storacha · frrist · Mar 17, 2026
@@ -30,7 +30,7 @@ data "aws_route53_zone" "primary" {
 
 module "piri_instances" {
   source = "../../modules/piri-instance"
-  
+
   for_each = var.instances
 
   name                      = each.key
@@ -46,7 +46,7 @@ module "piri_instances" {
   protect_volume            = var.environment == "production" || var.environment == "prod" || var.environment == "forge-prod"
   domain_name               = "${var.environment}.${each.value.subdomain}.${var.root_domain}"
   route53_zone_id           = data.aws_route53_zone.primary.zone_id
-  
+
   install_method          = coalesce(lookup(each.value, "install_method", null), var.default_install_method)
   install_source          = coalesce(lookup(each.value, "install_source", null), var.default_install_source)
   network                 = var.network
@@ -57,6 +57,16 @@ module "piri_instances" {
   operator_email          = each.value.operator_email
   use_letsencrypt_staging = var.environment != "production" && var.environment != "prod" && var.environment != "forge-prod"
 
+  # Backend configuration (instance can override defaults)
+  storage_backend     = coalesce(lookup(each.value, "storage_backend", null), var.default_storage_backend)
+  database_backend    = coalesce(lookup(each.value, "database_backend", null), var.default_database_backend)
+  minio_root_user     = var.minio_root_user
+  minio_root_password = coalesce(lookup(each.value, "minio_root_password", null), var.minio_root_password)
+  minio_bucket_prefix = var.minio_bucket_prefix
+  postgres_user       = var.postgres_user
+  postgres_password   = coalesce(lookup(each.value, "postgres_password", null), var.postgres_password)
+  postgres_database   = var.postgres_database
+
   tags = {
     Owner = var.owner
     Team  = var.team

@@ -148,6 +148,48 @@ network = "warm-staging"
 # Default: "v0.0.12" - uncomment to override
 # default_install_source = "v0.0.12"
 
+# ===========================================================================
+# STORAGE BACKEND CONFIGURATION (DEFAULTS)
+# ===========================================================================
+# By default, Piri uses filesystem storage and SQLite database.
+# For native deployments, you can configure MinIO and/or PostgreSQL
+# backends running on the same EC2 instance via Docker Compose.
+# Each instance gets its own MinIO/PostgreSQL containers.
+
+# Default blob storage backend: "filesystem" (default) or "minio"
+# Default: "filesystem" - uncomment to use MinIO
+# default_storage_backend = "minio"
+
+# Default database backend: "sqlite" (default) or "postgres"
+# Default: "sqlite" - uncomment to use PostgreSQL
+# default_database_backend = "postgres"
+
+# MinIO configuration (required when storage_backend = "minio")
+# -------------------------------------------
+# MinIO root user (shared across all instances)
+# Default: "minioadmin" - uncomment to override
+# minio_root_user = "minioadmin"
+
+# MinIO root password (required when using MinIO)
+# minio_root_password = "your-secure-minio-password"
+
+# Prefix for MinIO buckets
+# Default: "piri-" - uncomment to override
+# minio_bucket_prefix = "piri-"
+
+# PostgreSQL configuration (required when database_backend = "postgres")
+# -------------------------------------------
+# PostgreSQL user (shared across all instances)
+# Default: "piri" - uncomment to override
+# postgres_user = "piri"
+
+# PostgreSQL password (required when using PostgreSQL)
+# postgres_password = "your-secure-postgres-password"
+
+# PostgreSQL database name
+# Default: "piri" - uncomment to override
+# postgres_database = "piri"
+
 # ===========================================================================
 # INSTANCE DEFINITIONS
 # ===========================================================================
@@ -163,6 +205,10 @@ network = "warm-staging"
 #   - install_source: Override version/branch to install
 #   - service_pem_content: Service private key (only if use_secrets_manager = false)
 #   - wallet_hex_content: Wallet private key (only if use_secrets_manager = false)
+#   - storage_backend: Override default storage backend ("filesystem" or "minio")
+#   - database_backend: Override default database backend ("sqlite" or "postgres")
+#   - minio_root_password: Override MinIO password for this instance
+#   - postgres_password: Override PostgreSQL password for this instance
 
