commit a21406974a95ada5d7a1864180f02e3cc426fe47 Author: johnhkchen Date: Wed Oct 22 13:40:06 2025 -0700 Add MinIO object storage diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..6b09582 --- /dev/null +++ b/.env.example @@ -0,0 +1,10 @@ +# MinIO Configuration +# Copy this to .env and set your credentials + +# MinIO Root Credentials +# These are used for both S3 API access and web console login +MINIO_ROOT_USER=admin +MINIO_ROOT_PASSWORD=change-this-to-a-strong-password + +# Note: In production, use a password manager to generate a strong password +# Example: openssl rand -base64 32 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b83adbb --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +# Don't commit secrets to Git +.env diff --git a/README.md b/README.md new file mode 100644 index 0000000..a3ecda0 --- /dev/null +++ b/README.md @@ -0,0 +1,96 @@ +# MinIO Object Storage + +S3-compatible object storage for b28.dev infrastructure. + +## Purpose + +- **Backups**: PostgreSQL dumps, Docker volume snapshots +- **Media Storage**: Directus file uploads (portfolio + demos) +- **Demo Artifacts**: Cached API responses, datasets + +## Deployment + +**URL**: https://objects.b28.dev + +**Ports**: +- 9000: S3 API (programmatic access) +- 9001: Web Console (admin UI) + +## Configuration + +### Environment Variables + +Copy `.env.example` to `.env` and configure: + +```bash +MINIO_ROOT_USER=your-admin-username +MINIO_ROOT_PASSWORD=your-strong-password +``` + +### Credentials + +The same credentials are used for: +- S3 API access (boto3, MinIO client, etc.) +- Web console login at https://objects.b28.dev + +## Deployment on Coolify + +1. Push this directory to Gitea +2. In Coolify, create new resource → Git Repository +3. Point to this repo/directory +4. Set environment variables +5. Deploy + +## Initial Setup + +After deployment: + +1. Login to https://objects.b28.dev +2. Create buckets: + - `backups` (private) + - `directus-uploads` (public-read) + - `demo-artifacts` (private) + +3. Create service accounts: + - Directus: read/write to `directus-uploads` + - Backup scripts: write-only to `backups` + +## Bucket Structure + +``` +minio/ +├── backups/ +│ ├── postgres/ # Daily PostgreSQL dumps +│ ├── volumes/ # Docker volume snapshots +│ └── configs/ # Infrastructure configs +├── directus-uploads/ # Directus file storage +│ ├── portfolio/ # Portfolio media +│ └── events/ # Events demo media +└── demo-artifacts/ # Demo-specific data + └── events-demo/ + ├── luma-cache/ # Cached Lu.ma responses + └── ai-analysis/ # Cached AI analyses +``` + +## Access via MinIO Client + +```bash +# Configure alias +mc alias set homelab https://objects.b28.dev + +# List buckets +mc ls homelab + +# Upload file +mc cp backup.sql homelab/backups/postgres/ + +# Download file +mc cp homelab/backups/postgres/backup.sql ./ +``` + +## Backup Strategy + +See `/scripts/backup-to-minio.sh` for automated backup implementation. + +**Frequency**: Daily at 2:00 AM UTC +**Retention**: 7 daily, 4 weekly, 3 monthly diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..76d25a4 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,41 @@ +# MinIO Object Storage - Self-Hosted S3-Compatible Storage +# Deployment: objects.b28.dev +# Purpose: Backups, Directus uploads, demo artifacts + +services: + minio: + image: quay.io/minio/minio:latest + container_name: minio + restart: unless-stopped + + command: server /data --console-address ":9001" + + environment: + # Root credentials (S3 API + Console) + MINIO_ROOT_USER: ${MINIO_ROOT_USER} + MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD} + + # Server configuration + MINIO_SERVER_URL: https://objects.b28.dev + MINIO_BROWSER_REDIRECT_URL: https://objects.b28.dev + + # Optional: Enable browser + MINIO_BROWSER: "on" + + volumes: + - minio_data:/data + + expose: + - "9000" # S3 API + - "9001" # Web Console + + healthcheck: + test: ["CMD", "mc", "ready", "local"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + +volumes: + minio_data: + name: minio_data