Implement Hetzner Object Storage for image uploads

- Add aws-sdk-s3 gem for S3-compatible storage
- Configure Hetzner storage in config/storage.yml
- Update development and production to use Hetzner storage
- Add environment variables for AWS S3 API compatibility
- Create .env.example and development setup files
- Add comprehensive Hetzner setup documentation
- Support for poster image uploads to cloud storage

Author: zachlatta

Gemfile

@@ -28,6 +28,9 @@ gem "omniauth-rails_csrf_protection"
 # Environment variables
 gem "dotenv-rails"
 
+# AWS S3 for Active Storage (Hetzner object storage)
+gem "aws-sdk-s3", require: false
+
 # PDF generation and QR codes
 gem "hexapdf"
 gem "rqrcode"

Gemfile.lock

@@ -75,6 +75,24 @@ GEM
     addressable (2.8.7)
       public_suffix (>= 2.0.2, < 7.0)
     ast (2.4.3)
+    aws-eventstream (1.4.0)
+    aws-partitions (1.1112.0)
+    aws-sdk-core (3.225.1)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
+      base64
+      jmespath (~> 1, >= 1.6.1)
+      logger
+    aws-sdk-kms (1.103.0)
+      aws-sdk-core (~> 3, >= 3.225.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-s3 (1.189.0)
+      aws-sdk-core (~> 3, >= 3.225.0)
+      aws-sdk-kms (~> 1)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.12.0)
+      aws-eventstream (~> 1, >= 1.0.2)
     base64 (0.3.0)
     bcrypt_pbkdf (1.1.1)
     benchmark (0.4.1)
@@ -157,6 +175,7 @@ GEM
     jbuilder (2.13.0)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
+    jmespath (1.6.2)
     json (2.12.2)
     jwt (2.10.1)
       base64
@@ -444,6 +463,7 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
+  aws-sdk-s3
   bootsnap
   brakeman
   capybara

HETZNER_SETUP.md

@@ -0,0 +1,69 @@
+# Hetzner Object Storage Setup
+
+This app uses Hetzner Object Storage (S3-compatible) for image uploads.
+
+## Setup Instructions
+
+### 1. Create Object Storage in Hetzner Cloud Console
+
+1. Go to [Hetzner Cloud Console](https://console.hetzner.cloud/)
+2. Navigate to "Object Storage" 
+3. Create a new Object Storage instance
+4. Choose region (recommend `eu-central`)
+5. Create a bucket (e.g., `pyramid-scheme-uploads`)
+
+### 2. Get Access Credentials
+
+1. In Object Storage settings, go to "Access Keys"
+2. Create a new access key
+3. Save the Access Key ID and Secret Access Key
+
+### 3. Configure Environment Variables
+
+Copy `.env.example` to `.env` and fill in your values:
+
+```bash
+# Your Hetzner Object Storage credentials
+AWS_ACCESS_KEY_ID=your_hetzner_access_key
+AWS_SECRET_ACCESS_KEY=your_hetzner_secret_key
+AWS_REGION=eu-central
+AWS_BUCKET=your-bucket-name
+AWS_ENDPOINT=https://your-project.hetzner.eu-central.objects.s3.cloud
+```
+
+### 4. Find Your Endpoint URL
+
+Your endpoint URL format: `https://{your-project-id}.{region}.objects.s3.cloud`
+
+Example: `https://12345678.eu-central.objects.s3.cloud`
+
+You can find this in the Hetzner Cloud Console under Object Storage details.
+
+## Testing
+
+Once configured, poster uploads will automatically use Hetzner Object Storage in both development and production environments.
+
+## Bucket Permissions
+
+The bucket should allow:
+- `GetObject` - To display uploaded images
+- `PutObject` - To upload new images
+- `DeleteObject` - To delete images (if needed)
+
+Hetzner buckets are private by default, which is perfect for this use case.
+
+## CORS Configuration (if needed)
+
+If you need direct browser uploads in the future, configure CORS:
+
+```xml
+<CORSConfiguration>
+    <CORSRule>
+        <AllowedOrigin>https://your-domain.com</AllowedOrigin>
+        <AllowedMethod>GET</AllowedMethod>
+        <AllowedMethod>POST</AllowedMethod>
+        <AllowedMethod>PUT</AllowedMethod>
+        <AllowedHeader>*</AllowedHeader>
+    </CORSRule>
+</CORSConfiguration>
+```

PRODUCTION_ENV.md

@@ -22,6 +22,17 @@ SECRET_KEY_BASE=your_long_random_secret
 RAILS_MAX_THREADS=5
 ```
 
+## Hetzner Object Storage (S3 Compatible)
+
+```bash
+# Hetzner Object Storage credentials
+AWS_ACCESS_KEY_ID=your_hetzner_access_key
+AWS_SECRET_ACCESS_KEY=your_hetzner_secret_key
+AWS_REGION=eu-central
+AWS_BUCKET=your-bucket-name
+AWS_ENDPOINT=https://your-project.hetzner.eu-central.objects.s3.cloud
+```
+
 ## Application Specific
 
 ```bash

config/environments/development.rb

@@ -28,8 +28,8 @@
   # Change to :null_store to avoid any caching.
   config.cache_store = :memory_store
 
-  # Store uploaded files on the local file system (see config/storage.yml for options).
-  config.active_storage.service = :local
+  # Store uploaded files on Hetzner Object Storage (see config/storage.yml for options).
+  config.active_storage.service = :hetzner
 
   # Don't care if the mailer can't send.
   config.action_mailer.raise_delivery_errors = false

config/environments/production.rb

@@ -21,8 +21,8 @@
   # Enable serving of images, stylesheets, and JavaScripts from an asset server.
   # config.asset_host = "http://assets.example.com"
 
-  # Store uploaded files on the local file system (see config/storage.yml for options).
-  config.active_storage.service = :local
+  # Store uploaded files on Hetzner Object Storage (see config/storage.yml for options).
+  config.active_storage.service = :hetzner
 
   # Assume all access to the app is happening through a SSL-terminating reverse proxy.
   config.assume_ssl = true

config/storage.yml

@@ -6,13 +6,15 @@ local:
   service: Disk
   root: <%= Rails.root.join("storage") %>
 
-# Use bin/rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
-# amazon:
-#   service: S3
-#   access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
-#   secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
-#   region: us-east-1
-#   bucket: your_own_bucket-<%= Rails.env %>
+# Hetzner Object Storage (S3 compatible)
+hetzner:
+  service: S3
+  access_key_id: <%= ENV["AWS_ACCESS_KEY_ID"] %>
+  secret_access_key: <%= ENV["AWS_SECRET_ACCESS_KEY"] %>
+  region: <%= ENV.fetch("AWS_REGION") { "eu-central" } %>
+  bucket: <%= ENV["AWS_BUCKET"] %>
+  endpoint: <%= ENV.fetch("AWS_ENDPOINT") { "https://your-project.hetzner.eu-central.objects.s3.cloud" } %>
+  force_path_style: true
 
 # Remember not to checkin your GCS keyfile to a repository
 # google: