add function to s3

backend/go.mod

@@ -5,15 +5,19 @@ go 1.24.0
 toolchain go1.24.11
 
 require (
+	github.com/creack/pty v1.1.24
 	github.com/gin-gonic/gin v1.10.0
+	github.com/go-playground/validator/v10 v10.20.0
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/websocket v1.5.3
 	github.com/lib/pq v1.10.9
+	github.com/minio/madmin-go/v3 v3.0.110
+	github.com/minio/minio-go/v7 v7.0.97
 	github.com/stretchr/testify v1.11.1
 	go.uber.org/zap v1.27.0
-	golang.org/x/crypto v0.23.0
-	golang.org/x/sync v0.7.0
+	golang.org/x/crypto v0.37.0
+	golang.org/x/sync v0.15.0
 	golang.org/x/time v0.14.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -21,30 +25,57 @@ require (
 require (
 	github.com/bytedance/sonic v1.11.6 // indirect
 	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
-	github.com/creack/pty v1.1.24 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
+	github.com/go-ini/ini v1.67.0 // indirect
+	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.20.0 // indirect
-	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/golang-jwt/jwt/v4 v4.5.2 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
+	github.com/klauspost/compress v1.18.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.11 // indirect
+	github.com/klauspost/crc32 v1.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/minio/crc64nvme v1.1.0 // indirect
+	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/philhofer/fwd v1.2.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 // indirect
+	github.com/prometheus/client_model v0.6.2 // indirect
+	github.com/prometheus/common v0.63.0 // indirect
+	github.com/prometheus/procfs v0.16.0 // indirect
+	github.com/prometheus/prom2json v1.4.2 // indirect
+	github.com/prometheus/prometheus v0.303.0 // indirect
+	github.com/rs/xid v1.6.0 // indirect
+	github.com/safchain/ethtool v0.5.10 // indirect
+	github.com/secure-io/sio-go v0.3.1 // indirect
+	github.com/shirou/gopsutil/v3 v3.24.5 // indirect
+	github.com/shoenig/go-m1cpu v0.1.6 // indirect
+	github.com/tinylib/msgp v1.3.0 // indirect
+	github.com/tklauser/go-sysconf v0.3.15 // indirect
+	github.com/tklauser/numcpus v0.10.0 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect
-	go.uber.org/multierr v1.10.0 // indirect
+	github.com/yusufpapurcu/wmi v1.2.4 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/arch v0.8.0 // indirect
-	golang.org/x/net v0.25.0 // indirect
-	golang.org/x/sys v0.20.0 // indirect
-	golang.org/x/text v0.15.0 // indirect
-	google.golang.org/protobuf v1.34.1 // indirect
+	golang.org/x/net v0.39.0 // indirect
+	golang.org/x/sys v0.34.0 // indirect
+	golang.org/x/text v0.26.0 // indirect
+	google.golang.org/protobuf v1.36.6 // indirect
 )

backend/go.sum

@@ -2,6 +2,8 @@ github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc
 github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
 github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
 github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
 github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
 github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
@@ -9,14 +11,22 @@ github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQ
 github.com/creack/pty v1.1.24 h1:bJrF4RRfyJnbTJqzRLHzcGaZK1NeM5kTC9jGgovnR1s=
 github.com/creack/pty v1.1.24/go.mod h1:08sCNb52WyoAwi2QDyzUCTgcvVFhUzewun7wtTfvcwE=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
+github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
 github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
+github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
+github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0=
+github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE=
+github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
 github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
@@ -25,12 +35,17 @@ github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJn
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
 github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=
 github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
-github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
-github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
+github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI=
+github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
 github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
-github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
+github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -38,25 +53,75 @@ github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aN
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
+github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
-github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/klauspost/cpuid/v2 v2.2.11 h1:0OwqZRYI2rFrjS4kvkDnqJkKHdHaRnCm68/DY4OxRzU=
+github.com/klauspost/cpuid/v2 v2.2.11/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/klauspost/crc32 v1.3.0 h1:sSmTt3gUt81RP655XGZPElI0PelVTZ6YwCRnPSupoFM=
+github.com/klauspost/crc32 v1.3.0/go.mod h1:D7kQaZhnkX/Y0tstFGf8VUzv2UofNGqCjnC3zdHB0Hw=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
+github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 h1:PpXWgLPs+Fqr325bN2FD2ISlRRztXibcX6e8f5FR5Dc=
+github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
+github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
+github.com/minio/crc64nvme v1.1.0 h1:e/tAguZ+4cw32D+IO/8GSf5UVr9y+3eJcxZI2WOO/7Q=
+github.com/minio/crc64nvme v1.1.0/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
+github.com/minio/madmin-go/v3 v3.0.110 h1:FIYekj7YPc430ffpXFWiUtyut3qBt/unIAcDzJn9H5M=
+github.com/minio/madmin-go/v3 v3.0.110/go.mod h1:WOe2kYmYl1OIlY2DSRHVQ8j1v4OItARQ6jGyQqcCud8=
+github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
+github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
+github.com/minio/minio-go/v7 v7.0.97 h1:lqhREPyfgHTB/ciX8k2r8k0D93WaFqxbJX36UZq5occ=
+github.com/minio/minio-go/v7 v7.0.97/go.mod h1:re5VXuo0pwEtoNLsNuSr0RrLfT/MBtohwdaSmPPSRSk=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
 github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM=
+github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55 h1:o4JXh1EVt9k/+g42oCprj/FisM4qX9L3sZB3upGN2ZU=
+github.com/power-devops/perfstat v0.0.0-20240221224432-82ca36839d55/go.mod h1:OmDBASR4679mdNQnz2pUhc2G8CO2JrUAVFDRBDP/hJE=
+github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk=
+github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE=
+github.com/prometheus/common v0.63.0 h1:YR/EIY1o3mEFP/kZCD7iDMnLPlGyuU2Gb3HIcXnA98k=
+github.com/prometheus/common v0.63.0/go.mod h1:VVFF/fBIoToEnWRVkYoXEkq3R3paCoxG9PXP74SnV18=
+github.com/prometheus/procfs v0.16.0 h1:xh6oHhKwnOJKMYiYBDWmkHqQPyiY40sny36Cmx2bbsM=
+github.com/prometheus/procfs v0.16.0/go.mod h1:8veyXUu3nGP7oaCxhX6yeaM5u4stL2FeMXnCqhDthZg=
+github.com/prometheus/prom2json v1.4.2 h1:PxCTM+Whqi/eykO1MKsEL0p/zMpxp9ybpsmdFamw6po=
+github.com/prometheus/prom2json v1.4.2/go.mod h1:zuvPm7u3epZSbXPWHny6G+o8ETgu6eAK3oPr6yFkRWE=
+github.com/prometheus/prometheus v0.303.0 h1:wsNNsbd4EycMCphYnTmNY9JASBVbp7NWwJna857cGpA=
+github.com/prometheus/prometheus v0.303.0/go.mod h1:8PMRi+Fk1WzopMDeb0/6hbNs9nV6zgySkU/zds5Lu3o=
+github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=
+github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
+github.com/safchain/ethtool v0.5.10 h1:Im294gZtuf4pSGJRAOGKaASNi3wMeFaGaWuSaomedpc=
+github.com/safchain/ethtool v0.5.10/go.mod h1:w9jh2Lx7YBR4UwzLkzCmWl85UY0W2uZdd7/DckVE5+c=
+github.com/secure-io/sio-go v0.3.1 h1:dNvY9awjabXTYGsTF1PiCySl9Ltofk9GA3VdWlo7rRc=
+github.com/secure-io/sio-go v0.3.1/go.mod h1:+xbkjDzPjwh4Axd07pRKSNriS9SCiYksWnZqdnfpQxs=
+github.com/shirou/gopsutil/v3 v3.24.5 h1:i0t8kL+kQTvpAYToeuiVk3TgDeKOFioZO3Ztz/iZ9pI=
+github.com/shirou/gopsutil/v3 v3.24.5/go.mod h1:bsoOS1aStSs9ErQ1WWfxllSeS1K5D+U30r2NfcubMVk=
+github.com/shoenig/go-m1cpu v0.1.6 h1:nxdKQNcEB6vzgA2E2bvzKIYRuNj7XNJ4S/aRSwKzFtM=
+github.com/shoenig/go-m1cpu v0.1.6/go.mod h1:1JJMcUBvfNwpq05QDQVAnx3gUHr9IYF7GNg9SUEw2VQ=
+github.com/shoenig/test v0.6.4 h1:kVTaSd7WLz5WZ2IaoM0RSzRsUD+m8wRR+5qvntpn4LU=
+github.com/shoenig/test v0.6.4/go.mod h1:byHiCGXqrVaflBLAMq/srcZIHynQPQgeyvkvXnjqq0k=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
@@ -70,39 +135,57 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
+github.com/tinylib/msgp v1.3.0 h1:ULuf7GPooDaIlbyvgAxBV/FI7ynli6LZ1/nVUNu+0ww=
+github.com/tinylib/msgp v1.3.0/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0=
+github.com/tklauser/go-sysconf v0.3.15 h1:VE89k0criAymJ/Os65CSn1IXaol+1wrsFHEB8Ol49K4=
+github.com/tklauser/go-sysconf v0.3.15/go.mod h1:Dmjwr6tYFIseJw7a3dRLJfsHAMXZ3nEnL/aZY+0IuI4=
+github.com/tklauser/numcpus v0.10.0 h1:18njr6LDBk1zuna922MgdjQuJFjrdppsZG60sHGfjso=
+github.com/tklauser/numcpus v0.10.0/go.mod h1:BiTKazU708GQTYF4mB+cmlpT2Is1gLk7XVuEeem8LsQ=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
 github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
 github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
+github.com/yusufpapurcu/wmi v1.2.4 h1:zFUKzehAFReQwLys1b/iSMl+JQGSCSjtVqQn9bBrPo0=
+github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQmPyzfmi0=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
-go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
 golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
 golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
-golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
-golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
-golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
-golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
-golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
+golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201204225414-ed752295db88/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
-golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
-golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
+golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.26.0 h1:P42AVeLghgTYr4+xUnTRKDMqpar+PtX7KWuNQL21L8M=
+golang.org/x/text v0.26.0/go.mod h1:QK15LZJUUQVJxhz7wXgxSy/CJaTFjd0G+YLonydOVQA=
 golang.org/x/time v0.14.0 h1:MRx4UaLrDotUKUdCIqzPC48t1Y9hANFKIRpNx+Te8PI=
 golang.org/x/time v0.14.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
-golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
-google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
+google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

