{{ ansible_managed | comment }}

# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020  Christoph (Sheogorath) Kern
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

version: '2'
services:
{% for key, value in minio_users.items() %}

  {{ key }}:
    image:  docker.io/minio/minio:{{ minio_version }}
    mem_limit: 256mb
    memswap_limit: 512mb
    read_only: true
    tmpfs:
      - /root/.minio:size=128K
    environment:
      - "MINIO_ROOT_USER={{ value.access_key }}"
      - "MINIO_ROOT_PASSWORD={{ value.secret_key }}"
      - "MINIO_BROWSER={{ value.browser | default("off") }}"
      - "MINIO_DOMAIN={{ key }}.{{ minio_domain }}"
    volumes:
      - "{{ minio_data_location }}/{{ key }}:/data"
    command: ["server", "/data"]
    restart: always
    labels:
      - "traefik.http.routers.minio_{{ key }}.rule=Host(`{{ key }}.{{ minio_domain }}`) && PathPrefix(`/`)"
      - "traefik.http.routers.minio_{{ key }}.entrypoints=websecure"
      - "traefik.http.routers.minio_{{ key }}.tls=true"
      - "traefik.http.routers.minio_{{ key }}.tls.certresolver={{ minio_traefik_certresolver }}"
      - "traefik.http.routers.minio_{{ key }}.middlewares=minio_{{ key }},compress"
      - "traefik.http.routers.minio_{{ key }}.service=minio_{{ key }}"
      - "traefik.http.services.minio_{{ key }}.loadbalancer.server.port=9000"
      - "traefik.http.middlewares.minio_{{ key }}.headers.sslredirect=true"
      - "traefik.http.middlewares.minio_{{ key }}.headers.stsSeconds=63072000"
      - "traefik.http.middlewares.minio_{{ key }}.headers.referrerPolicy=no-referrer"
      - "traefik.http.middlewares.minio_{{ key }}.headers.contentTypeNosniff=true"
      - "traefik.http.middlewares.minio_{{ key }}.headers.browserXssFilter=true"

      - "traefik.enable=true"
{% if proxy_network is defined %}
      - "traefik.docker.network={{ proxy_network }}"
{% endif %}
{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %}
      - "traefik.http.middlewares.minio_{{ key }}.headers.customresponseheaders.alt-svc=h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
{% endif %}

{% if proxy_network is defined %}
    networks:
      {{ proxy_network }}:
{% endif %}

{% endfor %}

{% if proxy_network is defined %}
networks:
  {{ proxy_network }}:
    external: true
{% endif %}