-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
78 lines (71 loc) · 1.66 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
---
# Enable ufw installation and config
system_security_ufw_enabled: true
# integration with ssh
system_security_ssh_port: 22
# integration with mdad
matrix_coturn_turn_udp_min_port: 49152
matrix_coturn_turn_udp_max_port: 49573
# UFW default rules (for matrix)
system_security_ufw_rules:
- name: SSH
rule: allow
port: "{{ system_security_ssh_port }}"
proto: tcp
- name: HTTP
rule: allow
port: '80'
proto: tcp
- name: HTTPS
rule: allow
port: '443'
proto: tcp
- name: HTTPS over UDP
rule: allow
port: '443'
proto: udp
- name: Matrix Federation
rule: allow
port: '8448'
proto: tcp
- name: Matrix Federation over UDP
rule: allow
port: '8448'
proto: udp
- name: TURN TCP
rule: allow
port: '3478'
proto: tcp
- name: TURN TCP (another port)
rule: allow
port: '5349'
proto: tcp
- name: TURN UDP
rule: allow
port: '5349'
proto: udp
- name: TURN UDP (port range)
rule: allow
port: "{{ matrix_coturn_turn_udp_min_port }}:{{ matrix_coturn_turn_udp_max_port }}"
proto: udp
- name: Jitsi harvester fallback
rule: allow
port: '4443'
proto: tcp
- name: Jitsi Video RTP
rule: allow
port: '10000'
proto: udp
# postmoogle integration
matrix_postmoogle_enabled: false
matrix_postmoogle_smtp_host_bind_port: '25'
matrix_postmoogle_submission_host_bind_port: '587'
# heisenbridge integration
matrix_heisenbridge_enabled: false
matrix_heisenbridge_identd_port: '113'
# firezone integration
firezone_enabled: false
firezone_wireguard_container_port: '51820'
# peertube integration
peertube_enabled: false
peertube_container_rtmp_host_bind_port: '1935'