From 6c54424b289ef6f730483d70f468419b8df1f982 Mon Sep 17 00:00:00 2001
From: meliurwen <meliurwen@gmail.com>
Date: Wed, 26 Aug 2020 13:29:15 +0200
Subject: [PATCH] Added possibility to restrict internet access

---
 .env.example       | 8 +++++++-
 docker-compose.yml | 3 ++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index 4c1b1c6..c7f0dde 100644
--- a/.env.example
+++ b/.env.example
@@ -20,7 +20,13 @@ FUNKWHALE_HOSTNAME=
 FUNKWHALE_VERSION=
 
 # Networks
-NETWORK=webservices
+# Name of the external network of the reverse proxy
+REVERSE_PROXY_NETWORK=webservices
+# Restrict internet access to the whole Funkwhale app
+# Note: It will be normally reachable from the web (via the reverse-proxy), but
+#       the containers cannot make external calls on their own, thus no
+#       federation or anything that may require internet from the server side.
+NO_INTERNET_ACC=false
 
 # postgres (optional)
 DB_IMG=
diff --git a/docker-compose.yml b/docker-compose.yml
index cb416bc..4538aa4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -111,6 +111,7 @@ networks:
   default:
     internal: true
   internet-access:
+    internal: ${NO_INTERNET_ACC}
   main-webservices:
     external:
-      name: ${NETWORK}
+      name: ${REVERSE_PROXY_NETWORK}