minio-backups: Deploy MinIO for backups

This playbook uses the *minio-nginx* and *minio-backups-cert* role to deploy MinIO with nginx. The S3 API server is *s3.backups.pyrocufflink.blue*, and buckets can be accessed as subdomains of this name. The Admin Console is *minio.backups.pyrocufflink.blue*. Certificates are issued by DCH CA via ACME using `certbot`.
2024-09-01 08:01:10 -05:00 · 2024-09-01 08:01:10 -05:00 · 9d60ae1a61
parent 77ce7aa5e7
commit 9d60ae1a61
3 changed files with 23 additions and 0 deletions
--- a/group_vars/minio-backups.yml
+++ b/group_vars/minio-backups.yml
@ -0,0 +1,16 @@
+minio_domain: s3.backups.pyrocufflink.blue
+minio_console_domain: minio.backups.pyrocufflink.blue
+minio_host_network: true
+minio_address: '127.0.0.1:{{ minio_port }}'
+minio_console_address: '127.0.0.1:{{ minio_console_port }}'
+minio_browser_redirect_url: https://{{ minio_console_domain }}/
+minio_allow_outside: false
+minio_cert_domains:
+- '{{ minio_console_domain }}'
+- '{{ minio_domain }}'
+- '*.{{ minio_domain }}'
+minio_cert_acme_email: '{{ ansible_hostname }}@pyrocufflink.net'
+minio_cert_acme_server: https://ca.pyrocufflink.blue/acme/acme/directory
+
+nginx_ssl_certificate: /etc/letsencrypt/live/{{ minio_cert_main_domain }}/fullchain.pem
+nginx_ssl_certificate_key: /etc/letsencrypt/live/{{ minio_cert_main_domain }}/privkey.pem
--- a/3
+++ b/3
@ -87,8 +87,11 @@ k8s-ctrl0.pyrocufflink.blue
 k8s-controller
 k8s-node

+[minio-backups]
+
 [minio:children]
 burp-server
+minio-backups

 [motioneye]

--- a/minio-backups.yml
+++ b/minio-backups.yml
@ -0,0 +1,4 @@
+- hosts: minio-backups
+  roles:
+  - minio-backups-cert
+  - minio-nginx