backend/internal/common/config/config.go

@@ -10,11 +10,12 @@ import (
 
 // Config represents the application configuration
 type Config struct {
-	Server   ServerConfig   `yaml:"server"`
-	Database DatabaseConfig `yaml:"database"`
-	Auth     AuthConfig     `yaml:"auth"`
-	Logging  LoggingConfig  `yaml:"logging"`
-	Security SecurityConfig `yaml:"security"`
+	Server       ServerConfig       `yaml:"server"`
+	Database     DatabaseConfig     `yaml:"database"`
+	Auth         AuthConfig         `yaml:"auth"`
+	Logging      LoggingConfig      `yaml:"logging"`
+	Security     SecurityConfig     `yaml:"security"`
+	ObjectStorage ObjectStorageConfig `yaml:"object_storage"`
 }
 
 // ServerConfig holds HTTP server configuration
@@ -96,6 +97,14 @@ type SecurityHeadersConfig struct {
 	Enabled bool `yaml:"enabled"`
 }
 
+// ObjectStorageConfig holds MinIO configuration
+type ObjectStorageConfig struct {
+	Endpoint  string `yaml:"endpoint"`
+	AccessKey string `yaml:"access_key"`
+	SecretKey string `yaml:"secret_key"`
+	UseSSL    bool   `yaml:"use_ssl"`
+}
+
 // Load reads configuration from file and environment variables
 func Load(path string) (*Config, error) {
 	cfg := DefaultConfig()

backend/internal/common/database/migrations/003_object_storage_config.sql

@@ -0,0 +1,22 @@
+-- Migration: Object Storage Configuration
+-- Description: Creates table for storing MinIO object storage configuration
+-- Date: 2026-01-09
+
+CREATE TABLE IF NOT EXISTS object_storage_config (
+    id SERIAL PRIMARY KEY,
+    dataset_path VARCHAR(255) NOT NULL UNIQUE,
+    mount_point VARCHAR(512) NOT NULL,
+    pool_name VARCHAR(255) NOT NULL,
+    dataset_name VARCHAR(255) NOT NULL,
+    created_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW(),
+    updated_at TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_object_storage_config_pool_name ON object_storage_config(pool_name);
+CREATE INDEX IF NOT EXISTS idx_object_storage_config_updated_at ON object_storage_config(updated_at);
+
+COMMENT ON TABLE object_storage_config IS 'Stores MinIO object storage configuration, linking to ZFS datasets';
+COMMENT ON COLUMN object_storage_config.dataset_path IS 'Full ZFS dataset path (e.g., pool/dataset)';
+COMMENT ON COLUMN object_storage_config.mount_point IS 'Mount point path for the dataset';
+COMMENT ON COLUMN object_storage_config.pool_name IS 'ZFS pool name';
+COMMENT ON COLUMN object_storage_config.dataset_name IS 'ZFS dataset name';

backend/internal/common/router/router.go

@@ -13,6 +13,7 @@ import (
 	"github.com/atlasos/calypso/internal/common/logger"
 	"github.com/atlasos/calypso/internal/iam"
 	"github.com/atlasos/calypso/internal/monitoring"
+	"github.com/atlasos/calypso/internal/object_storage"
 	"github.com/atlasos/calypso/internal/scst"
 	"github.com/atlasos/calypso/internal/shares"
 	"github.com/atlasos/calypso/internal/storage"
@@ -211,6 +212,45 @@ func NewRouter(cfg *config.Config, db *database.DB, log *logger.Logger) *gin.Eng
 				sharesGroup.DELETE("/:id", requirePermission("storage", "write"), sharesHandler.DeleteShare)
 			}
 
