From 91ec47fbaf4840d0ba3f757009755407a71ecde5 Mon Sep 17 00:00:00 2001
From: VC <veretcle+framagit@mateu.be>
Date: Mon, 6 Jan 2025 16:56:58 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8:=20move=20from=20scw=20s3=20to=20sftp?=
 =?UTF-8?q?=20hetzner=20storage=20box?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 inventory/group_vars/all/restic.yml            |  2 +-
 inventory/host_vars/frederica.dmz.mateu.be.yml | 13 +++----------
 roles/firewall/templates/firewall.j2           | 12 ++++++++++++
 roles/restic/vars/main.yml                     |  2 +-
 4 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/inventory/group_vars/all/restic.yml b/inventory/group_vars/all/restic.yml
index b988cb4..dda6556 100644
--- a/inventory/group_vars/all/restic.yml
+++ b/inventory/group_vars/all/restic.yml
@@ -11,4 +11,4 @@ restic_aws_secret_access_key: !vault |
           39653839646661356136306233653263386532616237326431366262343633613863353934626665
           38376163613837626435373134393630316235313032353738643537303162643538353966613833
           34333735663939396433
-restic_s3_url: "http://backup.mateu.be:3900/backup"
+restic_s3_url: "s3:http://backup.mateu.be:3900/backup"
diff --git a/inventory/host_vars/frederica.dmz.mateu.be.yml b/inventory/host_vars/frederica.dmz.mateu.be.yml
index 91bdad1..a183d2a 100644
--- a/inventory/host_vars/frederica.dmz.mateu.be.yml
+++ b/inventory/host_vars/frederica.dmz.mateu.be.yml
@@ -5,13 +5,6 @@ restic_backup_path:
 restic_backup_hour: 6
 restic_backup_minute: 45
 
-restic_aws_access_key_id: "SCW0VAFXE5MN9N8KVHTQ"
-restic_aws_secret_access_key: !vault |
-          $ANSIBLE_VAULT;1.1;AES256
-          33656263333731333833613461336230626332666534376235643735373862663530393433396130
-          6161343663633037663033613135333232393364643533320a383630363938313435356261396662
-          36303063616264383530643638366332323061333835376131323666633234313833353662626438
-          3235353961303739390a323332376235363734373838613632376232383861613761616437316564
-          61333532656135333731313561663062323133613662373061666266383031343964623838336264
-          3936393838396163626438303962313931333165386363666139
-restic_s3_url: "https://s3.fr-par.scw.cloud/backup-libertus"
+restic_aws_access_key_id: ""
+restic_aws_secret_access_key: ""
+restic_s3_url: "sftp://u441453@u441453.your-storagebox.de//backup"
diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2
index 1aa198a..dffe4cf 100644
--- a/roles/firewall/templates/firewall.j2
+++ b/roles/firewall/templates/firewall.j2
@@ -154,6 +154,18 @@ config rule
 	option dest_port '80 443'
 	option target 'ACCEPT'
 
+# SSH to Storage Box OUT
+config rule
+	option name 'Allow-OUTPUT-SSH-Hetzner'
+	option src 'dmz'
+	list proto 'tcp'
+	option dest 'wan'
+	option dest_port '22'
+	option src_ip '{{ hostvars['frederica.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_ip '{{ lookup('community.dns.lookup', 'u441453.your-storagebox.de') }}'
+	option target 'ACCEPT'
+	option family 'ipv4'
+
 # SSH traffic IN
 config rule
 	option name 'Allow-INPUT-SSH'
diff --git a/roles/restic/vars/main.yml b/roles/restic/vars/main.yml
index 7ca7c50..7421b4e 100644
--- a/roles/restic/vars/main.yml
+++ b/roles/restic/vars/main.yml
@@ -6,4 +6,4 @@ restic_architecture: "amd64"
 restic_system: "{{ ansible_facts['system'] | lower }}"
 restic_download_url: "https://github.com/restic/restic/releases/download/v{{ restic_version }}/restic_{{ restic_version }}_{{ restic_system }}_{{ restic_architecture }}.bz2"
 
-restic_repository: "s3:{{ restic_s3_url }}/{{ inventory_hostname }}"
+restic_repository: "{{ restic_s3_url }}/{{ inventory_hostname }}"