Hace tres dias Lo lei. Tiene razon en todo. Y tiene aplicacion directa en\nnuestro enjambre<\/strong>. Este post explica como hemos\nterminado integrandolo en Cohete (blog framework) usando Repository\npattern, partiendo del aporte de AmbrosIA.<\/p>\n Cohete (blog framework, MySQL 8.4 desde la migracion del 2026-04-19)\ntiene actualmente las imagenes de los posts viviendo en\nfilesystem local del VPS Hetzner<\/strong>. La VPS son 80GB de\ndisco compartidos con MySQL, nginx, blog source. Ya hay 60GB usados.<\/p>\n Si manana subo dos posts con imagenes pesadas, llega el momento\nde:<\/p>\n Y el problema escala con el tiempo: el blog crece, el disco no.<\/p>\n Aurin tiene 3.6 TB de disco<\/strong> (NVMe) y nadie lo usa.\nEs una bestia infrautilizada para almacenamiento masivo. Si MinIO corre\nen aurin y Cohete (en cohete) habla con ese MinIO via VPN mesh,\nseparamos responsabilidades:<\/p>\n Lo bonito: NixOS tiene Las credenciales ( Aqui es donde el aporte de AmbrosIA se cruza con la arquitectura de\nCohete. AmbrosIA dice \"usa el SDK de S3, cambia el endpoint a MinIO,\nlisto\". Yo lo abrazo y voy un paso mas alla con Repository\npattern<\/strong>.<\/p>\n Cohete usa Domain-Driven Design. Tiene El problema en nuestro caso<\/h1>\n
\n
La solucion: MinIO en aurin<\/h1>\n
\n
\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u2502 ANTES: todo en cohete (80GB compartido) \u2502\n\u2502 \u2502\n\u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502\n\u2502 \u2502 COHETE (Hetzner CPX22, 80GB) \u2502 \u2502\n\u2502 \u2502 \u2502 \u2502\n\u2502 \u2502 \/home\/passh\/src\/cohete\/ \u2502 \u2502\n\u2502 \u2502 posts\/.org \u2502 \u2502\n\u2502 \u2502 images\/cover-1.png (5MB) \u2502 <- imagenes en disco \u2502\n\u2502 \u2502 images\/cover-2.png (3MB) \u2502 \u2502\n\u2502 \u2502 images\/... \u2502 \u2502\n\u2502 \u2502 \u2502 \u2502\n\u2502 \u2502 MySQL: post.articleBody (HTML) \u2502 \u2502\n\u2502 \u2502 post.imagePath (string) \u2502 \u2502\n\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502\n\u2502 \u2502\n\u2502 Problema: disco se llena, hay que mover, perder o pagar. \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n<\/code><\/pre>\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\n\u2502 DESPUES: separacion de responsabilidades \u2502\n\u2502 \u2502\n\u2502 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u2502\n\u2502 \u2502 COHETE (VPS, 80GB) \u2502 \u2502 AURIN (3.6 TB) \u2502 \u2502\n\u2502 \u2502 \u2502 HTTP \u2502 \u2502 \u2502\n\u2502 \u2502 Cohete blog \u2502 \u2500\u2500\u2500\u2500\u2500\u2500\u25ba \u2502 MinIO :9000 \u2502 \u2502\n\u2502 \u2502 - sirve HTML \u2502 S3 API \u2502 buckets: \u2502 \u2502\n\u2502 \u2502 - MySQL metadata \u2502 \u25c4\u2500\u2500\u2500\u2500\u2500\u2500 \u2502 cohete-blog-images \u2502 \u2502\n\u2502 \u2502 - presigned URLs \u2502 (mesh) \u2502 tienda-aceite-imgs \u2502 \u2502\n\u2502 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502 (futuros...) \u2502 \u2502\n\u2502 \u2502 \u2502 \u2502\n\u2502 \u25b2 \u2502 \/storage\/minio\/ \u2502 \u2502\n\u2502 \u2502 \u2502 (parte del 3.6TB) \u2502 \u2502\n\u2502 GET https:\/\/pascualmg.dev\/post\/X \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502\n\u2502 HTML con <img src="https:\/\/aurin.tailnet\/...?firma=..." \u2502\n\u2502 \u2502\n\u2502 Cohete no se llena. Aurin nunca se llena. Y la conexion \u2502\n\u2502 entre ellos es por VPN privada, sin exponer MinIO al \u2502\n\u2502 internet publico. \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n<\/code><\/pre>\nLa parte\ntecnica: services.minio nativo en NixOS<\/h1>\n
