Add Amazon AWS S3 SSE-C encryption to goofys configuration

4 år sedan · e48f7118b0
--- a/docs/configuring-playbook-s3.md
+++ b/docs/configuring-playbook-s3.md
@@ -56,6 +56,20 @@ matrix_s3_media_store_custom_endpoint_enabled: true
 matrix_s3_media_store_custom_endpoint: "your-custom-endpoint"
 ```

 ## Using AWS Server-Side-Encryption

 You can enable automatic server side encryption using a custom key (with AWS SSE-C) by generating and providing a key for goofys:

 Generate a base64 encoded key:
 ```bash
 $ head -c 32 /dev/random | base64
 ```

 And store the key in:
 ```yaml
 matrix_s3_media_store_sse_key: "your-base64-encoded-key-here"
 ```

 ### Backblaze B2

 To use [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html):
--- a/roles/matrix-synapse/defaults/main.yml
+++ b/roles/matrix-synapse/defaults/main.yml
@@ -540,6 +540,7 @@ matrix_s3_media_store_aws_access_key: "your-aws-access-key"
 matrix_s3_media_store_aws_secret_key: "your-aws-secret-key"
 matrix_s3_media_store_region: "eu-central-1"
 matrix_s3_media_store_path: "{{ matrix_synapse_media_store_path }}"
 matrix_s3_media_store_sse_key: ""

 # Controls whether the self-check feature should validate SSL certificates.
 matrix_synapse_self_check_validate_certificates: true
--- a/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2
+++ b/roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2
@@ -24,7 +24,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name %n \
 			--env-file={{ matrix_synapse_config_dir_path }}/env-goofys \
 			--entrypoint /bin/sh \
 			{{ matrix_s3_goofys_docker_image }} \
 			-c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3'
 			-c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} {% if matrix_s3_media_store_sse_key %}--sse --sse-c {{ matrix_s3_media_store_sse_key }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3'

 TimeoutStartSec=5min
 ExecStop=-{{ matrix_host_command_docker }} stop %n