 instances = {
   # Example: Basic node using all defaults
@@ -198,14 +244,49 @@ instances = {
 #   node1 = {
 #     subdomain      = "node1"
 #     operator_email = "operator1@example.com"
-#     
+#
 #     # When use_secrets_manager = false, these are REQUIRED:
 #     service_pem_content = <<EOF
 # -----BEGIN PRIVATE KEY-----
 # YOUR_SERVICE_PRIVATE_KEY_HERE
 # -----END PRIVATE KEY-----
 # EOF
-#     
+#
 #     wallet_hex_content = "YOUR_WALLET_PRIVATE_KEY_HEX_HERE"
 #   }
 # }
+
+# ===========================================================================
+# INSTANCE DEFINITIONS WITH NATIVE BACKENDS (MinIO + PostgreSQL)
+# ===========================================================================
+# Example: Multi-instance deployment with MinIO and PostgreSQL backends
+# Each instance runs its own MinIO/PostgreSQL containers via Docker Compose
+
+# default_storage_backend  = "minio"
+# default_database_backend = "postgres"
+# minio_root_password      = "shared-minio-password"
+# postgres_password        = "shared-postgres-password"
+#
+# instances = {
+#   # Node using default backends (MinIO + PostgreSQL)
+#   node1 = {
+#     subdomain      = "node1"
+#     operator_email = "operator1@example.com"
+#   }
+#
+#   # Node with custom passwords for its backends
+#   node2 = {
+#     subdomain           = "node2"
+#     operator_email      = "operator2@example.com"
+#     minio_root_password = "node2-minio-password"
+#     postgres_password   = "node2-postgres-password"
+#   }
+#
+#   # Node using filesystem + SQLite (override backends)
+#   node3 = {
+#     subdomain        = "node3"
+#     operator_email   = "operator3@example.com"
+#     storage_backend  = "filesystem"
+#     database_backend = "sqlite"
+#   }
+# }
@@ -89,6 +89,70 @@ variable "use_secrets_manager" {
   default     = true
 }
 
+# =============================================================================
+# Storage Backend Configuration (defaults)
+# =============================================================================
+
+variable "default_storage_backend" {
+  description = "Default blob storage backend: 'filesystem' (default) or 'minio'"
+  type        = string
+  default     = "filesystem"
+  validation {
+    condition     = contains(["filesystem", "minio"], var.default_storage_backend)
+    error_message = "default_storage_backend must be 'filesystem' or 'minio'"
+  }
+}
+
+variable "default_database_backend" {
+  description = "Default database backend: 'sqlite' (default) or 'postgres'"
+  type        = string
+  default     = "sqlite"
+  validation {
+    condition     = contains(["sqlite", "postgres"], var.default_database_backend)
+    error_message = "default_database_backend must be 'sqlite' or 'postgres'"
+  }
+}
+
+# MinIO configuration (when storage_backend = "minio")
+variable "minio_root_user" {
+  description = "MinIO root user"
+  type        = string
+  default     = "minioadmin"
+}
+
+variable "minio_root_password" {
+  description = "MinIO root password (required when storage_backend = 'minio')"
+  type        = string
+  sensitive   = true
+  default     = ""
+}
+
+variable "minio_bucket_prefix" {
+  description = "Prefix for MinIO buckets"
+  type        = string
+  default     = "piri-"
+}
+
+# PostgreSQL configuration (when database_backend = "postgres")
+variable "postgres_user" {
+  description = "PostgreSQL user"
+  type        = string
+  default     = "piri"
+}
+
+variable "postgres_password" {
+  description = "PostgreSQL password (required when database_backend = 'postgres')"
+  type        = string
+  sensitive   = true
+  default     = ""
+}
+
+variable "postgres_database" {
+  description = "PostgreSQL database name"
+  type        = string
+  default     = "piri"
+}
+
 # Instance Definitions
 variable "instances" {
   description = "Map of instances to create"
@@ -101,5 +165,10 @@ variable "instances" {
     ebs_volume_size     = optional(number)
     install_method      = optional(string)
     install_source      = optional(string)
+    # Backend overrides (optional)
+    storage_backend     = optional(string)
+    database_backend    = optional(string)
+    minio_root_password = optional(string)
+    postgres_password   = optional(string)
   }))
 }
@@ -44,7 +44,7 @@ module "piri_instance" {
   protect_volume            = var.environment == "production" || var.environment == "prod" || var.environment == "forge-prod"
   domain_name               = "${var.environment}.${var.app}.${var.root_domain}"
   route53_zone_id           = data.aws_route53_zone.primary.zone_id
-  
+
   install_method          = var.install_method
   install_source          = var.install_source
   network                 = var.network
@@ -55,6 +55,16 @@ module "piri_instance" {
   operator_email          = var.operator_email
   use_letsencrypt_staging = var.environment != "production" && var.environment != "prod" && var.environment != "forge-prod"
 
+  # Backend configuration
+  storage_backend     = var.storage_backend
+  database_backend    = var.database_backend
+  minio_root_user     = var.minio_root_user
+  minio_root_password = var.minio_root_password
+  minio_bucket_prefix = var.minio_bucket_prefix
+  postgres_user       = var.postgres_user
+  postgres_password   = var.postgres_password
+  postgres_database   = var.postgres_database
+
   tags = {
     Owner = var.owner
     Team  = var.team

