minio: Install and configure MinIO

[MinIO][0] is an S3-compatible object storage server.  It is designed to
provide storage for cloud-native applications for on-premises
deployments.

MinIO has not been packaged for Fedora (yet?).  As such, the best way to
deploy it is usining its official container image.  Here, we are using
`podman-systemd-generator` (Quadlet) to generate a systemd service
unit to manage the container process.

roles/minio/templates/minio.container.j2

@@ -0,0 +1,34 @@
+[Unit]
+Description=MinIO Object Storage
+Wants=network.target
+After=network.target
+
+[Container]
+Image={{ minio_container_image }}:{{ minio_version }}
+Exec=server /data --certs-dir /certs
+User=224
+Group=224
+EnvironmentFile=/etc/sysconfig/minio
+Volume={{ minio_storage_path }}:/data:rw,Z
+Volume=/etc/minio/certs:/certs:ro,z
+Network=host
+NoNewPrivileges=yes
+
+[Service]
+MemoryDenyWriteExecute=yes
+PrivateTmp=yes
+ProtectClock=yes
+ProtectHome=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectProc=invisible
+ProtectSystem=strict
+ReadWritePaths=/var/lib/containers/storage
+ReadWritePaths={{ minio_storage_path }}
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+UMask=0077
+
+[Install]
+WantedBy=multi-user.target

roles/minio/templates/minio.env.j2

@@ -0,0 +1,4 @@
+MINIO_ROOT_USER={{ minio_root_user }}
+MINIO_ROOT_PASSWORD={{ minio_root_password }}
+
+MINIO_CONSOLE_ADDRESS={{ minio_console_address }}