+			// Object Storage (MinIO)
+			// Initialize MinIO service if configured
+			if cfg.ObjectStorage.Endpoint != "" {
+				objectStorageService, err := object_storage.NewService(
+					cfg.ObjectStorage.Endpoint,
+					cfg.ObjectStorage.AccessKey,
+					cfg.ObjectStorage.SecretKey,
+					log,
+				)
+				if err != nil {
+					log.Error("Failed to initialize MinIO service", "error", err)
+				} else {
+					objectStorageHandler := object_storage.NewHandler(objectStorageService, db, log)
+					objectStorageGroup := protected.Group("/object-storage")
+					objectStorageGroup.Use(requirePermission("storage", "read"))
+					{
+					// Setup endpoints
+					objectStorageGroup.GET("/setup/datasets", objectStorageHandler.GetAvailableDatasets)
+					objectStorageGroup.GET("/setup/current", objectStorageHandler.GetCurrentSetup)
+					objectStorageGroup.POST("/setup", requirePermission("storage", "write"), objectStorageHandler.SetupObjectStorage)
+					objectStorageGroup.PUT("/setup", requirePermission("storage", "write"), objectStorageHandler.UpdateObjectStorage)
+						
+						// Bucket endpoints
+						objectStorageGroup.GET("/buckets", objectStorageHandler.ListBuckets)
+						objectStorageGroup.GET("/buckets/:name", objectStorageHandler.GetBucket)
+					objectStorageGroup.POST("/buckets", requirePermission("storage", "write"), objectStorageHandler.CreateBucket)
+					objectStorageGroup.DELETE("/buckets/:name", requirePermission("storage", "write"), objectStorageHandler.DeleteBucket)
+					// User management routes
+					objectStorageGroup.GET("/users", objectStorageHandler.ListUsers)
+					objectStorageGroup.POST("/users", requirePermission("storage", "write"), objectStorageHandler.CreateUser)
+					objectStorageGroup.DELETE("/users/:access_key", requirePermission("storage", "write"), objectStorageHandler.DeleteUser)
+					// Service account (access key) management routes
+					objectStorageGroup.GET("/service-accounts", objectStorageHandler.ListServiceAccounts)
+					objectStorageGroup.POST("/service-accounts", requirePermission("storage", "write"), objectStorageHandler.CreateServiceAccount)
+					objectStorageGroup.DELETE("/service-accounts/:access_key", requirePermission("storage", "write"), objectStorageHandler.DeleteServiceAccount)
+				}
+				}
+			}
+
 			// SCST
 			scstHandler := scst.NewHandler(db, log)
 			scstGroup := protected.Group("/scst")
@@ -307,8 +347,9 @@ func NewRouter(cfg *config.Config, db *database.DB, log *logger.Logger) *gin.Eng
 				systemGroup.GET("/logs", systemHandler.GetSystemLogs)
 				systemGroup.GET("/network/throughput", systemHandler.GetNetworkThroughput)
 				systemGroup.POST("/support-bundle", systemHandler.GenerateSupportBundle)
-				systemGroup.GET("/interfaces", systemHandler.ListNetworkInterfaces)
-				systemGroup.PUT("/interfaces/:name", systemHandler.UpdateNetworkInterface)
+			systemGroup.GET("/interfaces", systemHandler.ListNetworkInterfaces)
+			systemGroup.GET("/management-ip", systemHandler.GetManagementIPAddress)
+			systemGroup.PUT("/interfaces/:name", systemHandler.UpdateNetworkInterface)
 				systemGroup.GET("/ntp", systemHandler.GetNTPSettings)
 				systemGroup.POST("/ntp", systemHandler.SaveNTPSettings)
 				systemGroup.POST("/execute", requirePermission("system", "write"), systemHandler.ExecuteCommand)

backend/internal/object_storage/handler.go

@@ -0,0 +1,285 @@
+package object_storage
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/atlasos/calypso/internal/common/database"
+	"github.com/atlasos/calypso/internal/common/logger"
+	"github.com/gin-gonic/gin"
+)
+
+// Handler handles HTTP requests for object storage
+type Handler struct {
+	service     *Service
+	setupService *SetupService
+	logger      *logger.Logger
+}
+
+// NewHandler creates a new object storage handler
+func NewHandler(service *Service, db *database.DB, log *logger.Logger) *Handler {
+	return &Handler{
+		service:      service,
+		setupService: NewSetupService(db, log),
+		logger:       log,
+	}
+}
+
+// ListBuckets lists all buckets
+func (h *Handler) ListBuckets(c *gin.Context) {
+	buckets, err := h.service.ListBuckets(c.Request.Context())
+	if err != nil {
+		h.logger.Error("Failed to list buckets", "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to list buckets: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"buckets": buckets})
+}
+
+// GetBucket gets bucket information
+func (h *Handler) GetBucket(c *gin.Context) {
+	bucketName := c.Param("name")
+
+	bucket, err := h.service.GetBucketStats(c.Request.Context(), bucketName)
+	if err != nil {
+		h.logger.Error("Failed to get bucket", "bucket", bucketName, "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to get bucket: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, bucket)
+}
+
+// CreateBucketRequest represents a request to create a bucket
+type CreateBucketRequest struct {
+	Name string `json:"name" binding:"required"`
+}
+
+// CreateBucket creates a new bucket
+func (h *Handler) CreateBucket(c *gin.Context) {
+	var req CreateBucketRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		h.logger.Error("Invalid create bucket request", "error", err)
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request: " + err.Error()})
+		return
+	}
+
+	if err := h.service.CreateBucket(c.Request.Context(), req.Name); err != nil {
+		h.logger.Error("Failed to create bucket", "bucket", req.Name, "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create bucket: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusCreated, gin.H{"message": "bucket created successfully", "name": req.Name})
+}
+
+// DeleteBucket deletes a bucket
+func (h *Handler) DeleteBucket(c *gin.Context) {
+	bucketName := c.Param("name")
+
+	if err := h.service.DeleteBucket(c.Request.Context(), bucketName); err != nil {
+		h.logger.Error("Failed to delete bucket", "bucket", bucketName, "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to delete bucket: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "bucket deleted successfully"})
+}
+
+// GetAvailableDatasets gets all available pools and datasets for object storage setup
+func (h *Handler) GetAvailableDatasets(c *gin.Context) {
+	datasets, err := h.setupService.GetAvailableDatasets(c.Request.Context())
+	if err != nil {
+		h.logger.Error("Failed to get available datasets", "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to get available datasets: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"pools": datasets})
+}
+
+// SetupObjectStorageRequest represents a request to setup object storage
+type SetupObjectStorageRequest struct {
+	PoolName    string `json:"pool_name" binding:"required"`
+	DatasetName string `json:"dataset_name" binding:"required"`
+	CreateNew   bool   `json:"create_new"`
+}
+
+// SetupObjectStorage configures object storage with a ZFS dataset
+func (h *Handler) SetupObjectStorage(c *gin.Context) {
+	var req SetupObjectStorageRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		h.logger.Error("Invalid setup request", "error", err)
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request: " + err.Error()})
+		return
+	}
+
+	setupReq := SetupRequest{
+		PoolName:    req.PoolName,
+		DatasetName: req.DatasetName,
+		CreateNew:   req.CreateNew,
+	}
+
+	result, err := h.setupService.SetupObjectStorage(c.Request.Context(), setupReq)
+	if err != nil {
+		h.logger.Error("Failed to setup object storage", "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to setup object storage: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, result)
+}
+
+// GetCurrentSetup gets the current object storage configuration
+func (h *Handler) GetCurrentSetup(c *gin.Context) {
+	setup, err := h.setupService.GetCurrentSetup(c.Request.Context())
+	if err != nil {
+		h.logger.Error("Failed to get current setup", "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to get current setup: " + err.Error()})
+		return
+	}
+
+	if setup == nil {
+		c.JSON(http.StatusOK, gin.H{"configured": false})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"configured": true, "setup": setup})
+}
+
+// UpdateObjectStorage updates the object storage configuration
+func (h *Handler) UpdateObjectStorage(c *gin.Context) {
+	var req SetupObjectStorageRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		h.logger.Error("Invalid update request", "error", err)
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request: " + err.Error()})
+		return
+	}
+
+	setupReq := SetupRequest{
+		PoolName:    req.PoolName,
+		DatasetName: req.DatasetName,
+		CreateNew:   req.CreateNew,
+	}
+
+	result, err := h.setupService.UpdateObjectStorage(c.Request.Context(), setupReq)
+	if err != nil {
+		h.logger.Error("Failed to update object storage", "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to update object storage: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, result)
+}
+
+// ListUsers lists all IAM users
+func (h *Handler) ListUsers(c *gin.Context) {
+	users, err := h.service.ListUsers(c.Request.Context())
+	if err != nil {
+		h.logger.Error("Failed to list users", "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to list users: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"users": users})
+}
+
+// CreateUserRequest represents a request to create a user
+type CreateUserRequest struct {
+	AccessKey string `json:"access_key" binding:"required"`
+	SecretKey string `json:"secret_key" binding:"required"`
+}
+
+// CreateUser creates a new IAM user
+func (h *Handler) CreateUser(c *gin.Context) {
+	var req CreateUserRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		h.logger.Error("Invalid create user request", "error", err)
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request: " + err.Error()})
+		return
+	}
+
+	if err := h.service.CreateUser(c.Request.Context(), req.AccessKey, req.SecretKey); err != nil {
+		h.logger.Error("Failed to create user", "access_key", req.AccessKey, "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create user: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusCreated, gin.H{"message": "user created successfully", "access_key": req.AccessKey})
+}
+
+// DeleteUser deletes an IAM user
+func (h *Handler) DeleteUser(c *gin.Context) {
+	accessKey := c.Param("access_key")
+
+	if err := h.service.DeleteUser(c.Request.Context(), accessKey); err != nil {
+		h.logger.Error("Failed to delete user", "access_key", accessKey, "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to delete user: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "user deleted successfully"})
+}
+
+// ListServiceAccounts lists all service accounts (access keys)
+func (h *Handler) ListServiceAccounts(c *gin.Context) {
+	accounts, err := h.service.ListServiceAccounts(c.Request.Context())
+	if err != nil {
+		h.logger.Error("Failed to list service accounts", "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to list service accounts: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"service_accounts": accounts})
+}
+
+// CreateServiceAccountRequest represents a request to create a service account
+type CreateServiceAccountRequest struct {
+	ParentUser string  `json:"parent_user" binding:"required"`
+	Policy     string  `json:"policy,omitempty"`
+	Expiration *string `json:"expiration,omitempty"` // ISO 8601 format
+}
+
+// CreateServiceAccount creates a new service account (access key)
+func (h *Handler) CreateServiceAccount(c *gin.Context) {
+	var req CreateServiceAccountRequest
+	if err := c.ShouldBindJSON(&req); err != nil {
+		h.logger.Error("Invalid create service account request", "error", err)
+		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request: " + err.Error()})
+		return
+	}
+
+	var expiration *time.Time
+	if req.Expiration != nil {
+		exp, err := time.Parse(time.RFC3339, *req.Expiration)
+		if err != nil {
+			h.logger.Error("Invalid expiration format", "error", err)
+			c.JSON(http.StatusBadRequest, gin.H{"error": "invalid expiration format, use ISO 8601 (RFC3339)"})
+			return
+		}
+		expiration = &exp
+	}
+
+	account, err := h.service.CreateServiceAccount(c.Request.Context(), req.ParentUser, req.Policy, expiration)
+	if err != nil {
+		h.logger.Error("Failed to create service account", "parent_user", req.ParentUser, "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to create service account: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusCreated, account)
+}
+
+// DeleteServiceAccount deletes a service account
+func (h *Handler) DeleteServiceAccount(c *gin.Context) {
+	accessKey := c.Param("access_key")
+
+	if err := h.service.DeleteServiceAccount(c.Request.Context(), accessKey); err != nil {
+		h.logger.Error("Failed to delete service account", "access_key", accessKey, "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to delete service account: " + err.Error()})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "service account deleted successfully"})
+}

