Initial commit after Claude implementation

roles/minio/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+minio_data_dir: "{{ sovereign_base_dir }}/minio"

roles/minio/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: restart minio
+  community.docker.docker_compose_v2:
+    project_src: "{{ minio_data_dir }}"
+    state: present
+    recreate: always

roles/minio/tasks/main.yml

@@ -0,0 +1,40 @@
+---
+- name: Create MinIO directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "{{ minio_data_dir }}"
+    - "{{ minio_data_dir }}/data"
+
+- name: Deploy MinIO docker-compose
+  ansible.builtin.template:
+    src: docker-compose.yml.j2
+    dest: "{{ minio_data_dir }}/docker-compose.yml"
+    mode: '0644'
+  notify: restart minio
+
+- name: Start MinIO
+  community.docker.docker_compose_v2:
+    project_src: "{{ minio_data_dir }}"
+    state: present
+
+- name: Wait for MinIO to be ready
+  ansible.builtin.uri:
+    url: "http://localhost:9010/minio/health/live"
+    method: GET
+    status_code: 200
+  register: result
+  until: result.status == 200
+  retries: 15
+  delay: 5
+
+- name: Create Nextcloud bucket in MinIO
+  community.general.minio:
+    endpoint: "http://localhost:9010"
+    access_key: "{{ minio_root_user }}"
+    secret_key: "{{ minio_root_password }}"
+    name: "{{ minio_nextcloud_bucket }}"
+    state: present
+  ignore_errors: true

roles/minio/templates/docker-compose.yml.j2

@@ -0,0 +1,42 @@
+services:
+  minio:
+    image: quay.io/minio/minio:{{ minio_version }}
+    container_name: minio
+    restart: unless-stopped
+    command: server /data --console-address ":9001"
+    environment:
+      MINIO_ROOT_USER: "{{ minio_root_user }}"
+      MINIO_ROOT_PASSWORD: "{{ minio_root_password }}"
+      MINIO_BROWSER_REDIRECT_URL: "https://{{ minio_console_domain }}"
+      MINIO_IDENTITY_OPENID_CONFIG_URL: "https://{{ authentik_domain }}/application/o/minio/.well-known/openid-configuration"
+      MINIO_IDENTITY_OPENID_CLIENT_ID: "minio"
+      MINIO_IDENTITY_OPENID_CLIENT_SECRET: "changeme_minio_oidc_secret"
+      MINIO_IDENTITY_OPENID_CLAIM_NAME: "policy"
+      MINIO_IDENTITY_OPENID_REDIRECT_URI: "https://{{ minio_console_domain }}/oauth_callback"
+    ports:
+      - "127.0.0.1:9010:9000"
+    volumes:
+      - {{ minio_data_dir }}/data:/data
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.minio-api.rule=Host(`{{ minio_domain }}`)"
+      - "traefik.http.routers.minio-api.tls=true"
+      - "traefik.http.routers.minio-api.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.minio-api.service=minio-api"
+      - "traefik.http.services.minio-api.loadbalancer.server.port=9000"
+      - "traefik.http.routers.minio-console.rule=Host(`{{ minio_console_domain }}`)"
+      - "traefik.http.routers.minio-console.tls=true"
+      - "traefik.http.routers.minio-console.tls.certresolver=letsencrypt"
+      - "traefik.http.routers.minio-console.service=minio-console"
+      - "traefik.http.services.minio-console.loadbalancer.server.port=9001"
+    networks:
+      - {{ sovereign_network_name }}
+    logging:
+      driver: gelf
+      options:
+        gelf-address: "udp://{{ graylog_host }}:{{ graylog_gelf_port }}"
+        tag: "minio"
+
+networks:
+  {{ sovereign_network_name }}:
+    external: true