From 0004866d6b16b38efbc35612be25e86f091603e0 Mon Sep 17 00:00:00 2001
From: Nick Sellen <git@nicksellen.co.uk>
Date: Sun, 28 Dec 2025 18:31:35 +0000
Subject: [PATCH] Add s3 configuration options

---
 .env.sample    | 15 ++++++++++++---
 compose.s3.yml | 42 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 3 deletions(-)
 create mode 100644 compose.s3.yml

diff --git a/.env.sample b/.env.sample
index 91e3115..d76ff8b 100644
--- a/.env.sample
+++ b/.env.sample
@@ -86,6 +86,7 @@ SECRET_SMTP_PASSWORD_VERSION=v1
 SECRET_ARE_DETERMINISTIC_KEY_VERSION=v1
 SECRET_ARE_KEY_DERIVATION_SALT_VERSION=v1
 SECRET_ARE_PRIMARY_KEY_VERSION=v1
+SECRET_AWS_SECRET_ACCESS_KEY_VERSION=v1
 
 # Web Push
 # ========
@@ -126,10 +127,9 @@ DEFAULT_LOCALE=en
 
 # S3 and AWS
 # ----------
-# S3_ENABLED=
-# S3_BUCKET=
+# COMPOSE_FILE="$COMPOSE_FILE:compose.s3.yml"
 # AWS_ACCESS_KEY_ID=
-# AWS_SECRET_ACCESS_KEY=
+# S3_BUCKET=
 # S3_REGION=
 # S3_PROTOCOL=
 # S3_HOSTNAME=
@@ -138,6 +138,15 @@ DEFAULT_LOCALE=en
 # S3_OVERRIDE_PATH_STYLE=
 # S3_OPEN_TIMEOUT=
 # S3_READ_TIMEOUT=
+# S3_RETRY_LIMIT=
+# S3_FORCE_SINGLE_REQUEST=
+# S3_ENABLE_CHECKSUM_MODE=
+# S3_STORAGE_CLASS=
+# S3_MULTIPART_THRESHOLD=
+# S3_PERMISSION=
+# S3_BATCH_DELETE_LIMIT=
+# S3_BATCH_DELETE_RETRY=
+# S3_ALIAS_HOST=
 
 # External Authentication
 # =======================
diff --git a/compose.s3.yml b/compose.s3.yml
new file mode 100644
index 0000000..344be8b
--- /dev/null
+++ b/compose.s3.yml
@@ -0,0 +1,42 @@
+---
+version: "3.8"
+
+services:
+  app:
+    environment: &s3-env
+      - S3_ENABLED=true
+      - AWS_ACCESS_KEY_ID
+      - AWS_SECRET_ACCESS_KEY_FILE=/run/secrets/aws_secret_access_key
+      - S3_BUCKET
+      - S3_REGION
+      - S3_PROTOCOL
+      - S3_HOSTNAME
+      - S3_ENDPOINT
+      - S3_SIGNATURE_VERSION
+      - S3_OVERRIDE_PATH_STYLE
+      - S3_OPEN_TIMEOUT
+      - S3_READ_TIMEOUT
+      - S3_RETRY_LIMIT
+      - S3_FORCE_SINGLE_REQUEST
+      - S3_ENABLE_CHECKSUM_MODE
+      - S3_STORAGE_CLASS
+      - S3_MULTIPART_THRESHOLD
+      - S3_PERMISSION
+      - S3_BATCH_DELETE_LIMIT
+      - S3_BATCH_DELETE_RETRY
+      - S3_ALIAS_HOST
+    secrets: &s3-secrets
+      - aws_secret_access_key
+
+  streaming:
+    environment: *s3-env
+    secrets: *s3-secrets
+
+  sidekiq:
+    environment: *s3-env
+    secrets: *s3-secrets
+
+secrets:
+  aws_secret_access_key:
+    name: ${STACK_NAME}_aws_secret_access_key_${SECRET_AWS_SECRET_ACCESS_KEY_VERSION}
+    external: true
-- 
2.49.0