r/ouranos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor user management in Ansible playbooks to standardize on keeper_user

Browse Source 
- Updated user addition tasks across multiple playbooks (mcp_switchboard, mcpo, neo4j, neo4j_mcp, openwebui, postgresql, rabbitmq, searxng, smtp4dev) to replace references to ansible_user and remote_user with keeper_user.
- Modified PostgreSQL deployment to create directories and manage files under keeper_user's home.
- Enhanced documentation to clarify account taxonomy and usage of keeper_user in playbooks.
- Introduced new deployment for Agent S, including environment setup, desktop environment installation, XRDP configuration, and accessibility support.
- Added staging playbook for preparing release tarballs from local repositories.
- Created templates for XRDP configuration and environment activation scripts.
- Removed obsolete sunwait documentation.
This commit is contained in:
Robert
2026-03-05 10:37:41 +00:00
parent b4d60f2f38
commit 042df52bca
35 changed files with 610 additions and 298 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
ansible/caliban/agent_s_env.j2 → ansible/agent_s/agent_s_env.j2
View File

320
ansible/caliban/deploy.yml → ansible/agent_s/deploy.yml
View File

@@ -3,12 +3,24 @@
hosts: agent_s
become: yes
vars:
system_user: "{{ ansible_user }}"
agent_s_venv: "/home/{{ system_user }}/env/agents"
agent_s_repo: "/home/{{ system_user }}/gh/Agent-S"
agent_s_venv: "/home/{{principal_user}}/env/agents"
agent_s_repo: "/home/{{principal_user}}/gh/Agent-S"
chrome_deb_url: "https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb"
build_dir: "/usr/local/src/pulseaudio-module-xrdp"
tasks:
# -------------------------------------------------------------------------
# Principal user - AI agent operates on behalf of this human user
# Must exist before any become_user tasks can run
# -------------------------------------------------------------------------
- name: Create principal_user account
user:
name: "{{principal_user}}"
uid: 1000
shell: /bin/bash
create_home: true
state: present
# Disable snap - doesn't work in containers with AppArmor disabled
- name: Prevent snapd from being installed
copy:
@@ -68,6 +80,30 @@
- ubuntu-mate-desktop
state: present
# -------------------------------------------------------------------------
# XRDP - Remote Desktop Protocol server
# -------------------------------------------------------------------------
- name: Install XRDP and xorgxrdp
apt:
name:
- xrdp
- xorgxrdp
state: present
- name: Add xrdp user to ssl-cert group
user:
name: xrdp
groups: ssl-cert
append: yes
- name: Enable and start XRDP service
systemd:
name: xrdp
enabled: yes
state: started
daemon_reload: yes
# AT-SPI Accessibility Stack
- name: Install AT-SPI accessibility infrastructure
apt:
@@ -88,31 +124,116 @@
export ACCESSIBILITY_ENABLED=1
mode: '0644'
- name: Configure GPU environment for direct rendering
copy:
dest: /etc/profile.d/gpu.sh
content: |
# Force GPU rendering via AMD render node
export DRI_PRIME=1
export LIBVA_DRIVER_NAME=radeonsi
export MESA_LOADER_DRIVER_OVERRIDE=radeonsi
# Chrome/Chromium GPU flags
export CHROMIUM_FLAGS="--enable-gpu-rasterization --enable-zero-copy --use-gl=egl"
mode: '0644'
# -------------------------------------------------------------------------
# Sound Support - PulseAudio + module-xrdp for RDP audio redirection
# -------------------------------------------------------------------------
# Sound Support
- name: Install sound support packages
- name: Install sound support and build dependencies
apt:
name:
- git
- pulseaudio
- libpulse-dev
- autoconf
- m4
- intltool
- build-essential
- dpkg-dev
- meson
- ninja-build
state: present
- name: Enable deb-src repositories for PulseAudio source
shell: |
