SkepticalWaves
4年前
3個のファイルの変更、16行の追加、1行の削除
-
+14 -0docs/configuring-playbook-s3.md
-
+1 -0roles/matrix-synapse/defaults/main.yml
-
+1 -1roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2
+ 14
- 0
docs/configuring-playbook-s3.md
ファイルの表示
| @@ -56,6 +56,20 @@ matrix_s3_media_store_custom_endpoint_enabled: true | |||||
| matrix_s3_media_store_custom_endpoint: "your-custom-endpoint" | matrix_s3_media_store_custom_endpoint: "your-custom-endpoint" | ||||
| ``` | ``` | ||||
| ## Using AWS Server-Side-Encryption | |||||
| You can enable automatic server side encryption using a custom key (with AWS SSE-C) by generating and providing a key for goofys: | |||||
| Generate a base64 encoded key: | |||||
| ```bash | |||||
| $ head -c 32 /dev/random | base64 | |||||
| ``` | |||||
| And store the key in: | |||||
| ```yaml | |||||
| matrix_s3_media_store_sse_key: "your-base64-encoded-key-here" | |||||
| ``` | |||||
| ### Backblaze B2 | ### Backblaze B2 | ||||
| To use [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html): | To use [Backblaze B2](https://www.backblaze.com/b2/cloud-storage.html): | ||||
+ 1
- 0
roles/matrix-synapse/defaults/main.yml
ファイルの表示
| @@ -540,6 +540,7 @@ matrix_s3_media_store_aws_access_key: "your-aws-access-key" | |||||
| matrix_s3_media_store_aws_secret_key: "your-aws-secret-key" | matrix_s3_media_store_aws_secret_key: "your-aws-secret-key" | ||||
| matrix_s3_media_store_region: "eu-central-1" | matrix_s3_media_store_region: "eu-central-1" | ||||
| matrix_s3_media_store_path: "{{ matrix_synapse_media_store_path }}" | matrix_s3_media_store_path: "{{ matrix_synapse_media_store_path }}" | ||||
| matrix_s3_media_store_sse_key: "" | |||||
| # Controls whether the self-check feature should validate SSL certificates. | # Controls whether the self-check feature should validate SSL certificates. | ||||
| matrix_synapse_self_check_validate_certificates: true | matrix_synapse_self_check_validate_certificates: true | ||||
+ 1
- 1
roles/matrix-synapse/templates/goofys/systemd/matrix-goofys.service.j2
ファイルの表示
| @@ -24,7 +24,7 @@ ExecStart={{ matrix_host_command_docker }} run --rm --name %n \ | |||||
| --env-file={{ matrix_synapse_config_dir_path }}/env-goofys \ | --env-file={{ matrix_synapse_config_dir_path }}/env-goofys \ | ||||
| --entrypoint /bin/sh \ | --entrypoint /bin/sh \ | ||||
| {{ matrix_s3_goofys_docker_image }} \ | {{ matrix_s3_goofys_docker_image }} \ | ||||
| -c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' | |||||
| -c 'goofys -f{% if not matrix_s3_media_store_custom_endpoint_enabled %} --storage-class=STANDARD_IA{% endif %}{% if matrix_s3_media_store_custom_endpoint_enabled %} --endpoint={{ matrix_s3_media_store_custom_endpoint }}{% endif %} {% if matrix_s3_media_store_sse_key %}--sse --sse-c {{ matrix_s3_media_store_sse_key }}{% endif %} --region {{ matrix_s3_media_store_region }} --stat-cache-ttl 60m0s --type-cache-ttl 60m0s --dir-mode 0700 --file-mode 0700 {{ matrix_s3_media_store_bucket_name }} /s3' | |||||
| TimeoutStartSec=5min | TimeoutStartSec=5min | ||||
| ExecStop=-{{ matrix_host_command_docker }} stop %n | ExecStop=-{{ matrix_host_command_docker }} stop %n | ||||