python-support-infra/roles/stack/deploy_volume_s3/defaults/main.yml

# S3 Master Credentials
cloudflare_account_id: "{{ lookup(
  'community.general.passwordstore',
  'cloudflare/account-id'
) }}"
s3_master_access_key_id: "{{ lookup(
  'community.general.passwordstore',
  'cloudflare/r2/s3_access_key_id'
) }}"
s3_master_secret_access_key: "{{ lookup(
  'community.general.passwordstore',
  'cloudflare/r2/s3_secret_access_key'
) }}"
s3_master_endpoint: "https://{{ cloudflare_account_id }}.r2.cloudflarestorage.com"

# S3 Bucket Info
s3_bucket_name: "{{ volume_name | replace('_', '-') }}"
s3_access_key_id: "{{ lookup(
  'community.general.passwordstore',
  'volumes/' ~ volume_name ~ '/s3_access_key_id'
) }}"
s3_secret_access_key: "{{ lookup(
  'community.general.passwordstore',
  'volumes/' ~ volume_name ~ '/s3_secret_access_key'
) }}"
s3_endpoint: "{{ s3_master_endpoint }}/{{ s3_bucket_name }}"
s3_acl: "private"

# Volume Dirs / Files
dir_volume_base: "/data/volumes/{{ volume_name }}"
dir_volume_cache: "{{ dir_volume_base }}/cache"
dir_volume_mount: "{{ dir_volume_base }}/data"
file_rclone_config: "{{ dir_volume_base }}/rclone.conf"

# rclone Encryption Options
rclone_enckey_1: "{{ lookup(
  'community.general.passwordstore',
  'volumes/' ~ volume_name ~ '/rclone_enckey_1'
) }}"
rclone_enckey_2: "{{ lookup(
  'community.general.passwordstore',
  'volumes/' ~ volume_name ~ '/rclone_enckey_2'
) }}"

# rclone Config/Permissions
perms_uid: "0"
perms_gid: "0"
perms_dir: "0777"
perms_files: "0666"
perms_umask: "2"
vfs_cache_mode: "full"

rclone_mount_opts: "{{
  '--config ' ~ file_rclone_config
  ~ ' --cache-dir ' ~ dir_volume_cache
  ~ ' --default-permissions'
  ~ ' --allow-other'
  ~ ' --uid ' ~ perms_uid
  ~ ' --gid ' ~ perms_gid
  ~ ' --dir-perms ' ~ perms_dir
  ~ ' --file-perms ' ~ perms_files
  ~ ' --umask ' ~ perms_umask
  ~ ' --gid ' ~ perms_gid
  ~ ' --vfs-cache-mode ' ~ vfs_cache_mode
}}"