bundles/ntfy: add option to disable unauthorized writes

bundles/ntfy/files/server.yml

@@ -85,7 +85,11 @@ cache-startup-queries: |
 #   ntfy user and group by running: chown ntfy.ntfy <filename>.
 #
 auth-file: "/var/lib/ntfy/user.db"
+% if node.metadata.get('ntfy/allow_unauthorized_write'):
 auth-default-access: "write-only"
+% else:
+auth-default-access: "deny-all"
+% endif
 
 # If set, the X-Forwarded-For header is used to determine the visitor IP address
 # instead of the remote address of the connection.

bundles/ntfy/metadata.py

@@ -19,6 +19,9 @@ defaults = {
             "/var/opt/ntfy",
         },
     },
+    'ntfy': {
+        'allow_unauthorized_write': False,
+    },
     'zfs': {
         'datasets': {
             'tank/ntfy': {},

nodes/htz-cloud/miniserver.py

@@ -225,6 +225,7 @@ nodes['htz-cloud.miniserver'] = {
         },
         'ntfy': {
             'domain': 'ntfy.sophies-kitchen.eu',
+            'allow_unauthorized_write': True,
         },
         'postgresql': {
             'version': '11',