---
minio_svc:
  domain: "{{ all_services | service_get_domain(role_name) }}"
  port: 9000
  caddy_extra: |
    @nocache {
       query nocache=*
    }
    header @nocache "Cache-Control" "no-store, no-cache"
  extra_svcs:
    - domain: console.s3.serguzim.me
      docker_host: minio
      port: 9001

minio_env:
  MINIO_SERVER_URL: https://{{ svc.domain }}/
  MINIO_BROWSER_REDIRECT_URL: https://console.{{ svc.domain }}
  MINIO_VOLUMES: /data

  MINIO_ROOT_USER: "{{ vault_minio.user }}"
  MINIO_ROOT_PASSWORD: "{{ vault_minio.pass }}"

  MINIO_IDENTITY_OPENID_CONFIG_URL: "{{ (opentofu.authentik_data.minio.base_url, '.well-known/openid-configuration') | path_join }}"
  MINIO_IDENTITY_OPENID_CLIENT_ID: "{{ opentofu.authentik_data.minio.client_id }}"
  MINIO_IDENTITY_OPENID_CLIENT_SECRET: "{{ opentofu.authentik_data.minio.client_secret }}"
  MINIO_IDENTITY_OPENID_CLAIM_NAME: minio_policy
  MINIO_IDENTITY_OPENID_DISPLAY_NAME: auth.serguzim.me
  MINIO_IDENTITY_OPENID_SCOPES: openid,email,profile,minio


minio_compose:
  watchtower: update
  image: minio/minio
  volumes:
    - data:/data
  file:
    services:
      app:
        command: server --console-address ":9001"
    volumes:
      data: