fedihub-ansible/host_vars/matrix-media-repo.fedihub.com.yml

---
ansible_become_pass_for:
  kotovalexarian: !vault |
    $ANSIBLE_VAULT;1.2;AES256;matrix
    63326633306530326139353961383364663139396163623235366464356664613462653638633039
    3939653732613839623434326665303762653265353161610a623461323166626535373833366464
    61636234666533393433663239356562393232303966663665666231303338323935333163326566
    3938656465353539640a656363333132626433393239643762666539623839306663646362353030
    64613464653538613139383461623562613631303766633634393563303861626662306435626434
    3634366165623565393230343831383430313166346439653766

ansible_become_pass: "{{ ansible_become_pass_for[admin] }}"

common__certbot__cert_name: 'matrix-media-repo.fedihub.com'
common__certbot__cert_domains:
  - 'matrix-media-repo.fedihub.com'
common__certbot__post_hook: 'systemctl is-active nginx.service || systemctl start nginx.service'
common__certbot__pre_hook: 'systemctl is-active nginx.service && systemctl stop nginx.service || true'

common__nginx__state: install
common__nginx__remove_default: true

matrix_media_repo__site_host: 'fedihub.com'
matrix_media_repo__media_host: 'matrix-media-repo.fedihub.com'
matrix_media_repo__base_url: 'https://matrix.fedihub.com'
matrix_media_repo__admin_user: '@kotovalexarian:fedihub.com'

matrix_media_repo__ssl_cert: '/etc/letsencrypt/live/matrix-media-repo.fedihub.com/fullchain.pem'
matrix_media_repo__ssl_key:  '/etc/letsencrypt/live/matrix-media-repo.fedihub.com/privkey.pem'

matrix_media_repo__postgres: !vault |
  $ANSIBLE_VAULT;1.2;AES256;matrix
  62356433313435383239316430666234386234626335346239313264346532613232303064333731
  3833633035363237346537623633303135383162636465300a366637666535353463616665653237
  34346636333061303033633362356232643334393133363033646635313134366164306461663364
  3935396239343630340a396463623534613630323833333330633861393063323332613532373565
  32626463313965323635633034316237663835616464333261626331396136316335636132636265
  62343935316666656466336438633565316338363665366161643739616534353933373861343938
  38323533383362623835633230623363666662643264393534306362663535666531326534303636
  66303133626239633436663137633438326632366234613033396230393262326234356362396336
  64386664613064323034303039623038633339353362376238633065343364646266633862663232
  6637313330656465623437393764353466666230666633366238

matrix_media_repo__s3_endpoint: 's3.eu-central-1.amazonaws.com'
matrix_media_repo__s3_bucket: 'fedihub-matrix-media-repo'

matrix_media_repo__s3_access_key: !vault |
  $ANSIBLE_VAULT;1.2;AES256;matrix
  35326162306233313937646565623563636538376464643739313462323535393366363262323565
  3465623639303935623461336230646439663839343331320a663635343239366366623062346630
  37626332323965383738366532313665383564366132383530613762643836333831393735666438
  6132393437343464390a336339383439326338646137356634333534636236326438646433353965
  63376165363038326337346139303961373565346265393836396439656131633263

matrix_media_repo__s3_access_secret: !vault |
  $ANSIBLE_VAULT;1.2;AES256;matrix
  36316562306261323138663361353762393736343765346435633631353734663765343638383265
  3132383663393161306464386336396265363962313764320a653862343933666461666134383434
  38623661326462303962376535373862303235353131363361633736336231336536633338643233
  3539663031633038360a316433343432663865393738366633376235653839326232663134303931
  65363837313464616536333934353062353962363365353831623234363939636333616634323832
  3466656664353839333966643333336432303435663232646664

common__iptables__drop_by_default: true

common__iptables__v4_filter: |
  # Allow incoming HTTP, HTTPS.
  -A INPUT  -p tcp -m multiport --dport 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
  -A OUTPUT -p tcp -m multiport --sport 80,443 -m conntrack --ctstate ESTABLISHED     -j ACCEPT

  # Deny other HTTP, HTTPS.
  -A INPUT  -p tcp -m multiport --dport 80,443 -j REJECT
  -A OUTPUT -p tcp -m multiport --sport 80,443 -j REJECT  

common__iptables__v6_filter: '{{ common__iptables__v4_filter }}'