From c8ad7a0129e43d54ae3b8bb4facf56b67080d944 Mon Sep 17 00:00:00 2001
From: Robert Helewka <r@helu.ca>
Date: Mon, 1 Jun 2026 13:47:18 -0400
Subject: [PATCH] feat(terraform): add S3 storage bucket and credentials for
 Peitho

---
 terraform/storage.tf | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/terraform/storage.tf b/terraform/storage.tf
index f1e9a4b..5aae845 100644
--- a/terraform/storage.tf
+++ b/terraform/storage.tf
@@ -164,3 +164,33 @@ output "mnemosyne_s3_credentials" {
   }
   sensitive = true
 }
+
+# S3 bucket for Peitho file storage (document versions + converted Office files)
+resource "incus_storage_bucket" "peitho" {
+  name        = "peitho"
+  pool        = var.storage_pool
+  project     = var.project_name
+  description = "Peitho document storage bucket"
+
+  depends_on = [incus_project.ouranos]
+}
+
+# Access key for Peitho S3 bucket
+resource "incus_storage_bucket_key" "peitho_key" {
+  name           = "peitho-access"
+  pool           = incus_storage_bucket.peitho.pool
+  storage_bucket = incus_storage_bucket.peitho.name
+  project        = var.project_name
+  role           = "admin"
+}
+
+output "peitho_s3_credentials" {
+  description = "Peitho S3 bucket credentials - store in vault as vault_peitho_s3_*"
+  value = {
+    bucket     = incus_storage_bucket.peitho.name
+    access_key = incus_storage_bucket_key.peitho_key.access_key
+    secret_key = incus_storage_bucket_key.peitho_key.secret_key
+    endpoint   = "https://${incus_storage_bucket.peitho.location}"
+  }
+  sensitive = true
+}