backend/internal/object_storage/service.go

@@ -0,0 +1,297 @@
+package object_storage
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/atlasos/calypso/internal/common/logger"
+	"github.com/minio/minio-go/v7"
+	"github.com/minio/minio-go/v7/pkg/credentials"
+	madmin "github.com/minio/madmin-go/v3"
+)
+
+// Service handles MinIO object storage operations
+type Service struct {
+	client     *minio.Client
+	adminClient *madmin.AdminClient
+	logger     *logger.Logger
+	endpoint   string
+	accessKey  string
+	secretKey  string
+}
+
+// NewService creates a new MinIO service
+func NewService(endpoint, accessKey, secretKey string, log *logger.Logger) (*Service, error) {
+	// Create MinIO client
+	minioClient, err := minio.New(endpoint, &minio.Options{
+		Creds:  credentials.NewStaticV4(accessKey, secretKey, ""),
+		Secure: false, // Set to true if using HTTPS
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to create MinIO client: %w", err)
+	}
+
+	// Create MinIO Admin client
+	adminClient, err := madmin.New(endpoint, accessKey, secretKey, false)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create MinIO admin client: %w", err)
+	}
+
+	return &Service{
+		client:      minioClient,
+		adminClient: adminClient,
+		logger:      log,
+		endpoint:    endpoint,
+		accessKey:   accessKey,
+		secretKey:   secretKey,
+	}, nil
+}
+
+// Bucket represents a MinIO bucket
+type Bucket struct {
+	Name         string    `json:"name"`
+	CreationDate time.Time `json:"creation_date"`
+	Size         int64     `json:"size"`         // Total size in bytes
+	Objects      int64     `json:"objects"`      // Number of objects
+	AccessPolicy string    `json:"access_policy"` // private, public-read, public-read-write
+}
+
+// ListBuckets lists all buckets in MinIO
+func (s *Service) ListBuckets(ctx context.Context) ([]*Bucket, error) {
+	buckets, err := s.client.ListBuckets(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list buckets: %w", err)
+	}
+
+	result := make([]*Bucket, 0, len(buckets))
+	for _, bucket := range buckets {
+		bucketInfo, err := s.getBucketInfo(ctx, bucket.Name)
+		if err != nil {
+			s.logger.Warn("Failed to get bucket info", "bucket", bucket.Name, "error", err)
+			// Continue with basic info
+			result = append(result, &Bucket{
+				Name:         bucket.Name,
+				CreationDate: bucket.CreationDate,
+				Size:         0,
+				Objects:      0,
+				AccessPolicy: "private",
+			})
+			continue
+		}
+
+		result = append(result, bucketInfo)
+	}
+
+	return result, nil
+}
+
+// getBucketInfo gets detailed information about a bucket
+func (s *Service) getBucketInfo(ctx context.Context, bucketName string) (*Bucket, error) {
+	// Get bucket creation date
+	buckets, err := s.client.ListBuckets(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	var creationDate time.Time
+	for _, b := range buckets {
+		if b.Name == bucketName {
+			creationDate = b.CreationDate
+			break
+		}
+	}
+
+	// Get bucket size and object count by listing objects
+	var size int64
+	var objects int64
+
+	// List objects in bucket to calculate size and count
+	objectCh := s.client.ListObjects(ctx, bucketName, minio.ListObjectsOptions{
+		Recursive: true,
+	})
+
+	for object := range objectCh {
+		if object.Err != nil {
+			s.logger.Warn("Error listing object", "bucket", bucketName, "error", object.Err)
+			continue
+		}
+		objects++
+		size += object.Size
+	}
+
+	return &Bucket{
+		Name:         bucketName,
+		CreationDate: creationDate,
+		Size:         size,
+		Objects:      objects,
+		AccessPolicy: s.getBucketPolicy(ctx, bucketName),
+	}, nil
+}
+
+// getBucketPolicy gets the access policy for a bucket
+func (s *Service) getBucketPolicy(ctx context.Context, bucketName string) string {
+	policy, err := s.client.GetBucketPolicy(ctx, bucketName)
+	if err != nil {
+		return "private"
+	}
+
+	// Parse policy JSON to determine access type
+	// For simplicity, check if policy allows public read
+	if policy != "" {
+		// Check if policy contains public read access
+		if strings.Contains(policy, "s3:GetObject") && strings.Contains(policy, "Principal") && strings.Contains(policy, "*") {
+			if strings.Contains(policy, "s3:PutObject") {
+				return "public-read-write"
+			}
+			return "public-read"
+		}
+	}
+
+	return "private"
+}
+
+
+// CreateBucket creates a new bucket
+func (s *Service) CreateBucket(ctx context.Context, bucketName string) error {
+	err := s.client.MakeBucket(ctx, bucketName, minio.MakeBucketOptions{})
+	if err != nil {
+		return fmt.Errorf("failed to create bucket: %w", err)
+	}
+	return nil
+}
+
+// DeleteBucket deletes a bucket
+func (s *Service) DeleteBucket(ctx context.Context, bucketName string) error {
+	err := s.client.RemoveBucket(ctx, bucketName)
+	if err != nil {
+		return fmt.Errorf("failed to delete bucket: %w", err)
+	}
+	return nil
+}
+
+// GetBucketStats gets statistics for a bucket
+func (s *Service) GetBucketStats(ctx context.Context, bucketName string) (*Bucket, error) {
+	return s.getBucketInfo(ctx, bucketName)
+}
+
+// User represents a MinIO IAM user
+type User struct {
+	AccessKey string    `json:"access_key"`
+	Status    string    `json:"status"` // "enabled" or "disabled"
+	CreatedAt time.Time `json:"created_at"`
+}
+
+// ListUsers lists all IAM users in MinIO
+func (s *Service) ListUsers(ctx context.Context) ([]*User, error) {
+	users, err := s.adminClient.ListUsers(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list users: %w", err)
+	}
+
+	result := make([]*User, 0, len(users))
+	for accessKey, userInfo := range users {
+		status := "enabled"
+		if userInfo.Status == madmin.AccountDisabled {
+			status = "disabled"
+		}
+
+		// MinIO doesn't provide creation date, use current time
+		result = append(result, &User{
+			AccessKey: accessKey,
+			Status:    status,
+			CreatedAt: time.Now(),
+		})
+	}
+
+	return result, nil
+}
+
+// CreateUser creates a new IAM user in MinIO
+func (s *Service) CreateUser(ctx context.Context, accessKey, secretKey string) error {
+	err := s.adminClient.AddUser(ctx, accessKey, secretKey)
+	if err != nil {
+		return fmt.Errorf("failed to create user: %w", err)
+	}
+	return nil
+}
+
+// DeleteUser deletes an IAM user from MinIO
+func (s *Service) DeleteUser(ctx context.Context, accessKey string) error {
+	err := s.adminClient.RemoveUser(ctx, accessKey)
+	if err != nil {
+		return fmt.Errorf("failed to delete user: %w", err)
+	}
+	return nil
+}
+
+// ServiceAccount represents a MinIO service account (access key)
+type ServiceAccount struct {
+	AccessKey    string    `json:"access_key"`
+	SecretKey    string    `json:"secret_key,omitempty"` // Only returned on creation
+	ParentUser   string    `json:"parent_user"`
+	Expiration   time.Time `json:"expiration,omitempty"`
+	CreatedAt    time.Time `json:"created_at"`
+}
+
+// ListServiceAccounts lists all service accounts in MinIO
+func (s *Service) ListServiceAccounts(ctx context.Context) ([]*ServiceAccount, error) {
+	accounts, err := s.adminClient.ListServiceAccounts(ctx, "")
+	if err != nil {
+		return nil, fmt.Errorf("failed to list service accounts: %w", err)
+	}
+
+	result := make([]*ServiceAccount, 0, len(accounts.Accounts))
+	for _, account := range accounts.Accounts {
+		var expiration time.Time
+		if account.Expiration != nil {
+			expiration = *account.Expiration
+		}
+
+		result = append(result, &ServiceAccount{
+			AccessKey:  account.AccessKey,
+			ParentUser: account.ParentUser,
+			Expiration: expiration,
+			CreatedAt:  time.Now(), // MinIO doesn't provide creation date
+		})
+	}
+
+	return result, nil
+}
+
+// CreateServiceAccount creates a new service account (access key) in MinIO
+func (s *Service) CreateServiceAccount(ctx context.Context, parentUser string, policy string, expiration *time.Time) (*ServiceAccount, error) {
+	opts := madmin.AddServiceAccountReq{
+		TargetUser: parentUser,
+	}
+	if policy != "" {
+		opts.Policy = json.RawMessage(policy)
+	}
+	if expiration != nil {
+		opts.Expiration = expiration
+	}
+
+	creds, err := s.adminClient.AddServiceAccount(ctx, opts)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create service account: %w", err)
+	}
+
+	return &ServiceAccount{
+		AccessKey:  creds.AccessKey,
+		SecretKey:  creds.SecretKey,
+		ParentUser: parentUser,
+		Expiration: creds.Expiration,
+		CreatedAt:  time.Now(),
+	}, nil
+}
+
+// DeleteServiceAccount deletes a service account from MinIO
+func (s *Service) DeleteServiceAccount(ctx context.Context, accessKey string) error {
+	err := s.adminClient.DeleteServiceAccount(ctx, accessKey)
+	if err != nil {
+		return fmt.Errorf("failed to delete service account: %w", err)
+	}
+	return nil
+}

