dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity
Files
c0bb387b18f32e07dc9436a6c7afbe68c89ba165
configpolicy/roles/minio/templates/minio.container.j2
Dustin C. Hatch f54bc44a48 minio: Install and configure MinIO 
[MinIO][0] is an S3-compatible object storage server.  It is designed to
provide storage for cloud-native applications for on-premises
deployments.

MinIO has not been packaged for Fedora (yet?).  As such, the best way to
deploy it is usining its official container image.  Here, we are using
`podman-systemd-generator` (Quadlet) to generate a systemd service
unit to manage the container process.
2023-05-09 21:37:46 -05:00

35 lines
730 B
Django/Jinja
Raw Blame History

[Unit]
Description=MinIO Object Storage
Wants=network.target
After=network.target
[Container]
Image={{ minio_container_image }}:{{ minio_version }}
Exec=server /data --certs-dir /certs
User=224
Group=224
EnvironmentFile=/etc/sysconfig/minio
Volume={{ minio_storage_path }}:/data:rw,Z
Volume=/etc/minio/certs:/certs:ro,z
Network=host
NoNewPrivileges=yes
[Service]
MemoryDenyWriteExecute=yes
PrivateTmp=yes
ProtectClock=yes
ProtectHome=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectProc=invisible
ProtectSystem=strict
ReadWritePaths=/var/lib/containers/storage
ReadWritePaths={{ minio_storage_path }}
RestrictRealtime=yes
RestrictSUIDSGID=yes
UMask=0077
[Install]
WantedBy=multi-user.target
Reference in New Issue View Git Blame Copy Permalink