From b1e8df29e7728ab057cb19272e6d7f2fd439d091 Mon Sep 17 00:00:00 2001
From: Your Name <youremail@example.com>
Date: Mon, 29 Sep 2025 20:59:57 -0600
Subject: [PATCH] Allow runtime S3 configuration overrides

---
 CloudronManifest.json |  2 +-
 POSTINSTALL.md        | 14 ++++-------
 start.sh              | 55 ++++++++++++++++++++++++++++++++++++-------
 3 files changed, 53 insertions(+), 18 deletions(-)

diff --git a/CloudronManifest.json b/CloudronManifest.json
index 7cda12e..10b59b7 100644
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -7,7 +7,7 @@
   "contactEmail": "contact@ente.io",
   "tagline": "Open Source End-to-End Encrypted Photos & Authentication",
   "upstreamVersion": "1.0.0",
-  "version": "0.1.118",
+  "version": "0.1.119",
   "healthCheckPath": "/ping",
   "httpPort": 3080,
   "memoryLimit": 1073741824,
diff --git a/POSTINSTALL.md b/POSTINSTALL.md
index b3ec012..54816b1 100644
--- a/POSTINSTALL.md
+++ b/POSTINSTALL.md
@@ -7,19 +7,15 @@ Before you can use Ente, you need to configure an S3-compatible storage service:
 1. Go to your Cloudron dashboard
 2. Click on your Ente app
 3. Click on "Terminal"
-4. Edit the S3 configuration template:
+4. Edit the S3 configuration file:
    ```
-   nano /app/data/config/s3.env.template
+   nano /app/data/config/s3.env
    ```
-5. Fill in your S3 credentials (AWS S3, MinIO, DigitalOcean Spaces, etc.)
-6. Save the file and rename it:
-   ```
-   mv /app/data/config/s3.env.template /app/data/config/s3.env
-   ```
-7. Restart your Ente app from the Cloudron dashboard
+5. Uncomment the variables you need and fill in your S3 credentials (AWS S3, MinIO, DigitalOcean Spaces, etc.)
+6. Save the file and restart your Ente app from the Cloudron dashboard
 
 ## Next Steps
 
 1. Once S3 is configured, visit your app URL to create an admin account
 2. Configure your mobile apps to use your custom self-hosted server (Settings → Advanced → Custom Server)
-3. Enjoy your private, end-to-end encrypted photo storage! 
\ No newline at end of file
+3. Enjoy your private, end-to-end encrypted photo storage! 
diff --git a/start.sh b/start.sh
index b42d77e..148283e 100644
--- a/start.sh
+++ b/start.sh
@@ -84,16 +84,55 @@ else
 fi
 RP_ID="${CLOUDRON_APP_FQDN:-${CLOUDRON_APP_DOMAIN:-localhost}}"
 
-# S3 configuration - HARDCODED VALUES
-S3_ACCESS_KEY="QZ5M3VMBUHDTIFDFCD8E"
-S3_SECRET_KEY="pz1eHYjU1NwAbbruedc7swzCuszd57p1rGSFVzjv"
-S3_ENDPOINT="https://s3.eu-central-2.wasabisys.com"
+# S3 configuration (overridable post-install)
+DEFAULT_S3_ACCESS_KEY="QZ5M3VMBUHDTIFDFCD8E"
+DEFAULT_S3_SECRET_KEY="pz1eHYjU1NwAbbruedc7swzCuszd57p1rGSFVzjv"
+DEFAULT_S3_ENDPOINT="https://s3.eu-central-2.wasabisys.com"
+DEFAULT_S3_REGION="eu-central-2"
+DEFAULT_S3_BUCKET="ente-due-ren"
+
+S3_CONFIG_DIR="/app/data/config"
+S3_CONFIG_FILE="$S3_CONFIG_DIR/s3.env"
+
+mkdir -p "$S3_CONFIG_DIR"
+
+if [ -f "$S3_CONFIG_FILE" ]; then
+  log "INFO" "Loading S3 configuration overrides from $S3_CONFIG_FILE"
+  # shellcheck disable=SC1090
+  set -a
+  . "$S3_CONFIG_FILE"
+  set +a
+else
+  log "INFO" "S3 configuration file not found, writing template to $S3_CONFIG_FILE"
+  cat > "$S3_CONFIG_FILE" << 'EOF'
+# S3 configuration overrides for Ente on Cloudron.
+# Uncomment and set any of the variables below to override the packaged defaults.
+# After editing this file, restart the Ente app from the Cloudron dashboard.
+#
+#S3_ACCESS_KEY=
+#S3_SECRET_KEY=
+#S3_ENDPOINT=
+#S3_REGION=
+#S3_BUCKET=
+EOF
+  chown cloudron:cloudron "$S3_CONFIG_FILE" || true
+fi
+
+S3_ACCESS_KEY="${S3_ACCESS_KEY:-$DEFAULT_S3_ACCESS_KEY}"
+S3_SECRET_KEY="${S3_SECRET_KEY:-$DEFAULT_S3_SECRET_KEY}"
+S3_ENDPOINT="${S3_ENDPOINT:-$DEFAULT_S3_ENDPOINT}"
+S3_REGION="${S3_REGION:-$DEFAULT_S3_REGION}"
+S3_BUCKET="${S3_BUCKET:-$DEFAULT_S3_BUCKET}"
+
 S3_ENDPOINT_HOST="${S3_ENDPOINT#https://}"
 S3_ENDPOINT_HOST="${S3_ENDPOINT_HOST#http://}"
-S3_REGION="eu-central-2"
-S3_BUCKET="ente-due-ren"
 
-log "INFO" "Using hardcoded S3 configuration"
+if [ -z "$S3_ACCESS_KEY" ] || [ -z "$S3_SECRET_KEY" ] || [ -z "$S3_ENDPOINT" ] || [ -z "$S3_REGION" ] || [ -z "$S3_BUCKET" ]; then
+  log "ERROR" "Incomplete S3 configuration detected. Please update $S3_CONFIG_FILE or set environment variables."
+  exit 1
+fi
+
+log "INFO" "Using S3 configuration"
 log "INFO" "S3 Endpoint: $S3_ENDPOINT"
 log "INFO" "S3 Region: $S3_REGION"
 log "INFO" "S3 Bucket: $S3_BUCKET"
@@ -996,7 +1035,7 @@ cat > /app/data/SETUP-INSTRUCTIONS.md << EOF
 
 ## Configuration
 
-1. **S3 Storage**: Edit the configuration file at \`/app/data/s3.env\` with your S3-compatible storage credentials.
+1. **S3 Storage**: Edit the configuration file at \`/app/data/config/s3.env\` (uncomment lines and add your values) with your S3-compatible storage credentials.
 
 2. **Museum Server**: The server configuration is at \`/app/data/ente/server/museum.yaml\` if you need to customize settings.