minio.yml

---

- hosts: homelab

  vars:
    application: minio

    minio_user: 3fiCArUB7qYUPiqBcJGS
    minio_password: !vault |
      $ANSIBLE_VAULT;1.1;AES256
      39343030393438393162313362353633646239356433366430643961633132343337373131666138
      6331663530373364613431396638643932383438333330310a306336633837666463363161373662
      35386639666164346439663532373732373037643165393464663662326564323562356461613262
      6331323639396236390a383332643161353961313237346334613832633766636164376363653664
      63663633646633353164373666303635363762653862626530623838326162393061393661656234
      31346136646538333834626564646139613061666466343161303735636633373537656130323635
      32653732663738323665666563653437376235326534303733633662333233616463646566323737
      35376237343864333036

    docker_network: "{{ networks.pub }}"

  tasks:
    - name: Create config folder
      ansible.builtin.file:
        path: "{{ config_directory }}"
        state: directory
        owner: "{{ common_user }}"
        group: "{{ common_group }}"
        mode: "0771"

    - name: Create container
      ansible.builtin.include_role:
        name: docker_container
      vars:
        image: minio/minio:RELEASE.2025-01-20T14-49-07Z
        command:
          - server
          - --anonymous
          - --console-address
          - ":9090"
          - /data
        env:
          MINIO_ROOT_USER: "{{ minio_user }}"
          MINIO_ROOT_PASSWORD: "{{ minio_password }}"

          MINIO_SERVER_URL: "https://{{ application }}.{{ common_tld }}"
          MINIO_BROWSER_REDIRECT_URL: "https://{{ application }}-console.{{ common_tld }}"

          MINIO_IDENTITY_OPENID_ENABLE: "on"
          MINIO_IDENTITY_OPENID_COMMENT: "{{ oidc_provider }}"
          MINIO_IDENTITY_OPENID_CONFIG_URL: "{{ oidc_discovery_url }}"
          MINIO_IDENTITY_OPENID_CLIENT_ID: "{{ application }}"
          MINIO_IDENTITY_OPENID_CLIENT_SECRET: "{{ oidc_auth.minio.secret }}"
          MINIO_IDENTITY_OPENID_DISPLAY_NAME: "{{ oidc_provider | title }}"
          MINIO_IDENTITY_OPENID_CLAIM_PREFIX: "{{ oidc_provider }}"
          MINIO_IDENTITY_OPENID_SCOPES: "openid,profile,email"
          MINIO_IDENTITY_OPENID_ROLE_POLICY: "consoleAdmin"
          MINIO_IDENTITY_OPENID_REDIRECT_URI: "https://{{ application }}-console.{{ common_tld }}/oauth_callback"
        volumes:
          - "{{ config_directory }}/data:/data"
        traefik:
          - name: "{{ application }}-console"
            port: 9090
          - port: 9000
        blackbox:
          path: /#
        homepage:
          name: MinIO
          group: Storage
          weight: 400
          description: "Object storage"
          href: "https://{{ application }}-console.{{ common_tld }}"