@@ -193,6 +193,47 @@ EOF
 # [REQUIRED if use_secrets_manager = false] Wallet private key in hex format
 wallet_hex_content = "YOUR_WALLET_PRIVATE_KEY_HEX_HERE"
 
+# ===========================================================================
+# STORAGE BACKEND CONFIGURATION
+# ===========================================================================
+# By default, Piri uses filesystem storage and SQLite database.
+# For native deployments, you can configure MinIO and/or PostgreSQL
+# backends running on the same EC2 instance via Docker Compose.
+
+# Blob storage backend: "filesystem" (default) or "minio"
+# Default: "filesystem" - uncomment to use MinIO
+# storage_backend = "minio"
+
+# Database backend: "sqlite" (default) or "postgres"
+# Default: "sqlite" - uncomment to use PostgreSQL
+# database_backend = "postgres"
+
+# MinIO configuration (required when storage_backend = "minio")
+# -------------------------------------------
+# MinIO root user
+# Default: "minioadmin" - uncomment to override
+# minio_root_user = "minioadmin"
+
+# MinIO root password (required when using MinIO)
+# minio_root_password = "your-secure-minio-password"
+
+# Prefix for MinIO buckets
+# Default: "piri-" - uncomment to override
+# minio_bucket_prefix = "piri-"
+
+# PostgreSQL configuration (required when database_backend = "postgres")
+# -------------------------------------------
+# PostgreSQL user
+# Default: "piri" - uncomment to override
+# postgres_user = "piri"
+
+# PostgreSQL password (required when using PostgreSQL)
+# postgres_password = "your-secure-postgres-password"
+
+# PostgreSQL database name
+# Default: "piri" - uncomment to override
+# postgres_database = "piri"
+
 # ===========================================================================
 # EXAMPLE CONFIGURATIONS
 # ===========================================================================
@@ -240,6 +281,24 @@ wallet_hex_content = "YOUR_WALLET_PRIVATE_KEY_HEX_HERE"
 # operator_email      = "dev@example.com"
 # use_secrets_manager = true
 
+# -------------------------------------------
+# Example 4: Native deployment with MinIO + PostgreSQL
+# -------------------------------------------
+# allowed_account_ids = ["123456789012"]
+# environment         = "staging"
+# instance_type       = "m6a.xlarge"
+# ebs_volume_size     = 200
+# install_method      = "version"
+# install_source      = "v0.0.12"
+# pdp_lotus_endpoint  = "wss://api.calibration.node.glif.io/rpc/v1"
+# network             = "warm-staging"
+# operator_email      = "ops@example.com"
+# use_secrets_manager = true
+# storage_backend     = "minio"
+# database_backend    = "postgres"
+# minio_root_password = "secure-minio-password"
+# postgres_password   = "secure-postgres-password"
+
 # ===========================================================================
 # DEPLOYMENT COMMANDS
 # ===========================================================================

@@ -114,4 +114,68 @@ variable "wallet_hex_content" {
 variable "operator_email" {
   description = "Email address of the piri operator"
   type        = string
+}
+
+# =============================================================================
+# Storage Backend Configuration
+# =============================================================================
+
+variable "storage_backend" {
+  description = "Blob storage backend: 'filesystem' (default) or 'minio'"
+  type        = string
+  default     = "filesystem"
+  validation {
+    condition     = contains(["filesystem", "minio"], var.storage_backend)
+    error_message = "storage_backend must be 'filesystem' or 'minio'"
+  }
+}
+
+variable "database_backend" {
+  description = "Database backend: 'sqlite' (default) or 'postgres'"
+  type        = string
+  default     = "sqlite"
+  validation {
+    condition     = contains(["sqlite", "postgres"], var.database_backend)
+    error_message = "database_backend must be 'sqlite' or 'postgres'"
+  }
+}
+
+# MinIO configuration (when storage_backend = "minio")
+variable "minio_root_user" {
+  description = "MinIO root user"
+  type        = string
+  default     = "minioadmin"
+}
+
+variable "minio_root_password" {
+  description = "MinIO root password (required when storage_backend = 'minio')"
+  type        = string
+  sensitive   = true
+  default     = ""
+}
+
+variable "minio_bucket_prefix" {
+  description = "Prefix for MinIO buckets"
+  type        = string
+  default     = "piri-"
+}
+
+# PostgreSQL configuration (when database_backend = "postgres")
+variable "postgres_user" {
+  description = "PostgreSQL user"
+  type        = string
+  default     = "piri"
+}
+
+variable "postgres_password" {
+  description = "PostgreSQL password (required when database_backend = 'postgres')"
+  type        = string
+  sensitive   = true
+  default     = ""
+}
+
+variable "postgres_database" {
+  description = "PostgreSQL database name"
+  type        = string
+  default     = "piri"
 }