12 @@ setup() {
read -p "Enter your redis configuration, (e.g redis://127.0.0.1:6379/0): " funkwhale_redis_url
funkwhale_systemd_after="funkwhale_systemd_after: "
fi
yesno_prompt funkwhale_disable_django_admin 'Disable access to API admin dashboard?' 'no'
else
funkwhale_nginx_managed="true"
funkwhale_database_managed="true"
funkwhale_redis_managed="true"
funkwhale_disable_django_admin="false"
fi
......@@ -112,6 +114,9 @@ setup() {
if [ "$funkwhale_database_managed" = "false" ]; then
echo " - Custom PostgreSQL configuration: $funkwhale_database_url"
fi
if [ "$funkwhale_disable_django_admin" = "true"]; then
echo "- Disabled access to API admin dashboard"
fi
if [ "$is_dry_run" = "true" ]; then
echo "Running with dry-run mode, your system will be not be modified (apart from Ansible installation)."
......@@ -255,6 +260,11 @@ EOF
[funkwhale_servers]
127.0.0.1 ansible_connection=local ansible_python_interpreter=/usr/bin/python3
EOF
if [ "$funkwhale_disable_django_admin" = "true" ]; then
cat <<EOF >>playbook.yml
funkwhale_disable_django_admin: true
EOF
fi
echo "[2/$total_steps] Downloading Funkwhale playbook dependencies"
$ansible_bin_path/ansible-galaxy install -r requirements.yml -f
......
......@@ -132,4 +132,11 @@ server {
# django static files
alias {{ funkwhale_static_path }}/;
}
{% if funkwhale_disable_django_admin -%}
location /api/admin/ {
# disable access to API admin dashboard
return 403;
}
{% else -%}
}