mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

setup minio (#227)
All checks were successful
ansible-lint / gitleaks (push) Successful in 4s
Details
ansible-lint / Ansible Lint (push) Successful in 45s
Details

Browse source 
Reviewed-on: #227
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2024-11-08 23:03:16 +01:00 committed by Michael Grote
parent 9f09ce3531
commit 79cb92e602
6 changed files with 60 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
docker-compose/minio/docker-compose.yml.j2 Normal file
View file

@ -0,0 +1,53 @@
services:
minio:
image: minio/minio:latest # add to renovate; https://github.com/renovatebot/renovate/issues/2438
container_name: minio
restart: unless-stopped
pull_policy: missing
ports:
# - '9000:9000' # S3
- '9001:9001' # WebUI
networks:
- traefik
volumes:
- data:/data # wird im "command" verwendet/gesetzt
environment:
MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'username') }}"
MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio_admin_user', 'password') }}"
command: server /data --console-address ":9001"
healthcheck: # https://github.com/minio/minio/issues/18389
test: ["CMD", "mc", "ready", "local"]
interval: 5s
timeout: 5s
retries: 5
labels:
traefik.enable: true
# s3
traefik.http.routers.minio-s3.service: minio-s3
traefik.http.routers.minio-s3.priority: "10"
traefik.http.routers.minio-s3.rule: Host(`s3.mgrote.net`)
traefik.http.routers.minio-s3.tls: true
traefik.http.routers.minio-s3.tls.certresolver: resolver_letsencrypt
traefik.http.routers.minio-s3.entrypoints: entry_https
traefik.http.services.minio-s3.loadbalancer.server.port: 9000
# WebUI
# traefik.http.routers.minio-ui.service: minio-ui
# traefik.http.routers.minio-ui.priority: "20"
# traefik.http.routers.minio-ui.rule: Host(`ui-s3.mgrote.net`)
# traefik.http.routers.minio-ui.tls: true
# traefik.http.routers.minio-ui.tls.certresolver: resolver_letsencrypt
# traefik.http.routers.minio-ui.entrypoints: entry_https
# traefik.http.services.minio-ui.loadbalancer.server.port: 9001
# traefik.http.routers.minio-ui.middlewares: minio-ui-ipallowlist # also entferne den Prefix danach wieder
# traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.sourcerange: 192.168.2.0/24,10.25.25.0/24
# traefik.http.middlewares.minio-ui-ipallowlist.ipallowlist.ipstrategy.depth: 0 # https://doc.traefik.io/traefik/middlewares/http/ipallowlist/#ipstrategydepth
######## Networks ########
networks:
traefik:
external: true
######## Volumes ########
volumes:
data:
# Doku: https://wiki.mgrote.net/pages/_Technik/software/s3/minio/

4
docker-compose/traefik/docker-compose.yml.j2
View file

@ -50,8 +50,8 @@ services:
- traefik - traefik
healthcheck: healthcheck:
test: ["CMD", "wget", "--quiet", "--spider", "--tries=1", "http://127.0.0.1:3000/login"] test: ["CMD", "wget", "--quiet", "--spider", "--tries=1", "http://127.0.0.1:3000/login"]
interval: 30s interval: 10s
timeout: 10s timeout: 5s
retries: 3 retries: 3
######## Networks ######## ######## Networks ########

2
group_vars/blocky.yml
View file

@ -88,6 +88,8 @@ blocky_custom_lookups: # optional
ip: 192.168.2.47 ip: 192.168.2.47
- name: munin.mgrote.net - name: munin.mgrote.net
ip: 192.168.2.40 ip: 192.168.2.40
- name: s3.mgrote.net
ip: 192.168.2.43
### mgrote_munin_node ### mgrote_munin_node
# kann git.mgrote.net nicht auflösen, deshalb hiermit IP # kann git.mgrote.net nicht auflösen, deshalb hiermit IP

2
group_vars/munin.yml
View file

@ -104,7 +104,7 @@ munin_node_plugins:
src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/http/http_response src: https://git.mgrote.net/mirrors/munin-contrib/raw/branch/master/plugins/http/http_response
config: | config: |
[http_response] [http_response]
env.sites https://git.mgrote.net http://ldap.mgrote.net:17170 https://docker10.mgrote.net:8443 https://registry.mgrote.net/ui/ http://munin.mgrote.net http://192.168.5.1 http://192.168.3.1 http://192.168.3.108:8080 http://192.168.3.204 http://docker10.mgrote.net:6483 https://miniflux.mgrote.net/ https://nextcloud.mgrote.net https://audio.mgrote.net/mg http://wiki.mgrote.net env.sites https://git.mgrote.net http://ldap.mgrote.net:17170 https://docker10.mgrote.net:8443 https://registry.mgrote.net/ui/ http://munin.mgrote.net http://192.168.5.1 http://192.168.3.1 http://192.168.3.108:8080 http://192.168.3.204 http://docker10.mgrote.net:6483 https://miniflux.mgrote.net/ https://nextcloud.mgrote.net https://audio.mgrote.net/mg http://wiki.mgrote.net https://s3.mgrote.net
env.max_time 20 env.max_time 20
env.short_label true env.short_label true
env.follow_redirect true env.follow_redirect true

2
host_vars/docker10.mgrote.net.yml
View file

@ -64,6 +64,8 @@ compose_files:
state: present state: present
- name: act-runner - name: act-runner
state: present state: present
- name: minio
state: present
### oefenweb.ufw ### oefenweb.ufw
ufw_rules: ufw_rules:

BIN
keepass_db.kdbx
View file

Binary file not shown.