backend/internal/object_storage/setup.go

@@ -0,0 +1,511 @@
+package object_storage
+
+import (
+	"context"
+	"database/sql"
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"time"
+
+	"github.com/atlasos/calypso/internal/common/database"
+	"github.com/atlasos/calypso/internal/common/logger"
+)
+
+// SetupService handles object storage setup operations
+type SetupService struct {
+	db     *database.DB
+	logger *logger.Logger
+}
+
+// NewSetupService creates a new setup service
+func NewSetupService(db *database.DB, log *logger.Logger) *SetupService {
+	return &SetupService{
+		db:     db,
+		logger: log,
+	}
+}
+
+// PoolDatasetInfo represents a pool with its datasets
+type PoolDatasetInfo struct {
+	PoolID    string              `json:"pool_id"`
+	PoolName  string              `json:"pool_name"`
+	Datasets  []DatasetInfo       `json:"datasets"`
+}
+
+// DatasetInfo represents a dataset that can be used for object storage
+type DatasetInfo struct {
+	ID         string `json:"id"`
+	Name       string `json:"name"`
+	FullName   string `json:"full_name"` // pool/dataset
+	MountPoint string `json:"mount_point"`
+	Type       string `json:"type"`
+	UsedBytes  int64  `json:"used_bytes"`
+	AvailableBytes int64 `json:"available_bytes"`
+}
+
+// GetAvailableDatasets returns all pools with their datasets that can be used for object storage
+func (s *SetupService) GetAvailableDatasets(ctx context.Context) ([]PoolDatasetInfo, error) {
+	// Get all pools
+	poolsQuery := `
+		SELECT id, name
+		FROM zfs_pools
+		WHERE is_active = true
+		ORDER BY name
+	`
+
+	rows, err := s.db.QueryContext(ctx, poolsQuery)
+	if err != nil {
+		return nil, fmt.Errorf("failed to query pools: %w", err)
+	}
+	defer rows.Close()
+
+	var pools []PoolDatasetInfo
+	for rows.Next() {
+		var pool PoolDatasetInfo
+		if err := rows.Scan(&pool.PoolID, &pool.PoolName); err != nil {
+			s.logger.Warn("Failed to scan pool", "error", err)
+			continue
+		}
+
+		// Get datasets for this pool
+		datasetsQuery := `
+			SELECT id, name, type, mount_point, used_bytes, available_bytes
+			FROM zfs_datasets
+			WHERE pool_name = $1 AND type = 'filesystem'
+			ORDER BY name
+		`
+
+		datasetRows, err := s.db.QueryContext(ctx, datasetsQuery, pool.PoolName)
+		if err != nil {
+			s.logger.Warn("Failed to query datasets", "pool", pool.PoolName, "error", err)
+			pool.Datasets = []DatasetInfo{}
+			pools = append(pools, pool)
+			continue
+		}
+
+		var datasets []DatasetInfo
+		for datasetRows.Next() {
+			var ds DatasetInfo
+			var mountPoint sql.NullString
+
+			if err := datasetRows.Scan(&ds.ID, &ds.Name, &ds.Type, &mountPoint, &ds.UsedBytes, &ds.AvailableBytes); err != nil {
+				s.logger.Warn("Failed to scan dataset", "error", err)
+				continue
+			}
+
+			ds.FullName = fmt.Sprintf("%s/%s", pool.PoolName, ds.Name)
+			if mountPoint.Valid {
+				ds.MountPoint = mountPoint.String
+			} else {
+				ds.MountPoint = ""
+			}
+
+			datasets = append(datasets, ds)
+		}
+		datasetRows.Close()
+
+		pool.Datasets = datasets
+		pools = append(pools, pool)
+	}
+
+	return pools, nil
+}
+
+// SetupRequest represents a request to setup object storage
+type SetupRequest struct {
+	PoolName    string `json:"pool_name" binding:"required"`
+	DatasetName string `json:"dataset_name" binding:"required"`
+	CreateNew   bool   `json:"create_new"` // If true, create new dataset instead of using existing
+}
+
+// SetupResponse represents the response after setup
+type SetupResponse struct {
+	DatasetPath string `json:"dataset_path"`
+	MountPoint  string `json:"mount_point"`
+	Message     string `json:"message"`
+}
+
+// SetupObjectStorage configures MinIO to use a specific ZFS dataset
+func (s *SetupService) SetupObjectStorage(ctx context.Context, req SetupRequest) (*SetupResponse, error) {
+	var datasetPath, mountPoint string
+
+	// Normalize dataset name - if it already contains pool name, use it as-is
+	var fullDatasetName string
+	if strings.HasPrefix(req.DatasetName, req.PoolName+"/") {
+		// Dataset name already includes pool name (e.g., "pool/dataset")
+		fullDatasetName = req.DatasetName
+	} else {
+		// Dataset name is just the name (e.g., "dataset"), combine with pool
+		fullDatasetName = fmt.Sprintf("%s/%s", req.PoolName, req.DatasetName)
+	}
+
+	if req.CreateNew {
+		// Create new dataset for object storage
+		
+		// Check if dataset already exists
+		checkCmd := exec.CommandContext(ctx, "sudo", "zfs", "list", "-H", "-o", "name", fullDatasetName)
+		if err := checkCmd.Run(); err == nil {
+			return nil, fmt.Errorf("dataset %s already exists", fullDatasetName)
+		}
+
+		// Create dataset
+		createCmd := exec.CommandContext(ctx, "sudo", "zfs", "create", fullDatasetName)
+		if output, err := createCmd.CombinedOutput(); err != nil {
+			return nil, fmt.Errorf("failed to create dataset: %s - %w", string(output), err)
+		}
+
+		// Get mount point
+		getMountCmd := exec.CommandContext(ctx, "sudo", "zfs", "get", "-H", "-o", "value", "mountpoint", fullDatasetName)
+		mountOutput, err := getMountCmd.Output()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get mount point: %w", err)
+		}
+		mountPoint = strings.TrimSpace(string(mountOutput))
+
+		datasetPath = fullDatasetName
+		s.logger.Info("Created new dataset for object storage", "dataset", fullDatasetName, "mount_point", mountPoint)
+	} else {
+		// Use existing dataset
+		// fullDatasetName already set above
+		
+		// Verify dataset exists
+		checkCmd := exec.CommandContext(ctx, "sudo", "zfs", "list", "-H", "-o", "name", fullDatasetName)
+		if err := checkCmd.Run(); err != nil {
+			return nil, fmt.Errorf("dataset %s does not exist", fullDatasetName)
+		}
+
+		// Get mount point
+		getMountCmd := exec.CommandContext(ctx, "sudo", "zfs", "get", "-H", "-o", "value", "mountpoint", fullDatasetName)
+		mountOutput, err := getMountCmd.Output()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get mount point: %w", err)
+		}
+		mountPoint = strings.TrimSpace(string(mountOutput))
+
+		datasetPath = fullDatasetName
+		s.logger.Info("Using existing dataset for object storage", "dataset", fullDatasetName, "mount_point", mountPoint)
+	}
+
+	// Ensure mount point directory exists
+	if mountPoint != "none" && mountPoint != "" {
+		if err := os.MkdirAll(mountPoint, 0755); err != nil {
+			return nil, fmt.Errorf("failed to create mount point directory: %w", err)
+		}
+	} else {
