---
version: "3.9"

services:
  minio:
    image: minio/minio:latest
    restart: always
    ulimits:
      nofile:
        soft: 4096
        hard: 16000
    environment:
      - "MINIO_ROOT_USER={{ minio.user | mandatory }}"
      - "MINIO_ROOT_PASSWORD={{ minio.password | mandatory }}"
      - "MINIO_SERVER_URL=https://${MINIO_URL}"
      - "MINIO_BROWSER_REDIRECT_URL=https://${DASHBOARD_URL}"
      - "MINIO_KMS_SECRET_KEY=kms-key:{{ lookup('env', 'MINIO_KMS_SECRET_KEY') }}"
    volumes:
      - data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_default"
      - "traefik.http.routers.minio.rule=Host(`${MINIO_URL}`)||Host(`s3.unruhig.eu`)"
      - "traefik.http.routers.minio.entryPoints=websecure"
      - "traefik.http.services.minio.loadbalancer.server.port=9000"
      - "traefik.http.routers.minio.service=minio"
      - "traefik.http.routers.minio-dashboard.rule=Host(`${DASHBOARD_URL}`)"
      - "traefik.http.routers.minio-dashboard.entryPoints=websecure"
      - "traefik.http.services.minio-dashboard.loadbalancer.server.port=9001"
      - "traefik.http.routers.minio-dashboard.service=minio-dashboard"
    command: "server /data --console-address ':9001' --anonymous"
    # healthcheck:
    #   test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
    #   interval: 30s
    #   timeout: 20s
    #   retries: 3

volumes:
  data:

...