Add MinIO object storage

.env.example

@@ -0,0 +1,10 @@
+# MinIO Configuration
+# Copy this to .env and set your credentials
+
+# MinIO Root Credentials
+# These are used for both S3 API access and web console login
+MINIO_ROOT_USER=admin
+MINIO_ROOT_PASSWORD=change-this-to-a-strong-password
+
+# Note: In production, use a password manager to generate a strong password
+# Example: openssl rand -base64 32

.gitignore

@@ -0,0 +1,2 @@
+# Don't commit secrets to Git
+.env

README.md

@@ -0,0 +1,96 @@
+# MinIO Object Storage
+
+S3-compatible object storage for b28.dev infrastructure.
+
+## Purpose
+
+- **Backups**: PostgreSQL dumps, Docker volume snapshots
+- **Media Storage**: Directus file uploads (portfolio + demos)
+- **Demo Artifacts**: Cached API responses, datasets
+
+## Deployment
+
+**URL**: https://objects.b28.dev
+
+**Ports**:
+- 9000: S3 API (programmatic access)
+- 9001: Web Console (admin UI)
+
+## Configuration
+
+### Environment Variables
+
+Copy `.env.example` to `.env` and configure:
+
+```bash
+MINIO_ROOT_USER=your-admin-username
+MINIO_ROOT_PASSWORD=your-strong-password
+```
+
+### Credentials
+
+The same credentials are used for:
+- S3 API access (boto3, MinIO client, etc.)
+- Web console login at https://objects.b28.dev
+
+## Deployment on Coolify
+
+1. Push this directory to Gitea
+2. In Coolify, create new resource → Git Repository
+3. Point to this repo/directory
+4. Set environment variables
+5. Deploy
+
+## Initial Setup
+
+After deployment:
+
+1. Login to https://objects.b28.dev
+2. Create buckets:
+   - `backups` (private)
+   - `directus-uploads` (public-read)
+   - `demo-artifacts` (private)
+
+3. Create service accounts:
+   - Directus: read/write to `directus-uploads`
+   - Backup scripts: write-only to `backups`
+
+## Bucket Structure
+
+```
+minio/
+├── backups/
+│   ├── postgres/           # Daily PostgreSQL dumps
+│   ├── volumes/            # Docker volume snapshots
+│   └── configs/            # Infrastructure configs
+├── directus-uploads/       # Directus file storage
+│   ├── portfolio/          # Portfolio media
+│   └── events/             # Events demo media
+└── demo-artifacts/         # Demo-specific data
+    └── events-demo/
+        ├── luma-cache/     # Cached Lu.ma responses
+        └── ai-analysis/    # Cached AI analyses
+```
+
+## Access via MinIO Client
+
+```bash
+# Configure alias
+mc alias set homelab https://objects.b28.dev <access-key> <secret-key>
+
+# List buckets
+mc ls homelab
+
+# Upload file
+mc cp backup.sql homelab/backups/postgres/
+
+# Download file
+mc cp homelab/backups/postgres/backup.sql ./
+```
+
+## Backup Strategy
+
+See `/scripts/backup-to-minio.sh` for automated backup implementation.
+
+**Frequency**: Daily at 2:00 AM UTC
+**Retention**: 7 daily, 4 weekly, 3 monthly

docker-compose.yml

@@ -0,0 +1,41 @@
+# MinIO Object Storage - Self-Hosted S3-Compatible Storage
+# Deployment: objects.b28.dev
+# Purpose: Backups, Directus uploads, demo artifacts
+
+services:
+  minio:
+    image: quay.io/minio/minio:latest
+    container_name: minio
+    restart: unless-stopped
+
+    command: server /data --console-address ":9001"
+
+    environment:
+      # Root credentials (S3 API + Console)
+      MINIO_ROOT_USER: ${MINIO_ROOT_USER}
+      MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD}
+
+      # Server configuration
+      MINIO_SERVER_URL: https://objects.b28.dev
+      MINIO_BROWSER_REDIRECT_URL: https://objects.b28.dev
+
+      # Optional: Enable browser
+      MINIO_BROWSER: "on"
+
+    volumes:
+      - minio_data:/data
+
+    expose:
+      - "9000"  # S3 API
+      - "9001"  # Web Console
+
+    healthcheck:
+      test: ["CMD", "mc", "ready", "local"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 10s
+
+volumes:
+  minio_data:
+    name: minio_data