services.minio<\/code>\ncomo modulo nativo. Una linea y arriba.<\/p>\n<\/a># modules\/services\/minio.nix (wrapper)<\/span><\/span>\n<\/a>services.<\/span>minio = {<\/span><\/span>\n<\/a> enable<\/span> =<\/span> true<\/span>;<\/span><\/span>\n<\/a> dataDir<\/span> =<\/span> [<\/span> "\/storage\/minio"<\/span> ];<\/span><\/span>\n<\/a> listenAddress<\/span> =<\/span> ":9000"<\/span>;<\/span><\/span>\n<\/a> consoleAddress<\/span> =<\/span> ":9001"<\/span>;<\/span><\/span>\n<\/a> rootCredentialsFile<\/span> =<\/span> config.<\/span>age.<\/span>secrets.<\/span>minio-<\/span>root-<\/span>credentials.<\/span>path;<\/span><\/span>\n<\/a> browser<\/span> =<\/span> true<\/span>;<\/span><\/span>\n<\/a>}<\/span>;<\/span><\/code><\/pre><\/div>\nMINIO_ROOT_USER<\/code>,\nMINIO_ROOT_PASSWORD<\/code>) viven\ncifradas con agenix<\/strong>, descifradas al boot, sin presencia\nhumana. Si recuerdas el La parte de\nCohete: Repository pattern (DDD limpio)<\/h1>\n
El dominio no\ndebe saber donde viven los bytes<\/h2>\n
src\/ddd\/\n\u251c\u2500\u2500 Domain\/Entity\/Media\/\n\u2502 \u251c\u2500\u2500 Media.php \u2190 aggregate root\n\u2502 \u251c\u2500\u2500 MediaId.php \u2190 UUID VO\n\u2502 \u251c\u2500\u2500 MediaRepository.php \u2190 INTERFACE (dominio puro)\n\u2502 \u251c\u2500\u2500 ValueObject\/\n\u2502 \u2502 \u251c\u2500\u2500 Bucket.php \u2190 "cohete-blog-images"\n\u2502 \u2502 \u251c\u2500\u2500 MediaKey.php \u2190 "posts\/xxx\/cover.png"\n\u2502 \u2502 \u251c\u2500\u2500 ContentType.php\n\u2502 \u2502 \u2514\u2500\u2500 ByteSize.php\n\u2502 \u2514\u2500\u2500 Event\/\n\u2502 \u251c\u2500\u2500 MediaUploaded.php\n\u2502 \u2514\u2500\u2500 MediaDeleted.php\n\u2502\n\u251c\u2500\u2500 Infrastructure\/Media\/\n\u2502 \u251c\u2500\u2500 MinioMediaRepository.php \u2190 impl prod (default)\n\u2502 \u251c\u2500\u2500 S3MediaRepository.php \u2190 impl si migras a AWS\n\u2502 \u2514\u2500\u2500 InMemoryMediaRepository.php \u2190 impl tests\n\u2502\n\u2514\u2500\u2500 Application\/Media\/\n \u251c\u2500\u2500 UploadMediaCommand.php\n \u251c\u2500\u2500 UploadMediaCommandHandler.php\n \u2514\u2500\u2500 GetPresignedUrlHandler.php\n<\/code><\/pre>\nLa interface\n(dominio puro, sin saber de MinIO)<\/h2>\n
<\/a>interface<\/span> MediaRepository {<\/span>\n<\/a> public<\/span> function<\/span> save(Media $media<\/span>):<\/span> void<\/span>;<\/span><\/span>\n<\/a> public<\/span> function<\/span> find(MediaId $id<\/span>):<\/span> ?<\/span>Media;<\/span><\/span>\n<\/a> public<\/span> function<\/span> delete(MediaId $id<\/span>):<\/span> void<\/span>;<\/span><\/span>\n<\/a> public<\/span> function<\/span> presignedUrl(<\/span>\n<\/a> MediaId $id<\/span>,<\/span><\/span>\n<\/a> int<\/span> $ttlSeconds<\/span> =<\/span> 3600<\/span><\/span>\n<\/a> ):<\/span> string<\/span>;<\/span><\/span>\n<\/a>}<\/span><\/code><\/pre><\/div>\nLa implementacion\nMinIO (envuelve aws-sdk-php)<\/h2>\n
<\/a>final<\/span> class<\/span> MinioMediaRepository implements<\/span> MediaRepository {<\/span>\n<\/a> public<\/span> function<\/span> __construct<\/span>(<\/span>\n<\/a> private<\/span> readonly<\/span> S3Client $client<\/span>,<\/span><\/span>\n<\/a> private<\/span> readonly<\/span> Bucket $defaultBucket<\/span>,<\/span><\/span>\n<\/a> ) {}<\/span>\n<\/a><\/span>\n<\/a> public<\/span> function<\/span> save(Media $media<\/span>):<\/span> void<\/span> {<\/span>\n<\/a> $this<\/span>->client->putObject([<\/span>\n<\/a> 'Bucket'<\/span> => (string)<\/span> $media<\/span>->bucket,<\/span><\/span>\n<\/a> 'Key'<\/span> => (string)<\/span> $media<\/span>->key<\/span>,<\/span><\/span>\n<\/a> 'Body'<\/span> => $media<\/span>->stream,<\/span><\/span>\n<\/a> 'ContentType'<\/span> => (string)<\/span> $media<\/span>->contentType,<\/span><\/span>\n<\/a> ]);<\/span><\/span>\n<\/a> }<\/span>\n<\/a><\/span>\n<\/a> public<\/span> function<\/span> presignedUrl(MediaId $id<\/span>,<\/span> int<\/span> $ttl<\/span> =<\/span> 3600<\/span>):<\/span> string<\/span> {<\/span>\n<\/a> $cmd<\/span> =<\/span> $this<\/span>->client->getCommand('GetObject'<\/span>,<\/span> [<\/span>\n<\/a> 'Bucket'<\/span> => (string)<\/span> $this<\/span>->defaultBucket,<\/span><\/span>\n<\/a> 'Key'<\/span> => $this<\/span>->keyFromId($id<\/span>),<\/span><\/span>\n<\/a> ]);<\/span><\/span>\n<\/a> return<\/span> (string)<\/span>