kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-24 11:06:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
75c36a1d71435ff9e0856dd0826a1216eaf1ade8
computer-playbook/roles/web-app-minio/vars/main.yml
Kevin Veen-Birkenbach 75c36a1d71 web-app-minio: manage OIDC policy via containerized mc and fix policy JSON 
- Use dockerized mc with MC_HOST_minio (stateless), no temp files/dirs
- Create only RAW policy name with slash to match Keycloak claim
- Split policy: s3:* on S3 ARNs; admin:* on Resource "*"
- Add mc vars (image, MC_HOST components) to vars/main.yml
- Remove unused Ollama dependency block from tasks

Refs: ChatGPT conversation → https://chatgpt.com/share/68d1eab9-a35c-800f-aa81-76fb2101bd93
2025-09-23 02:33:35 +02:00

50 lines
2.6 KiB
YAML
Raw Blame History

# General
application_id: "web-app-minio"
# Docker
docker_pull_git_repository: false
docker_compose_file_creation_enabled: true
# MINIO
# https://www.min.io/
MINIO_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.minio.version') }}"
MINIO_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.minio.image') }}"
MINIO_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.minio.name') }}"
MINIO_VOLUME: "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"
## Api
MINIO_API_DOMAIN: "{{ applications | get_app_conf(application_id, 'server.domains.canonical.api') }}"
MINIO_API_URL: "{{ WEB_PROTOCOL }}://{{ MINIO_API_DOMAIN }}"
MINIO_API_PORT_INTERNAL: 9000
MINIO_API_PORT_PUBLIC: "{{ ports.localhost.http[application_id ~ '_api'] }}"
## Console
MINIO_CONSOLE_DOMAIN: "{{ applications | get_app_conf(application_id, 'server.domains.canonical.console') }}"
MINIO_CONSOLE_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
MINIO_CONSOLE_PORT_INTERNAL: 9001
MINIO_CONSOLE_PORT_PUBLIC: "{{ ports.localhost.http[application_id ~ '_console'] }}"
## MC
MINIO_MC_IMAGE: "quay.io/minio/mc:latest"
MINIO_MC_INSECURE: false # set to true if you use self-signed TLS
MINIO_MC_SCHEME: "{{ 'https' if (MINIO_API_URL is match('^https://')) else 'http' }}"
MINIO_MC_HOST_ONLY: "{{ MINIO_API_URL | regex_replace('^https?://', '') }}"
MINIO_MC_USER: "{{ users.administrator.username | urlencode }}"
MINIO_MC_PASS: "{{ users.administrator.password | urlencode }}"
MINIO_MC_INSECURE_SUFFIX: "{{ '?insecure=true' if (MINIO_MC_INSECURE | bool) else '' }}"
MINIO_MC_HOST_ENV: "{{ MINIO_MC_SCHEME }}://{{ MINIO_MC_USER }}:{{ MINIO_MC_PASS }}@{{ MINIO_MC_HOST_ONLY }}{{ MINIO_MC_INSECURE_SUFFIX }}"
## OIDC
MINIO_OIDC_ENABLED: "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
MINIO_OIDC_POLICY_NAME: "{{ [ RBAC.GROUP.NAME, application_id ~ '-administrator' ] | path_join }}"
MINIO_OIDC_POLICY_CONTENT: "{{ lookup('template', 'policy.json.j2') }}"
MINIO_OIDC_POLICY_NAME_SAFE: "{{ (MINIO_OIDC_POLICY_NAME | regex_replace('^/+','')) | regex_replace('/','-') }}"
MINIO_FRONT_PROXY_MATRIX: >-
{{
[
{ 'domain': MINIO_CONSOLE_DOMAIN, 'http_port': MINIO_CONSOLE_PORT_PUBLIC },
{ 'domain': MINIO_API_DOMAIN, 'http_port': MINIO_API_PORT_PUBLIC }
]
}}
Reference in New Issue View Git Blame Copy Permalink