sed -i '/^Types: deb$/s/$/ deb-src/' /etc/apt/sources.list.d/ubuntu.sources 2>/dev/null || \
find /etc/apt/sources.list.d/ -name '*.sources' -exec sed -i '/^Types: deb$/s/$/ deb-src/' {} \;
args:
creates: /usr/local/src/.deb_src_enabled
register: deb_src_result
- name: Mark deb-src as enabled
file:
path: /usr/local/src/.deb_src_enabled
state: touch
mode: '0644'
when: deb_src_result.changed
- name: Update apt cache after enabling deb-src
apt:
update_cache: yes
when: deb_src_result.changed
- name: Install PulseAudio build dependencies
apt:
name: pulseaudio
state: build-dep
when: deb_src_result.changed
- name: Create build directory
file:
path: /usr/local/src
state: directory
mode: '0755'
- name: Download PulseAudio source
shell: |
cd /usr/local/src && apt-get source pulseaudio
args:
creates: /usr/local/src/.pulseaudio_source_downloaded
- name: Find PulseAudio source directory
shell: ls -d /usr/local/src/pulseaudio-[0-9]*/
register: pulse_src_dir
changed_when: false
- name: Mark PulseAudio source as downloaded
file:
path: /usr/local/src/.pulseaudio_source_downloaded
state: touch
mode: '0644'
- name: Generate PulseAudio config.h with meson
shell: meson setup build
args:
chdir: "{{ pulse_src_dir.stdout | trim }}"
creates: "{{ pulse_src_dir.stdout | trim }}/build/config.h"
- name: Create build directory for pulseaudio-module-xrdp
file:
path: "{{ build_dir }}"
state: directory
mode: '0755'
- name: Transfer and extract pulseaudio-module-xrdp source
ansible.builtin.unarchive:
src: "~/rel/pulseaudio_module_xrdp_{{pulseaudio_module_xrdp_rel}}.tar"
dest: "{{ build_dir }}"
- name: Check if module-xrdp-sink is already installed
shell: find /usr/lib/pulse-*/modules/ -name 'module-xrdp-sink.so' 2>/dev/null | head -1
register: xrdp_sink_check
changed_when: false
failed_when: false
- name: Bootstrap pulseaudio-module-xrdp
shell: ./bootstrap
args:
chdir: "{{ build_dir }}"
when: xrdp_sink_check.stdout == ""
- name: Configure pulseaudio-module-xrdp
shell: "./configure PULSE_DIR={{ pulse_src_dir.stdout | trim }}"
args:
chdir: "{{ build_dir }}"
when: xrdp_sink_check.stdout == ""
- name: Build and install pulseaudio-module-xrdp
shell: make && make install
args:
chdir: "{{ build_dir }}"
when: xrdp_sink_check.stdout == ""
notify: restart xrdp
# Mouse, Assistive Technology, and Python
- name: Install assistive technology and Python packages
apt:
@@ -133,100 +254,11 @@
- tesseract-ocr
state: present
# GPU Drivers - AMD Mesa (radeonsi/RADV)
- name: Install AMD GPU drivers and utilities
apt:
name:
- mesa-utils
- mesa-utils-extra
- mesa-vulkan-drivers
- vulkan-tools
- libgl1-mesa-dri
- libglx-mesa0
- libglu1-mesa
- libdrm2
- libdrm-amdgpu1
- libegl1
- libegl-mesa0
- libgbm1
- vainfo
- mesa-va-drivers
state: present
# VirtualGL for GPU-accelerated remote rendering
- name: Check if VirtualGL is installed
command: dpkg -s virtualgl
register: virtualgl_check
failed_when: false
changed_when: false
- name: Download VirtualGL
get_url:
url: https://github.com/VirtualGL/virtualgl/releases/download/3.1.2/virtualgl_3.1.2_amd64.deb
dest: /tmp/virtualgl.deb
mode: '0644'
when: virtualgl_check.rc != 0
- name: Install VirtualGL
apt:
deb: /tmp/virtualgl.deb
state: present
when: virtualgl_check.rc != 0
# GPU Permissions - Add user to video and render groups for DRI access
- name: Add user to video group for GPU access
user:
name: "{{ system_user }}"
groups: video
append: yes
- name: Add user to render group for GPU render node access
user:
name: "{{ system_user }}"
groups: render
append: yes
- name: Create udev rules for GPU device permissions
copy:
dest: /etc/udev/rules.d/99-gpu-permissions.rules
content: |
# Allow video group access to DRI devices
SUBSYSTEM=="drm", KERNEL=="card*", MODE="0666"
SUBSYSTEM=="drm", KERNEL=="renderD*", MODE="0666"
mode: '0644'
notify: Reload udev