+		// If no mount point, use default path
+		mountPoint = filepath.Join("/opt/calypso/data/pool", req.PoolName, req.DatasetName)
+		if err := os.MkdirAll(mountPoint, 0755); err != nil {
+			return nil, fmt.Errorf("failed to create default directory: %w", err)
+		}
+	}
+
+	// Update MinIO configuration to use the selected dataset
+	if err := s.updateMinIOConfig(ctx, mountPoint); err != nil {
+		s.logger.Warn("Failed to update MinIO configuration", "error", err)
+		// Continue anyway, configuration is saved to database
+	}
+
+	// Save configuration to database
+	_, err := s.db.ExecContext(ctx, `
+		INSERT INTO object_storage_config (dataset_path, mount_point, pool_name, dataset_name, created_at, updated_at)
+		VALUES ($1, $2, $3, $4, NOW(), NOW())
+		ON CONFLICT (id) DO UPDATE
+		SET dataset_path = $1, mount_point = $2, pool_name = $3, dataset_name = $4, updated_at = NOW()
+	`, datasetPath, mountPoint, req.PoolName, req.DatasetName)
+
+	if err != nil {
+		// If table doesn't exist, just log warning
+		s.logger.Warn("Failed to save configuration to database (table may not exist)", "error", err)
+	}
+
+	return &SetupResponse{
+		DatasetPath: datasetPath,
+		MountPoint:  mountPoint,
+		Message:     fmt.Sprintf("Object storage configured to use dataset %s at %s. MinIO service needs to be restarted to use the new dataset.", datasetPath, mountPoint),
+	}, nil
+}
+
+// GetCurrentSetup returns the current object storage configuration
+func (s *SetupService) GetCurrentSetup(ctx context.Context) (*SetupResponse, error) {
+	// Check if table exists first
+	var tableExists bool
+	checkQuery := `
+		SELECT EXISTS (
+			SELECT FROM information_schema.tables 
+			WHERE table_schema = 'public' 
+			AND table_name = 'object_storage_config'
+		)
+	`
+	err := s.db.QueryRowContext(ctx, checkQuery).Scan(&tableExists)
+	if err != nil {
+		s.logger.Warn("Failed to check if object_storage_config table exists", "error", err)
+		return nil, nil // Return nil if can't check
+	}
+
+	if !tableExists {
+		s.logger.Debug("object_storage_config table does not exist")
+		return nil, nil // No table, no configuration
+	}
+
+	query := `
+		SELECT dataset_path, mount_point, pool_name, dataset_name
+		FROM object_storage_config
+		ORDER BY updated_at DESC
+		LIMIT 1
+	`
+
+	var resp SetupResponse
+	var poolName, datasetName string
+	err = s.db.QueryRowContext(ctx, query).Scan(&resp.DatasetPath, &resp.MountPoint, &poolName, &datasetName)
+	if err == sql.ErrNoRows {
+		s.logger.Debug("No configuration found in database")
+		return nil, nil // No configuration found
+	}
+	if err != nil {
+		// Check if error is due to table not existing or permission denied
+		errStr := err.Error()
+		if strings.Contains(errStr, "does not exist") || strings.Contains(errStr, "permission denied") {
+			s.logger.Debug("Table does not exist or permission denied, returning nil", "error", errStr)
+			return nil, nil // Return nil instead of error
+		}
+		s.logger.Error("Failed to scan current setup", "error", err)
+		return nil, fmt.Errorf("failed to get current setup: %w", err)
+	}
+
+	s.logger.Debug("Found current setup", "dataset_path", resp.DatasetPath, "mount_point", resp.MountPoint, "pool", poolName, "dataset", datasetName)
+	// Use dataset_path directly since it already contains the full path
+	resp.Message = fmt.Sprintf("Using dataset %s at %s", resp.DatasetPath, resp.MountPoint)
+	return &resp, nil
+}
+
+// UpdateObjectStorage updates the object storage configuration to use a different dataset
+// This will update the configuration but won't migrate existing data
+func (s *SetupService) UpdateObjectStorage(ctx context.Context, req SetupRequest) (*SetupResponse, error) {
+	// First check if there's existing configuration
+	currentSetup, err := s.GetCurrentSetup(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to check current setup: %w", err)
+	}
+
+	if currentSetup == nil {
+		// No existing setup, just do normal setup
+		return s.SetupObjectStorage(ctx, req)
+	}
+
+	// There's existing setup, proceed with update
+	var datasetPath, mountPoint string
+
+	// Normalize dataset name - if it already contains pool name, use it as-is
+	var fullDatasetName string
+	if strings.HasPrefix(req.DatasetName, req.PoolName+"/") {
+		// Dataset name already includes pool name (e.g., "pool/dataset")
+		fullDatasetName = req.DatasetName
+	} else {
+		// Dataset name is just the name (e.g., "dataset"), combine with pool
+		fullDatasetName = fmt.Sprintf("%s/%s", req.PoolName, req.DatasetName)
+	}
+
+	if req.CreateNew {
+		// Create new dataset for object storage
+		
+		// Check if dataset already exists
+		checkCmd := exec.CommandContext(ctx, "sudo", "zfs", "list", "-H", "-o", "name", fullDatasetName)
+		if err := checkCmd.Run(); err == nil {
+			return nil, fmt.Errorf("dataset %s already exists", fullDatasetName)
+		}
+
+		// Create dataset
+		createCmd := exec.CommandContext(ctx, "sudo", "zfs", "create", fullDatasetName)
+		if output, err := createCmd.CombinedOutput(); err != nil {
+			return nil, fmt.Errorf("failed to create dataset: %s - %w", string(output), err)
+		}
+
+		// Get mount point
+		getMountCmd := exec.CommandContext(ctx, "sudo", "zfs", "get", "-H", "-o", "value", "mountpoint", fullDatasetName)
+		mountOutput, err := getMountCmd.Output()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get mount point: %w", err)
+		}
+		mountPoint = strings.TrimSpace(string(mountOutput))
+
+		datasetPath = fullDatasetName
+		s.logger.Info("Created new dataset for object storage update", "dataset", fullDatasetName, "mount_point", mountPoint)
+	} else {
+		// Use existing dataset
+		// fullDatasetName already set above
+		
+		// Verify dataset exists
+		checkCmd := exec.CommandContext(ctx, "sudo", "zfs", "list", "-H", "-o", "name", fullDatasetName)
+		if err := checkCmd.Run(); err != nil {
+			return nil, fmt.Errorf("dataset %s does not exist", fullDatasetName)
+		}
+
+		// Get mount point
+		getMountCmd := exec.CommandContext(ctx, "sudo", "zfs", "get", "-H", "-o", "value", "mountpoint", fullDatasetName)
+		mountOutput, err := getMountCmd.Output()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get mount point: %w", err)
+		}
+		mountPoint = strings.TrimSpace(string(mountOutput))
+
+		datasetPath = fullDatasetName
+		s.logger.Info("Using existing dataset for object storage update", "dataset", fullDatasetName, "mount_point", mountPoint)
+	}
+
