feat: add basic garage s3 storage role

2025-11-07 17:35:32 +01:00 · 2025-11-07 17:35:32 +01:00 · 5377c34709
commit 5377c34709
parent 69bc95b992
11 changed files with 344 additions and 0 deletions
--- a/roles/garage/templates/docker-compose.yml.j2
+++ b/roles/garage/templates/docker-compose.yml.j2
@ -0,0 +1,62 @@
+services:
+  {{ garage_service_name }}:
+    container_name: {{ garage_service_name }}
+    image: {{ garage_image }}
+    restart: always
+    volumes:
+      - {{ garage_docker_volume_dir }}/meta:/var/lib/garage/meta
+      - {{ garage_docker_volume_dir }}/data:/var/lib/garage/data
+      - {{ garage_docker_compose_dir }}/garage.toml:/etc/garage.toml
+    networks:
+      - {{ garage_traefik_network }}
+      - {{ garage_internal_network }}
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network={{ garage_traefik_network }}
+      # S3 API endpoint
+      - traefik.http.routers.{{ garage_service_name }}.rule=Host(`{{ garage_s3_domain }}`)
+{% if garage_use_ssl %}
+      - traefik.http.routers.{{ garage_service_name }}.entrypoints=websecure
+      - traefik.http.routers.{{ garage_service_name }}.tls=true
+{% else %}
+      - traefik.http.routers.{{ garage_service_name }}.entrypoints=web
+{% endif %}
+      - traefik.http.routers.{{ garage_service_name }}.service={{ garage_service_name }}-api
+      - traefik.http.routers.{{ garage_service_name }}.priority=50
+      - traefik.http.services.{{ garage_service_name }}-api.loadbalancer.server.port={{ garage_s3_api_port }}
+
+{% if garage_webui_enabled %}
+  {{ garage_service_name }}-webui:
+    container_name: {{ garage_service_name }}-webui
+    image: {{ garage_webui_image }}
+    restart: always
+    depends_on:
+      - {{ garage_service_name }}
+    environment:
+      API_BASE_URL: "http://{{ garage_service_name }}:{{ garage_admin_port }}"
+      S3_ENDPOINT_URL: "http://{{ garage_service_name }}:{{ garage_s3_api_port }}"
+      AUTH_USER_PASS: '{{ _garage_webui_password_hash.stdout | replace("$", "$$") }}'
+    volumes:
+      - {{ garage_docker_compose_dir }}/garage.toml:/etc/garage.toml:ro
+    networks:
+      - {{ garage_traefik_network }}
+      - {{ garage_internal_network }}
+    labels:
+      - traefik.enable=true
+      - traefik.docker.network={{ garage_traefik_network }}
+      - traefik.http.routers.{{ garage_service_name }}-console.rule=Host(`{{ garage_webui_domain }}`)
+{% if garage_use_ssl %}
+      - traefik.http.routers.{{ garage_service_name }}-console.entrypoints=websecure
+      - traefik.http.routers.{{ garage_service_name }}-console.tls=true
+{% else %}
+      - traefik.http.routers.{{ garage_service_name }}-console.entrypoints=web
+{% endif %}
+      - traefik.http.routers.{{ garage_service_name }}-console.service={{ garage_service_name }}-console
+      - traefik.http.routers.{{ garage_service_name }}-console.priority=10
+      - traefik.http.services.{{ garage_service_name }}-console.loadbalancer.server.port={{ garage_webui_port }}
+{% endif %}
+
+networks:
+  {{ garage_internal_network }}:
+  {{ garage_traefik_network }}:
+    external: true
--- a/roles/garage/templates/garage.toml.j2
+++ b/roles/garage/templates/garage.toml.j2
@ -0,0 +1,26 @@
+metadata_dir = "/var/lib/garage/meta"
+data_dir = "/var/lib/garage/data"
+
+db_engine = "{{ garage_db_engine }}"
+
+replication_factor = {{ garage_replication_factor }}
+
+compression_level = {{ garage_compression_level }}
+
+rpc_bind_addr = "[::]:{{ garage_rpc_port }}"
+rpc_public_addr = "127.0.0.1:{{ garage_rpc_port }}"
+rpc_secret = "{{ garage_rpc_secret }}"
+
+[s3_api]
+s3_region = "{{ garage_s3_region }}"
+api_bind_addr = "[::]:{{ garage_s3_api_port }}"
+root_domain = ".s3.{{ garage_s3_domain }}"
+
+[s3_web]
+bind_addr = "[::]:{{ garage_s3_web_port }}"
+root_domain = ".{{ garage_web_domain }}"
+
+[admin]
+api_bind_addr = "[::]:{{ garage_admin_port }}"
+admin_token = "{{ garage_admin_token }}"
+metrics_token = "{{ garage_metrics_token }}"