diff options
author | Nicola Squartini <tensor5@gmail.com> | 2023-02-22 18:57:07 +0100 |
---|---|---|
committer | Nicola Squartini <tensor5@gmail.com> | 2023-02-24 16:59:41 +0100 |
commit | a2eeaddea212121f336872900635686462e1416a (patch) | |
tree | f70d9118e0bae2f7ce1d6c6599a38227f62cb877 /nixos/modules/services/web-apps | |
parent | 3a558d658f59ac4ed95edeae20409fc936bbcf47 (diff) | |
download | nixpkgs-a2eeaddea212121f336872900635686462e1416a.tar nixpkgs-a2eeaddea212121f336872900635686462e1416a.tar.gz nixpkgs-a2eeaddea212121f336872900635686462e1416a.tar.bz2 nixpkgs-a2eeaddea212121f336872900635686462e1416a.tar.lz nixpkgs-a2eeaddea212121f336872900635686462e1416a.tar.xz nixpkgs-a2eeaddea212121f336872900635686462e1416a.tar.zst nixpkgs-a2eeaddea212121f336872900635686462e1416a.zip |
nixos/nextcloud: support SSE-C for S3 primary storage
Add configuration option to enable [server-side encryption with customer-provided keys][1] (SSE-C) when using S3 as primary storage in Nextcloud. [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html
Diffstat (limited to 'nixos/modules/services/web-apps')
-rw-r--r-- | nixos/modules/services/web-apps/nextcloud.nix | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/nixos/modules/services/web-apps/nextcloud.nix b/nixos/modules/services/web-apps/nextcloud.nix index c5e161c2516..71cb53fb398 100644 --- a/nixos/modules/services/web-apps/nextcloud.nix +++ b/nixos/modules/services/web-apps/nextcloud.nix @@ -514,6 +514,27 @@ in { `http://hostname.domain/bucket` instead. ''; }; + sseCKeyFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/var/nextcloud-objectstore-s3-sse-c-key"; + description = lib.mdDoc '' + If provided this is the full path to a file that contains the key + to enable [server-side encryption with customer-provided keys][1] + (SSE-C). + + The file must contain a random 32-byte key encoded as a base64 + string, e.g. generated with the command + + ``` + openssl rand 32 | base64 + ``` + + Must be readable by user `nextcloud`. + + [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html + ''; + }; }; }; }; @@ -773,6 +794,7 @@ in { 'use_ssl' => ${boolToString s3.useSsl}, ${optionalString (s3.region != null) "'region' => '${s3.region}',"} 'use_path_style' => ${boolToString s3.usePathStyle}, + ${optionalString (s3.sseCKeyFile != null) "'sse_c_key' => nix_read_secret('${s3.sseCKeyFile}'),"} ], ] ''; |