# Fix GPU permissions on container start (LXC passthrough doesn't honor udev)
- name: Create systemd service to fix GPU permissions on boot
copy:
dest: /etc/systemd/system/fix-gpu-permissions.service
content: |
[Unit]
Description=Fix GPU device permissions for LXC passthrough
After=local-fs.target
[Service]
Type=oneshot
ExecStart=/bin/chmod 666 /dev/dri/card2 /dev/dri/renderD129
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
mode: '0644'
notify: Reload systemd
- name: Enable GPU permissions fix service
systemd:
name: fix-gpu-permissions
enabled: yes
state: started
daemon_reload: yes
# Create dl directory
- name: Create download directory
become: no
become_user: "{{principal_user}}"
file:
path: "/home/{{ system_user }}/dl"
path: "/home/{{principal_user}}/dl"
state: directory
mode: '0755'
@@ -247,53 +279,22 @@
path: /tmp/google-chrome-stable_current_amd64.deb
state: absent
# Chrome GPU Configuration - Use ANGLE+Vulkan to bypass broken GLX in XRDP
- name: Create Chrome policies directory
file:
path: /etc/opt/chrome/policies/managed
state: directory
mode: '0755'
- name: Configure Chrome GPU policy
copy:
dest: /etc/opt/chrome/policies/managed/gpu-policy.json
content: |
{
"HardwareAccelerationModeEnabled": true
}
mode: '0644'
- name: Create Chrome Vulkan launcher
copy:
dest: /usr/share/applications/google-chrome-vulkan.desktop
content: |
[Desktop Entry]
Version=1.0
Name=Google Chrome (Vulkan)
GenericName=Web Browser
Exec=/usr/bin/google-chrome-stable --ignore-gpu-blocklist --use-gl=angle --use-angle=vulkan --enable-features=Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,CanvasOopRasterization --enable-gpu-rasterization --canvas-oop-rasterization %U
Terminal=false
Icon=google-chrome
Type=Application
Categories=Network;WebBrowser;
mode: '0644'
# Python Virtual Environment Setup
- name: Create virtual environment directory
become: no
become_user: "{{principal_user}}"
file:
path: "/home/{{ system_user }}/env"
path: "/home/{{principal_user}}/env"
state: directory
mode: '0755'
- name: Create Python virtual environment with system site packages
become: no
become_user: "{{principal_user}}"
command: python3 -m venv --system-site-packages {{ agent_s_venv }}
args:
creates: "{{ agent_s_venv }}/bin/activate"
- name: Install Python packages in virtual environment
become: no
become_user: "{{principal_user}}"
pip:
name:
- lxml
@@ -304,25 +305,23 @@
# Clone Agent-S Repository
- name: Create gh directory
become: no
become_user: "{{principal_user}}"
file:
path: "/home/{{ system_user }}/gh"
path: "/home/{{principal_user}}/gh/Agent-S"
state: directory
mode: '0755'
- name: Clone Agent-S repository
become: no
git:
repo: https://github.com/simular-ai/Agent-S.git
- name: Transfer and extract Agent-S
become_user: "{{principal_user}}"
ansible.builtin.unarchive:
src: "~/rel/agent_s_{{agent_s_rel}}.tar"
dest: "{{ agent_s_repo }}"
version: main
update: yes
- name: Create environment activation script
become: no
become_user: "{{principal_user}}"
template:
src: agent_s_env.j2
dest: "/home/{{ system_user }}/.agent_s_env"
dest: "/home/{{principal_user}}/.agent_s_env"
mode: '0644'
- name: Create XRDP Xorg config directory
@@ -331,11 +330,19 @@
state: directory
mode: '0755'
- name: Deploy XRDP Xorg configuration for 1024x1024 resolution
- name: Configure MATE as XRDP session for principal_user
become_user: "{{principal_user}}"
copy:
dest: "/home/{{principal_user}}/.xsession"
content: "exec mate-session\n"
mode: '0755'
- name: Deploy XRDP Xorg configuration for 1024x768 resolution
template:
src: xorg.conf.j2
dest: /etc/X11/xrdp/xorg.conf
mode: '0644'
notify: restart xrdp
handlers:
- name: Reload systemd
@@ -344,4 +351,9 @@
- name: Reload udev
shell: udevadm control --reload-rules && udevadm trigger
become: yes
become: yes
- name: restart xrdp
systemd:
name: xrdp
state: restarted

