services:
  minio:
    image: minio/minio:latest # TODO: add to renovate; https://github.com/renovatebot/renovate/issues/2438
    container_name: minio
    restart: unless-stopped
    pull_policy: missing
    ports:
      # - '9000:9000' # S3, nur über traefik
      - '9001:9001' # WebUI
    networks:
      - traefik
    volumes:
      - data:/data # wird im "command" verwendet/gesetzt
    environment:
      MINIO_ROOT_USER: "{{ lookup('viczem.keepass.keepass', 'minio/minio_admin_user', 'username') }}"
      MINIO_ROOT_PASSWORD: "{{ lookup('viczem.keepass.keepass', 'minio/minio_admin_user', 'password') }}"
    command: server /data --console-address ":9001"
    healthcheck: # https://github.com/minio/minio/issues/18389
      test: ["CMD", "mc", "ready", "local"]
      interval: 5s
      timeout: 5s
      retries: 5
    labels:
      traefik.enable: true
      # s3
      traefik.http.routers.minio-s3.service: minio-s3
      traefik.http.routers.minio-s3.priority: "10"
      traefik.http.routers.minio-s3.rule: Host(`s3.mgrote.net`)
      traefik.http.routers.minio-s3.tls: true
      traefik.http.routers.minio-s3.tls.certresolver: resolver_letsencrypt
      traefik.http.routers.minio-s3.entrypoints: entry_https
      traefik.http.services.minio-s3.loadbalancer.server.port: 9000

######## Networks ########
networks:
  traefik:
    external: true
######## Volumes ########
volumes:
  data:

# Doku: https://wiki.mgrote.net/pages/_Technik/software/s3/minio/