Deactivated public api of listmonk by default, which was a security hole

group_vars/all

@@ -190,6 +190,7 @@ bigbluebutton_enable_greenlight:  "true"
 
 #### Listmonk
 listmonk_admin_username:          "admin"
+listmonk_public_api_activated:    False # Security hole. Can be used for spaming
 
 #### Mastodon
 mastodon_version:                 "latest"

roles/docker-listmonk/files/deactivate-public-api.conf

@@ -0,0 +1,3 @@
+location /api/public/subscription {
+    return 403;
+}

roles/docker-listmonk/tasks/main.yml

@@ -2,6 +2,15 @@
 - name: "include docker/compose/database.yml"
   include_tasks: docker/compose/database.yml
 
+- name: Set nginx_docker_reverse_proxy_extra_configuration based on listmonk_public_api_activated
+  set_fact:
+    nginx_docker_reverse_proxy_extra_configuration: >-
+      {% if not listmonk_public_api_activated %}
+      {{ lookup('file', '{{ role_path }}/files/deactivate-public-api.conf') }}
+      {% else %}
+      ""
+      {% endif %}
+
 - name: "include tasks nginx-docker-proxy-domain.yml"
   include_tasks: nginx-docker-proxy-domain.yml