48
ansible/agent_s/stage.yml Normal file
View File

@@ -0,0 +1,48 @@
---
- name: Stage Agent S and dependencies
hosts: localhost
gather_facts: false
vars:
agent_s_archive: "{{rel_dir}}/agent_s_{{agent_s_rel}}.tar"
agent_s_repo_dir: "{{github_repo_dir}}/Agent-S"
pulse_xrdp_archive: "{{rel_dir}}/pulseaudio_module_xrdp_{{pulseaudio_module_xrdp_rel}}.tar"
pulse_xrdp_repo_dir: "{{github_repo_dir}}/pulseaudio-module-xrdp"
tasks:
- name: Ensure release directory exists
file:
path: "{{rel_dir}}"
state: directory
mode: '755'
# Agent-S
- name: Fetch all remote branches and tags (Agent-S)
ansible.builtin.command: git fetch --all
args:
chdir: "{{agent_s_repo_dir}}"
- name: Pull latest changes (Agent-S)
ansible.builtin.command: git pull
args:
chdir: "{{agent_s_repo_dir}}"
- name: Create Agent-S archive for specified release
ansible.builtin.command: git archive -o "{{agent_s_archive}}" "{{agent_s_rel}}"
args:
chdir: "{{agent_s_repo_dir}}"
# pulseaudio-module-xrdp
- name: Fetch all remote branches and tags (pulseaudio-module-xrdp)
ansible.builtin.command: git fetch --all
args:
chdir: "{{pulse_xrdp_repo_dir}}"
- name: Pull latest changes (pulseaudio-module-xrdp)
ansible.builtin.command: git pull
args:
chdir: "{{pulse_xrdp_repo_dir}}"
- name: Create pulseaudio-module-xrdp archive for specified release
ansible.builtin.command: git archive -o "{{pulse_xrdp_archive}}" "{{pulseaudio_module_xrdp_rel}}"
args:
chdir: "{{pulse_xrdp_repo_dir}}"

4
ansible/caliban/xorg.conf.j2 → ansible/agent_s/xorg.conf.j2
View File

@@ -24,6 +24,7 @@ Section "Module"
Load "int10"
Load "record"
Load "vbe"
Load "glamoregl"
Load "xorgxrdp"
Load "fb"
EndSection
@@ -53,9 +54,6 @@ EndSection
Section "Device"
Identifier "Video Card (xrdpdev)"
Driver "xrdpdev"
Option "DRMDevice" "/dev/dri/renderD129"
Option "DRI3" "1"
Option "DRMAllowList" "amdgpu"
EndSection
Section "Screen"

2
ansible/ansible.cfg
View File

@@ -2,5 +2,5 @@
inventory = inventory
stdout_callback = ansible.builtin.default
result_format = yaml
remote_user = robert
remote_user = ponos
vault_password_file = .vault_pass