+	// Ensure mount point directory exists
+	if mountPoint != "none" && mountPoint != "" {
+		if err := os.MkdirAll(mountPoint, 0755); err != nil {
+			return nil, fmt.Errorf("failed to create mount point directory: %w", err)
+		}
+	} else {
+		// If no mount point, use default path
+		mountPoint = filepath.Join("/opt/calypso/data/pool", req.PoolName, req.DatasetName)
+		if err := os.MkdirAll(mountPoint, 0755); err != nil {
+			return nil, fmt.Errorf("failed to create default directory: %w", err)
+		}
+	}
+
+	// Update configuration in database
+	_, err = s.db.ExecContext(ctx, `
+		UPDATE object_storage_config
+		SET dataset_path = $1, mount_point = $2, pool_name = $3, dataset_name = $4, updated_at = NOW()
+		WHERE id = (SELECT id FROM object_storage_config ORDER BY updated_at DESC LIMIT 1)
+	`, datasetPath, mountPoint, req.PoolName, req.DatasetName)
+
+	if err != nil {
+		// If update fails, try insert
+		_, err = s.db.ExecContext(ctx, `
+			INSERT INTO object_storage_config (dataset_path, mount_point, pool_name, dataset_name, created_at, updated_at)
+			VALUES ($1, $2, $3, $4, NOW(), NOW())
+			ON CONFLICT (dataset_path) DO UPDATE
+			SET mount_point = $2, pool_name = $3, dataset_name = $4, updated_at = NOW()
+		`, datasetPath, mountPoint, req.PoolName, req.DatasetName)
+		if err != nil {
+			s.logger.Warn("Failed to update configuration in database", "error", err)
+		}
+	}
+
+	// Update MinIO configuration to use the selected dataset
+	if err := s.updateMinIOConfig(ctx, mountPoint); err != nil {
+		s.logger.Warn("Failed to update MinIO configuration", "error", err)
+		// Continue anyway, configuration is saved to database
+	} else {
+		// Restart MinIO service to apply new configuration
+		if err := s.restartMinIOService(ctx); err != nil {
+			s.logger.Warn("Failed to restart MinIO service", "error", err)
+			// Continue anyway, user can restart manually
+		}
+	}
+
+	return &SetupResponse{
+		DatasetPath: datasetPath,
+		MountPoint:  mountPoint,
+		Message:     fmt.Sprintf("Object storage updated to use dataset %s at %s. Note: Existing data in previous dataset (%s) is not migrated automatically. MinIO service has been restarted.", datasetPath, mountPoint, currentSetup.DatasetPath),
+	}, nil
+}
+
+// updateMinIOConfig updates MinIO configuration file to use dataset mount point directly
+// Note: MinIO erasure coding requires direct directory paths, not symlinks
+func (s *SetupService) updateMinIOConfig(ctx context.Context, datasetMountPoint string) error {
+	configFile := "/opt/calypso/conf/minio/minio.conf"
+
+	// Ensure dataset mount point directory exists and has correct ownership
+	if err := os.MkdirAll(datasetMountPoint, 0755); err != nil {
+		return fmt.Errorf("failed to create dataset mount point directory: %w", err)
+	}
+
+	// Set ownership to minio-user so MinIO can write to it
+	if err := exec.CommandContext(ctx, "sudo", "chown", "-R", "minio-user:minio-user", datasetMountPoint).Run(); err != nil {
+		s.logger.Warn("Failed to set ownership on dataset mount point", "path", datasetMountPoint, "error", err)
+		// Continue anyway, might already have correct ownership
+	}
+
+	// Set permissions
+	if err := exec.CommandContext(ctx, "sudo", "chmod", "755", datasetMountPoint).Run(); err != nil {
+		s.logger.Warn("Failed to set permissions on dataset mount point", "path", datasetMountPoint, "error", err)
+	}
+
+	s.logger.Info("Prepared dataset mount point for MinIO", "path", datasetMountPoint)
+
+	// Read current config file
+	configContent, err := os.ReadFile(configFile)
+	if err != nil {
+		// If file doesn't exist, create it
+		if os.IsNotExist(err) {
+			configContent = []byte(fmt.Sprintf("MINIO_ROOT_USER=admin\nMINIO_ROOT_PASSWORD=HqBX1IINqFynkWFa\nMINIO_VOLUMES=%s\n", datasetMountPoint))
+		} else {
+			return fmt.Errorf("failed to read MinIO config file: %w", err)
+		}
+	} else {
+		// Update MINIO_VOLUMES in config
+		lines := strings.Split(string(configContent), "\n")
+		updated := false
+		for i, line := range lines {
+			if strings.HasPrefix(strings.TrimSpace(line), "MINIO_VOLUMES=") {
+				lines[i] = fmt.Sprintf("MINIO_VOLUMES=%s", datasetMountPoint)
+				updated = true
+				break
+			}
+		}
+		if !updated {
+			// Add MINIO_VOLUMES if not found
+			lines = append(lines, fmt.Sprintf("MINIO_VOLUMES=%s", datasetMountPoint))
+		}
+		configContent = []byte(strings.Join(lines, "\n"))
+	}
+
+	// Write updated config using sudo
+	// Write temp file to a location we can write to
+	userTempFile := fmt.Sprintf("/tmp/minio.conf.%d.tmp", os.Getpid())
+	if err := os.WriteFile(userTempFile, configContent, 0644); err != nil {
+		return fmt.Errorf("failed to write temp config file: %w", err)
+	}
+	defer os.Remove(userTempFile) // Cleanup
+
+	// Copy temp file to config location with sudo
+	if err := exec.CommandContext(ctx, "sudo", "cp", userTempFile, configFile).Run(); err != nil {
+		return fmt.Errorf("failed to update config file: %w", err)
+	}
+
+	// Set proper ownership and permissions
+	if err := exec.CommandContext(ctx, "sudo", "chown", "minio-user:minio-user", configFile).Run(); err != nil {
+		s.logger.Warn("Failed to set config file ownership", "error", err)
+	}
+	if err := exec.CommandContext(ctx, "sudo", "chmod", "644", configFile).Run(); err != nil {
+		s.logger.Warn("Failed to set config file permissions", "error", err)
+	}
+
+	s.logger.Info("Updated MinIO configuration", "config_file", configFile, "volumes", datasetMountPoint)
+
+	return nil
+}
+
+// restartMinIOService restarts the MinIO service to apply new configuration
+func (s *SetupService) restartMinIOService(ctx context.Context) error {
+	// Restart MinIO service using sudo
+	cmd := exec.CommandContext(ctx, "sudo", "systemctl", "restart", "minio.service")
+	if err := cmd.Run(); err != nil {
+		return fmt.Errorf("failed to restart MinIO service: %w", err)
+	}
+
+	// Wait a moment for service to start
+	time.Sleep(2 * time.Second)
+
+	// Verify service is running
+	checkCmd := exec.CommandContext(ctx, "sudo", "systemctl", "is-active", "minio.service")
+	output, err := checkCmd.Output()
+	if err != nil {
+		return fmt.Errorf("failed to check MinIO service status: %w", err)
+	}
+
+	status := strings.TrimSpace(string(output))
+	if status != "active" {
+		return fmt.Errorf("MinIO service is not active after restart, status: %s", status)
+	}
+
+	s.logger.Info("MinIO service restarted successfully")
+	return nil
+}

