infrastructure/playbooks/roles/minio/vars/main.yml

41 lines
1.2 KiB
YAML

---
minio_svc:
domain: "{{ all_services | service_get_domain(role_name) }}"
port: 9000
caddy_extra: |
@nocache {
query nocache=*
}
header @nocache "Cache-Control" "no-store, no-cache"
extra_svcs:
- domain: console.s3.serguzim.me
docker_host: minio
port: 9001
minio_env:
MINIO_SERVER_URL: https://{{ svc.domain }}/
MINIO_BROWSER_REDIRECT_URL: https://console.{{ svc.domain }}
MINIO_VOLUMES: /data
MINIO_ROOT_USER: "{{ vault_minio.user }}"
MINIO_ROOT_PASSWORD: "{{ vault_minio.pass }}"
MINIO_IDENTITY_OPENID_CONFIG_URL: "{{ (opentofu.authentik_data.minio.base_url, '.well-known/openid-configuration') | path_join }}"
MINIO_IDENTITY_OPENID_CLIENT_ID: "{{ opentofu.authentik_data.minio.client_id }}"
MINIO_IDENTITY_OPENID_CLIENT_SECRET: "{{ opentofu.authentik_data.minio.client_secret }}"
MINIO_IDENTITY_OPENID_CLAIM_NAME: minio_policy
MINIO_IDENTITY_OPENID_DISPLAY_NAME: auth.serguzim.me
MINIO_IDENTITY_OPENID_SCOPES: openid,email,profile,minio
minio_compose:
watchtower: true
image: minio/minio
volumes:
- data:/data
file:
services:
app:
command: server --console-address ":9001"
volumes:
data: