♻️ minio custom jail

kubernetes/apps/default/cloudnative-pg/cluster/cluster.yaml

@@ -23,7 +23,7 @@ spec:
         compression: bzip2
         maxParallel: 8
       destinationPath: s3://postgresql/
-      endpointURL: https://truenas.${SECRET_DOMAIN}:51515
+      endpointURL: https://.${SECRET_DOMAIN}:9000
       serverName: postgres-v8
       s3Credentials:
         accessKeyId:
@@ -39,7 +39,7 @@ spec:
   #   - name: postgres-v6
   #     barmanObjectStore:
   #       destinationPath: s3://postgresql/
-  #       endpointURL: https://truenas.${SECRET_DOMAIN}:51515
+  #       endpointURL: http://minio.${SECRET_DOMAIN}:9000
   #       s3Credentials:
   #         accessKeyId:
   #           name: postgres-minio

kubernetes/apps/default/hajimari/app/helmrelease.yaml

@@ -67,7 +67,7 @@ spec:
               url: "https://truenas-remote.${SECRET_DOMAIN}"
             - name: minio
               icon: mdi:aws
-              url: "https://minio.${SECRET_DOMAIN}:9000"
+              url: "http://minio.${SECRET_DOMAIN}:9000"
             - name: pikvm
               icon: mdi:ip-network
               url: "https://pikvm.${SECRET_DOMAIN}"

kubernetes/apps/default/homelab/minio/backup/rclone.conf

@@ -3,7 +3,7 @@ type = s3
 provider = Minio
 access_key_id = __RCLONE_ACCESS_ID__
 secret_access_key = __RCLONE_SECRET_KEY__
-endpoint = https://minio.${SECRET_DOMAIN}:51515
+endpoint = http://minio.${SECRET_DOMAIN}:9000
 acl = private
 
 [gdrive-homelab-backups]

kubernetes/apps/default/homelab/opnsense/backup/helmrelease.yaml

@@ -41,7 +41,7 @@ spec:
             command: ["/bin/bash", "/app/opnsense-backup.sh"]
             env:
               OPNSENSE_URL: "https://opnsense.${SECRET_DOMAIN}"
-              S3_URL: "https://truenas.${SECRET_DOMAIN}:51515"
+              S3_URL: "http://minio.${SECRET_DOMAIN}:9000"
             envFrom:
               - secretRef:
                   name: homelab-opnsense-secret

kubernetes/apps/default/homelab/truenas/backup/truenas-backup.sh

@@ -44,7 +44,7 @@ curl -fsSL \
     -H "Date: ${http_request_date}" \
     -H "Content-Type: ${http_content_type}" \
     -H "Authorization: AWS ${AWS_ACCESS_KEY_ID}:${http_signature}" \
-    "https://truenas.${SECRET_DOMAIN}:51515/${http_filepath}"
+    "http://minio.${SECRET_DOMAIN}:9000/${http_filepath}"
 
 rm /tmp/backup-*.tar
 

kubernetes/apps/default/outline/app/helmrelease.yaml

@@ -54,7 +54,7 @@ spec:
               AWS_S3_ACL: private
               AWS_S3_FORCE_PATH_STYLE: "true"
               AWS_S3_UPLOAD_BUCKET_NAME: outline
-              AWS_S3_UPLOAD_BUCKET_URL: "https://truenas.${SECRET_DOMAIN}:51515"
+              AWS_S3_UPLOAD_BUCKET_URL: "http://minio.${SECRET_DOMAIN}:9000"
               ENABLE_UPDATES: "false"
               FILE_STORAGE_UPLOAD_MAX_SIZE: "26214400"
               OIDC_AUTH_URI: "https://auth.${SECRET_CLUSTER_DOMAIN}/api/oidc/authorization"

kubernetes/apps/default/sharry/app/config/sharry.conf

@@ -33,7 +33,7 @@ sharry.restserver {
         minio =
           { enabled = true
             type = "s3"
-            endpoint = "https://truenas.${SECRET_DOMAIN}:51515"
+            endpoint = "http://minio.${SECRET_DOMAIN}:9000"
             access-key = "${SECRET_SHARRY_MINIO_S3_ACCESS_KEY}"
             secret-key = "${SECRET_SHARRY_MINIO_S3_SECRET_KEY}"
             bucket = "sharry"

kubernetes/apps/monitoring/thanos/app/helmrelease.yaml

@@ -35,8 +35,9 @@ spec:
       type: s3
       config:
         bucket: thanos
-        endpoint: "truenas.${SECRET_DOMAIN}:51515"
+        endpoint: "minio.${SECRET_DOMAIN}:9000"
         region: ""
+        insecure: true
     query:
       enabled: true
       replicaCount: 2

kubernetes/flux/vars/cluster-secrets.sops.yaml

@@ -26,8 +26,8 @@ stringData:
     SECRET_OUTLINE_OAUTH_CLIENT_SECRET: ENC[AES256_GCM,data:BB/eZQ/oLQ09AxGwKRddbiyiRMA=,iv:dhiyOUP3GyvHXUdPYqQKPQCMmqornj6WVWtfreq9T6A=,tag:WijFyu8XGk3dklYJR4/81A==,type:str]
     SECRET_SHARRY_DB_USERNAME: ENC[AES256_GCM,data:wWnV6hHz,iv:+uV0X2tovaisFuO5KcF9PpKPyYeS4WtrrPt4Ll+CnsU=,tag:zNWR9AqheMGho0yV923vvw==,type:str]
     SECRET_SHARRY_DB_PASSWORD: ENC[AES256_GCM,data:Y0gk4bRcEws2b0SF4AY=,iv:3cQbD/uvWNGjEmz3z8uEbXWwJffIrTj3nSDsGBS0MEU=,tag:RsIBq9zI8+2temGj5r/Lqg==,type:str]
-    SECRET_SHARRY_MINIO_S3_ACCESS_KEY: ENC[AES256_GCM,data:2qLE/cs=,iv:Ctrw213BgCC2jyEvFp38aOejzY/ZYiwAj9fsPzXgaY0=,tag:LBlIUm1LTAjUIKu4JeLw9A==,type:str]
-    SECRET_SHARRY_MINIO_S3_SECRET_KEY: ENC[AES256_GCM,data:ewm/Pfjb0t3KY46o2+DsnOGUzrk=,iv:rf6K/qx24iMeHG/a/mCQgD132LsFt+wme4Udx50v6NA=,tag:OskpvWusk2B1P/OACWN2eA==,type:str]
+    SECRET_SHARRY_MINIO_S3_ACCESS_KEY: ENC[AES256_GCM,data:vAVoafxfbareIodsClVGDQ==,iv:1zojUukd2WQEE3ZBpGrIHaDwkWfAqmF1esjxCGWz3mQ=,tag:8HvBGXkTBJwhel89qffWgA==,type:str]
+    SECRET_SHARRY_MINIO_S3_SECRET_KEY: ENC[AES256_GCM,data:3MuIeOh66mJ5mblWSPdz/WybNnSRJKZypRuo4ycvKBA=,iv:NHDNCo+y9f5GlwhlPco5nyrHH7t5diFSUydiX3KFfdY=,tag:vf7RCvIznpiM576gmyJK6w==,type:str]
 type: Opaque
 sops:
     kms: []
@@ -44,8 +44,8 @@ sops:
             WG82VkdBMlNnRzBySFQzMk41cEtXSlEKBqOmq9UpO61C85+pj0ibdT31y4pmFsbm
             pTi4N0vv81kcf4ilqBU5h1gudNCb42Q2iL0eGNR4e3JzH4iaNsvnEg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-11-30T20:44:55Z"
-    mac: ENC[AES256_GCM,data:vTeYdFYzqt0WzUl6M6tDMnTEY+7xN7aZl32emkT33hB4GJPWXwPEHIxKd1blKzpZ9+Dm8zUSO/86eqWSKoI36iKw4FRhtqI1dralguPWpDGO8STE8kyYaLs2xW3R/acbucuD3V5M6YJonzHish/xMJlThao6+n4HsSJGNLneaps=,iv:xNYR/KiFkzZ9/jUSHUYO6vI6APVIdQFuYlRZfM7p6LQ=,tag:seNXM22OcDksY2ugx1mYMw==,type:str]
+    lastmodified: "2024-01-10T00:29:33Z"
+    mac: ENC[AES256_GCM,data:WtDnq2nkE5pYz1wt7bpkEfwr2BP1WoI7GiZLQwm6h67T9EtrLY9Dk+3XNTIx8rP/YKuOoLcomxCer4aMNZDib1TC62yZ8gwt9loZNmyqePxOBwSnxQntw+hNlwk2MT3D8lcbWlfq+88vXUeRw/S4SZCpExfBD2ig4y1cj5/fVO8=,iv:UqhcLg+8qHhm5qtokYwS93ZZZFT9AcN65zevNj/iZ2A=,tag:4b+b/DKhidhZC0mY3EvomQ==,type:str]
     pgp: []
     encrypted_regex: ^(data|stringData)$
     version: 3.8.1