Deploy minio

My own S3, for various things

ansible/main.yml

@@ -67,6 +67,7 @@
     - gitea
     - vikunja
     - authentik
+    - minio
 
 - hosts: ingress
   roles:

ansible/roles/forrest/files/prometheus/prometheus.yml

@@ -59,9 +59,11 @@ scrape_configs:
           - https://matrix.jakehoward.tech:8448/_matrix/federation/v1/version
           - https://matrix.jakehoward.tech/_matrix/federation/v1/version
           - https://media.jakehoward.tech
+          - https://minio.jakehoward.tech/minio/health/live
           - https://notes.theorangeone.net
           - https://plausible.theorangeone.net
           - https://recipes.jakehoward.tech
+          - https://s3.jakehoward.tech/minio/health/live
           - https://tasks.jakehoward.tech/health
           - https://theorangeone.net
           - https://tt-rss.jakehoward.tech

ansible/roles/minio/files/docker-compose.yml

@@ -0,0 +1,31 @@
+version: "2.3"
+
+services:
+  minio:
+    image: quay.io/minio/minio:latest
+    command: server /data --console-address ":9090"
+    user: "{{ docker_user.id }}"
+    environment:
+      - TZ=Europe/London
+      - MINIO_ROOT_USER=jake
+      - MINIO_ROOT_PASSWORD={{ minio_root_password }}
+    restart: unless-stopped
+    labels:
+      - traefik.enable=true
+
+      - traefik.http.routers.minio-console.rule=Host(`minio.jakehoward.tech`)
+      - traefik.http.routers.minio-console.service=minio-console
+      - traefik.http.services.minio-console.loadbalancer.server.port=9090
+
+      - traefik.http.routers.minio-s3.rule=Host(`s3.jakehoward.tech`)
+      - traefik.http.routers.minio-s3.service=minio-s3
+      - traefik.http.services.minio-s3.loadbalancer.server.port=9000
+    volumes:
+      - /mnt/tank/files/minio:/data
+    networks:
+      - default
+      - traefik
+
+networks:
+  traefik:
+    external: true

ansible/roles/minio/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart minio
+  shell:
+    chdir: /opt/minio
+    cmd: "{{ docker_update_command }}"

ansible/roles/minio/tasks/main.yml

@@ -0,0 +1,20 @@
+- name: Include vault
+  include_vars: vault.yml
+
+- name: Create install directory
+  file:
+    path: /opt/minio
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+  become: true
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/minio/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart minio
+  become: true

ansible/roles/minio/vars/main.yml

@@ -0,0 +1 @@
+minio_root_password: "{{ vault_minio_root_password }}"

ansible/roles/minio/vars/vault.yml

@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+38666632613233313534666339373331396438323131643238356235323535303430373733353737
+6330313565333032333461623361333232633836343163650a663762653233303832333936646364
+66623566393464323537376666353631383464373030616263383536393735316336636636356332
+6639383839666563330a323166336565636634306538633761333338366637643162633133353164
+39306166373131303464373530373163626538623735393962306237663634326264323339643634
+37323564373839356434343836373631323162663038393861383934306538313262326637653537
+62653766623734343231633262636237366433363932316631393237633135636538623362373963
+39303531656431623733

terraform/jakehoward.tech.tf

@@ -221,6 +221,22 @@ resource "cloudflare_record" "jakehowardtech_auth" {
   ttl     = 1
 }
 
+resource "cloudflare_record" "jakehowardtech_minio" {
+  zone_id = cloudflare_zone.jakehowardtech.id
+  name    = "minio"
+  value   = linode_instance.casey.ip_address
+  type    = "A"
+  ttl     = 1
+}
+
+resource "cloudflare_record" "jakehowardtech_s3" {
+  zone_id = cloudflare_zone.jakehowardtech.id
+  name    = "s3"
+  value   = linode_instance.casey.ip_address
+  type    = "A"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "jakehowardtech_caa" {
   zone_id = cloudflare_zone.jakehowardtech.id
   name    = "@"