Add minio module for S3-compatible object storage

Label Studio _really_ prefers using a direct object storage model. Can't say I blame them, it makes sense given they are running Python. I had to bump Authentik to not use its default port so that minio could use its own default port. That seemed safest given that Authentik is always proxied but minio/S3 may _not_ be. I'm just not sure.
2025-10-01 19:25:29 +00:00 · 2025-10-01 19:25:29 +00:00 · dad759c4b3
commit dad759c4b3
parent dbbed7117a
5 changed files with 57 additions and 3 deletions
--- a/modules/system/authentik.nix
+++ b/modules/system/authentik.nix
@ -25,8 +25,8 @@ with lib;
 				listen = {
 					listen_debug = "127.0.0.1:9900";
 					listen_debug_py = "127.0.0.1:9901";
-					listen_http = "127.0.0.1:9000";
-					listen_https = "127.0.0.1:9443";
+					listen_http = "127.0.0.1:10030";
+					listen_https = "127.0.0.1:10031";
 					listen_ldap = "127.0.0.1:3389";
 					listen_ldaps = "127.0.0.1:6636";
 					listen_radius = "127.0.0.1:1812";
@ -35,7 +35,7 @@ with lib;
 			};
 		};
 		services.caddy.virtualHosts."auth.gleipnir.technology".extraConfig = ''
-			reverse_proxy http://127.0.0.1:9000
+			reverse_proxy http://127.0.0.1:10030
 		'';
 		services.postgresql = {
 			ensureDatabases = [ "authentik" ];
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@ -14,6 +14,7 @@
 		./fish.nix
 		./label-studio.nix
 		./librechat.nix
+		./minio.nix
 		./openssh.nix
 		./podman.nix
 		./restic
--- a/modules/system/minio.nix
+++ b/modules/system/minio.nix
@ -0,0 +1,29 @@
+{ lib, config, nixpkgs, pkgs, ... }:
+with lib;
+{
+	options.myModules.minio.enable = mkEnableOption "custom minio configuration";
+	config = mkIf config.myModules.minio.enable {
+		services.caddy.virtualHosts."s3.gleipnir.technology".extraConfig = ''
+			reverse_proxy http://localhost:10080
+		'';
+		services.minio = {
+			certificatesDir = "/mnt/bigdisk/minio/certificates";
+			configDir = "/mnt/bigdisk/minio/config";
+			consoleAddress = "127.0.0.1:10080";
+			enable = true;
+			dataDir = ["/mnt/bigdisk/minio/data"];
+			rootCredentialsFile = "/var/run/secrets/minio-env";
+		};
+		sops.secrets.minio-env = {
+			format = "dotenv";
+			group = "minio";
+			mode = "0440";
+			owner = "minio";
+			restartUnits = ["minio.service"];
+			sopsFile = ../../secrets/minio.env;
+		};
+		#systemd.tmpfiles.rules = [
+			#"d /mnt/bigdisk/minio 0755 minio minio"
+		#];
+	};
+}