initial

docker-compose.yml

@@ -0,0 +1,37 @@
+services:
+  minio:
+    image: minio/minio:latest
+    container_name: mtv2-media-storage
+    ports:
+      - "9100:9000"
+      - "9101:9001"
+    volumes:
+      - ./minio-data:/data
+      - ./policies:/policies:ro
+    environment:
+      MINIO_ROOT_USER: media-root
+      MINIO_ROOT_PASSWORD: 8-digit-root-pass
+    command: server /data --console-address ":9001"
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
+      interval: 5s
+      timeout: 5s
+      retries: 10
+      start_period: 10s
+
+  minio-init:
+    image: minio/mc:latest
+    entrypoint: ["/bin/sh", "-c"]
+    command: ["/init-minio.sh"]
+    depends_on:
+      minio:
+        condition: service_healthy
+    environment:
+      MINIO_ROOT_USER: media-root
+      MINIO_ROOT_PASSWORD: 8-digit-root-pass
+      MERCH_API_USER: media-storage
+      MERCH_API_PASSWORD: 8-digit-user-pass
+    volumes:
+      - ./policies:/policies:ro
+      - ./init-minio.sh:/init-minio.sh:ro

init-minio.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+until mc alias set myminio http://minio:9000 "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD"; do
+  echo "Wait for start MinIO..."
+  sleep 5
+done
+
+echo "MinIO available. Setting up userc and policies..."
+
+mc admin policy create myminio api-policy /policies/api-policy.json
+mc admin user add myminio "$MERCH_API_USER" "$MERCH_API_PASSWORD"
+
+mc admin policy attach myminio api-policy --user="$MERCH_API_USER"
+
+echo "MinIO init done."

policies/api-policy.json

@@ -0,0 +1,19 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetObject",
+        "s3:PutObject",
+        "s3:DeleteObject",
+        "s3:ListBucket"
+      ],
+      "Resource": [
+        "arn:aws:s3:::user-merch-images",
+        "arn:aws:s3:::user-merch-images/*"
+      ]
+    }
+  ]
+}
+