From dfef31cbfade2fb72178307025cfafb2638b6030 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Sun, 12 Nov 2023 21:23:54 +0000 Subject: [PATCH] Deploy minio My own S3, for various things --- ansible/main.yml | 1 + .../forrest/files/prometheus/prometheus.yml | 2 ++ ansible/roles/minio/files/docker-compose.yml | 31 +++++++++++++++++++ ansible/roles/minio/handlers/main.yml | 4 +++ ansible/roles/minio/tasks/main.yml | 20 ++++++++++++ ansible/roles/minio/vars/main.yml | 1 + ansible/roles/minio/vars/vault.yml | 9 ++++++ terraform/jakehoward.tech.tf | 16 ++++++++++ 8 files changed, 84 insertions(+) create mode 100644 ansible/roles/minio/files/docker-compose.yml create mode 100644 ansible/roles/minio/handlers/main.yml create mode 100644 ansible/roles/minio/tasks/main.yml create mode 100644 ansible/roles/minio/vars/main.yml create mode 100644 ansible/roles/minio/vars/vault.yml diff --git a/ansible/main.yml b/ansible/main.yml index 4f9f3f5..7943f92 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -67,6 +67,7 @@ - gitea - vikunja - authentik + - minio - hosts: ingress roles: diff --git a/ansible/roles/forrest/files/prometheus/prometheus.yml b/ansible/roles/forrest/files/prometheus/prometheus.yml index 70b6d92..3f3c2df 100644 --- a/ansible/roles/forrest/files/prometheus/prometheus.yml +++ b/ansible/roles/forrest/files/prometheus/prometheus.yml @@ -59,9 +59,11 @@ scrape_configs: - https://matrix.jakehoward.tech:8448/_matrix/federation/v1/version - https://matrix.jakehoward.tech/_matrix/federation/v1/version - https://media.jakehoward.tech + - https://minio.jakehoward.tech/minio/health/live - https://notes.theorangeone.net - https://plausible.theorangeone.net - https://recipes.jakehoward.tech + - https://s3.jakehoward.tech/minio/health/live - https://tasks.jakehoward.tech/health - https://theorangeone.net - https://tt-rss.jakehoward.tech diff --git a/ansible/roles/minio/files/docker-compose.yml b/ansible/roles/minio/files/docker-compose.yml new file mode 100644 index 0000000..eba7365 --- /dev/null +++ b/ansible/roles/minio/files/docker-compose.yml @@ -0,0 +1,31 @@ +version: "2.3" + +services: + minio: + image: quay.io/minio/minio:latest + command: server /data --console-address ":9090" + user: "{{ docker_user.id }}" + environment: + - TZ=Europe/London + - MINIO_ROOT_USER=jake + - MINIO_ROOT_PASSWORD={{ minio_root_password }} + restart: unless-stopped + labels: + - traefik.enable=true + + - traefik.http.routers.minio-console.rule=Host(`minio.jakehoward.tech`) + - traefik.http.routers.minio-console.service=minio-console + - traefik.http.services.minio-console.loadbalancer.server.port=9090 + + - traefik.http.routers.minio-s3.rule=Host(`s3.jakehoward.tech`) + - traefik.http.routers.minio-s3.service=minio-s3 + - traefik.http.services.minio-s3.loadbalancer.server.port=9000 + volumes: + - /mnt/tank/files/minio:/data + networks: + - default + - traefik + +networks: + traefik: + external: true diff --git a/ansible/roles/minio/handlers/main.yml b/ansible/roles/minio/handlers/main.yml new file mode 100644 index 0000000..f7fdd6e --- /dev/null +++ b/ansible/roles/minio/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart minio + shell: + chdir: /opt/minio + cmd: "{{ docker_update_command }}" diff --git a/ansible/roles/minio/tasks/main.yml b/ansible/roles/minio/tasks/main.yml new file mode 100644 index 0000000..06b6bab --- /dev/null +++ b/ansible/roles/minio/tasks/main.yml @@ -0,0 +1,20 @@ +- name: Include vault + include_vars: vault.yml + +- name: Create install directory + file: + path: /opt/minio + state: directory + owner: "{{ docker_user.name }}" + mode: "{{ docker_compose_directory_mask }}" + become: true + +- name: Install compose file + template: + src: files/docker-compose.yml + dest: /opt/minio/docker-compose.yml + mode: "{{ docker_compose_file_mask }}" + owner: "{{ docker_user.name }}" + validate: docker-compose -f %s config + notify: restart minio + become: true diff --git a/ansible/roles/minio/vars/main.yml b/ansible/roles/minio/vars/main.yml new file mode 100644 index 0000000..70d9274 --- /dev/null +++ b/ansible/roles/minio/vars/main.yml @@ -0,0 +1 @@ +minio_root_password: "{{ vault_minio_root_password }}" diff --git a/ansible/roles/minio/vars/vault.yml b/ansible/roles/minio/vars/vault.yml new file mode 100644 index 0000000..837df6e --- /dev/null +++ b/ansible/roles/minio/vars/vault.yml @@ -0,0 +1,9 @@ +$ANSIBLE_VAULT;1.1;AES256 +38666632613233313534666339373331396438323131643238356235323535303430373733353737 +6330313565333032333461623361333232633836343163650a663762653233303832333936646364 +66623566393464323537376666353631383464373030616263383536393735316336636636356332 +6639383839666563330a323166336565636634306538633761333338366637643162633133353164 +39306166373131303464373530373163626538623735393962306237663634326264323339643634 +37323564373839356434343836373631323162663038393861383934306538313262326637653537 +62653766623734343231633262636237366433363932316631393237633135636538623362373963 +39303531656431623733 diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf index 0af13c4..6492283 100644 --- a/terraform/jakehoward.tech.tf +++ b/terraform/jakehoward.tech.tf @@ -221,6 +221,22 @@ resource "cloudflare_record" "jakehowardtech_auth" { ttl = 1 } +resource "cloudflare_record" "jakehowardtech_minio" { + zone_id = cloudflare_zone.jakehowardtech.id + name = "minio" + value = linode_instance.casey.ip_address + type = "A" + ttl = 1 +} + +resource "cloudflare_record" "jakehowardtech_s3" { + zone_id = cloudflare_zone.jakehowardtech.id + name = "s3" + value = linode_instance.casey.ip_address + type = "A" + ttl = 1 +} + resource "cloudflare_record" "jakehowardtech_caa" { zone_id = cloudflare_zone.jakehowardtech.id name = "@"