Merge pull request #217515 from tensor5/nextcloud-s3-sse-c

pyrox.dev / nixpkgs

fork atom

lol

fork atom

authored by

Sandro and committed by

GitHub 2 years ago 1641813e 9d3b37c6

+24

2 changed files

expand all

unified split

nixos

doc

manual

release-notes

rl-2305.section.md

modules

services

web-apps

nextcloud.nix

nixos/doc/manual/release-notes/rl-2305.section.md

··· 221 221 222 222 - `mastodon` now supports connection to a remote `PostgreSQL` database. 223 223 224 + - `nextcloud` has an option to enable SSE-C in S3. 225 + 224 226 - `services.peertube` now requires you to specify the secret file `secrets.secretsFile`. It can be generated by running `openssl rand -hex 32`. 225 227 Before upgrading, read the release notes for PeerTube: 226 228 - [Release v5.0.0](https://github.com/Chocobozzz/PeerTube/releases/tag/v5.0.0)

+22

nixos/modules/services/web-apps/nextcloud.nix

··· 514 514 `http://hostname.domain/bucket` instead. 515 515 ''; 516 516 }; 517 + sseCKeyFile = mkOption { 518 + type = types.nullOr types.path; 519 + default = null; 520 + example = "/var/nextcloud-objectstore-s3-sse-c-key"; 521 + description = lib.mdDoc '' 522 + If provided this is the full path to a file that contains the key 523 + to enable [server-side encryption with customer-provided keys][1] 524 + (SSE-C). 525 + 526 + The file must contain a random 32-byte key encoded as a base64 527 + string, e.g. generated with the command 528 + 529 + ``` 530 + openssl rand 32 | base64 531 + ``` 532 + 533 + Must be readable by user `nextcloud`. 534 + 535 + [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html 536 + ''; 537 + }; 517 538 }; 518 539 }; 519 540 }; ··· 773 794 'use_ssl' => ${boolToString s3.useSsl}, 774 795 ${optionalString (s3.region != null) "'region' => '${s3.region}',"} 775 796 'use_path_style' => ${boolToString s3.usePathStyle}, 797 + ${optionalString (s3.sseCKeyFile != null) "'sse_c_key' => nix_read_secret('${s3.sseCKeyFile}'),"} 776 798 ], 777 799 ] 778 800 '';