backend/internal/storage/zfs.go

@@ -730,10 +730,36 @@ func (s *ZFSService) CreateDataset(ctx context.Context, poolName string, req Cre
 	// Construct full dataset name
 	fullName := poolName + "/" + req.Name
 
-	// For filesystem datasets, create mount directory if mount point is provided
-	if req.Type == "filesystem" && req.MountPoint != "" {
-		// Clean and validate mount point path
-		mountPath := filepath.Clean(req.MountPoint)
+	// Get pool mount point to validate dataset mount point is within pool directory
+	poolMountPoint := fmt.Sprintf("/opt/calypso/data/pool/%s", poolName)
+	var mountPath string
+	
+	// For filesystem datasets, validate and set mount point
+	if req.Type == "filesystem" {
+		if req.MountPoint != "" {
+			// User provided mount point - validate it's within pool directory
+			mountPath = filepath.Clean(req.MountPoint)
+			
+			// Check if mount point is within pool mount point directory
+			poolMountAbs, err := filepath.Abs(poolMountPoint)
+			if err != nil {
+				return nil, fmt.Errorf("failed to resolve pool mount point: %w", err)
+			}
+			
+			mountPathAbs, err := filepath.Abs(mountPath)
+			if err != nil {
+				return nil, fmt.Errorf("failed to resolve mount point: %w", err)
+			}
+			
+			// Check if mount path is within pool mount point directory
+			relPath, err := filepath.Rel(poolMountAbs, mountPathAbs)
+			if err != nil || strings.HasPrefix(relPath, "..") {
+				return nil, fmt.Errorf("mount point must be within pool directory: %s (pool mount: %s)", mountPath, poolMountPoint)
+			}
+		} else {
+			// No mount point provided - use default: /opt/calypso/data/pool/<pool-name>/<dataset-name>/
+			mountPath = filepath.Join(poolMountPoint, req.Name)
+		}
 
 		// Check if directory already exists
 		if info, err := os.Stat(mountPath); err == nil {
@@ -782,9 +808,9 @@ func (s *ZFSService) CreateDataset(ctx context.Context, poolName string, req Cre
 		args = append(args, "-o", fmt.Sprintf("compression=%s", req.Compression))
 	}
 
-	// Set mount point if provided (only for filesystems, not volumes)
-	if req.Type == "filesystem" && req.MountPoint != "" {
-		args = append(args, "-o", fmt.Sprintf("mountpoint=%s", req.MountPoint))
+	// Set mount point for filesystems (always set, either user-provided or default)
+	if req.Type == "filesystem" {
+		args = append(args, "-o", fmt.Sprintf("mountpoint=%s", mountPath))
 	}
 
 	// Execute zfs create

backend/internal/system/handler.go

@@ -133,6 +133,18 @@ func (h *Handler) ListNetworkInterfaces(c *gin.Context) {
 	c.JSON(http.StatusOK, gin.H{"interfaces": interfaces})
 }
 
+// GetManagementIPAddress returns the management IP address
+func (h *Handler) GetManagementIPAddress(c *gin.Context) {
+	ip, err := h.service.GetManagementIPAddress(c.Request.Context())
+	if err != nil {
+		h.logger.Error("Failed to get management IP address", "error", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "failed to get management IP address"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"ip_address": ip})
+}
+
 // SaveNTPSettings saves NTP configuration to the OS
 func (h *Handler) SaveNTPSettings(c *gin.Context) {
 	var settings NTPSettings

backend/internal/system/service.go

@@ -648,6 +648,40 @@ func (s *Service) ListNetworkInterfaces(ctx context.Context) ([]NetworkInterface
 	return interfaces, nil
 }
 
+// GetManagementIPAddress returns the IP address of the management interface
+func (s *Service) GetManagementIPAddress(ctx context.Context) (string, error) {
+	interfaces, err := s.ListNetworkInterfaces(ctx)
+	if err != nil {
+		return "", fmt.Errorf("failed to list network interfaces: %w", err)
+	}
+
+	// First, try to find interface with Role "Management"
+	for _, iface := range interfaces {
+		if iface.Role == "Management" && iface.IPAddress != "" && iface.Status == "Connected" {
+			s.logger.Info("Found management interface", "interface", iface.Name, "ip", iface.IPAddress)
+			return iface.IPAddress, nil
+		}
+	}
+
+	// Fallback: use interface with default route (primary interface)
+	for _, iface := range interfaces {
+		if iface.Gateway != "" && iface.IPAddress != "" && iface.Status == "Connected" {
+			s.logger.Info("Using primary interface as management", "interface", iface.Name, "ip", iface.IPAddress)
+			return iface.IPAddress, nil
+		}
+	}
+
+	// Final fallback: use first connected interface with IP
+	for _, iface := range interfaces {
+		if iface.IPAddress != "" && iface.Status == "Connected" && iface.Name != "lo" {
+			s.logger.Info("Using first connected interface as management", "interface", iface.Name, "ip", iface.IPAddress)
+			return iface.IPAddress, nil
+		}
+	}
+
+	return "", fmt.Errorf("no management interface found")
+}
+
 // UpdateNetworkInterfaceRequest represents the request to update a network interface
 type UpdateNetworkInterfaceRequest struct {
 	IPAddress string `json:"ip_address"`