4
ansible/anythingllm/deploy.yml
View File

@@ -62,9 +62,9 @@
system: true
shell: /bin/bash
- name: Add remote_user to anythingllm group
- name: Add keeper_user to anythingllm group
ansible.builtin.user:
name: "{{ remote_user }}"
name: "{{ keeper_user }}"
groups: "{{ anythingllm_group }}"
append: true

4
ansible/argos/deploy.yml
View File

@@ -32,10 +32,10 @@
system: true
create_home: false
- name: Add ansible user to argos group
- name: Add keeper_user to argos group
become: true
ansible.builtin.user:
name: "{{ansible_user}}"
name: "{{keeper_user}}"
groups: "{{argos_group}}"
append: true

4
ansible/arke/deploy.yml
View File

@@ -21,10 +21,10 @@
system: true
create_home: false
- name: Add remote_user to arke group
- name: Add keeper_user to arke group
become: true
ansible.builtin.user:
name: "{{remote_user}}"
name: "{{keeper_user}}"
groups: "{{arke_group}}"
append: true

4
ansible/casdoor/deploy.yml
View File

@@ -45,10 +45,10 @@
create_home: false
shell: /usr/sbin/nologin
- name: Add ansible_user to casdoor group
- name: Add keeper_user to casdoor group
become: true
ansible.builtin.user:
name: "{{ ansible_user }}"
name: "{{ keeper_user }}"
groups: "{{ casdoor_group }}"
append: true

4
ansible/casdoor/remove.yml
View File

@@ -54,10 +54,10 @@
# Remove User and Group
# -------------------------------------------------------------------------
- name: Remove ponos from casdoor group
- name: Remove keeper_user from casdoor group
become: true
ansible.builtin.command:
cmd: gpasswd -d ponos {{ casdoor_group }}
cmd: gpasswd -d {{ keeper_user }} {{ casdoor_group }}
register: gpasswd_result
changed_when: gpasswd_result.rc == 0
failed_when: false

4
ansible/certbot/deploy.yml
View File

@@ -53,10 +53,10 @@
home: "{{ certbot_directory }}"
create_home: false
- name: Add ansible user to certbot group
- name: Add keeper_user to certbot group
become: true
ansible.builtin.user:
name: "{{ ansible_user }}"
name: "{{ keeper_user }}"
groups: "{{ certbot_group }}"
append: true

4
ansible/docker/deploy.yml
View File

@@ -33,9 +33,9 @@
enabled: true
state: started
- name: Add ansible_user to docker group
- name: Add keeper_user to docker group
ansible.builtin.user:
name: "{{ansible_user}}"
name: "{{keeper_user}}"
groups: docker
append: true

4
ansible/gitea_mcp/deploy.yml
View File

@@ -24,9 +24,9 @@
group: "{{gitea_mcp_group}}"
system: true
- name: Add group gitea_mcp to Ansible remote_user
- name: Add group gitea_mcp to keeper_user
ansible.builtin.user:
name: "{{remote_user}}"
name: "{{keeper_user}}"
groups: "{{gitea_mcp_group}}"
append: true

4
ansible/grafana_mcp/deploy.yml
View File

@@ -46,9 +46,9 @@
group: "{{grafana_mcp_group}}"
system: true
- name: Add group grafana_mcp to Ansible remote_user
- name: Add group grafana_mcp to keeper_user
ansible.builtin.user:
name: "{{remote_user}}"
name: "{{keeper_user}}"
groups: "{{grafana_mcp_group}}"
append: true

4
ansible/haproxy/deploy.yml
View File

@@ -26,10 +26,10 @@
uid: "{{haproxy_uid}}"
system: true
- name: Add group haproxy to ansible_user
- name: Add group haproxy to keeper_user
become: true
ansible.builtin.user:
name: "{{ansible_user}}"
name: "{{keeper_user}}"
groups: "{{haproxy_group}}"
append: true

4
ansible/hass/deploy.yml
View File

@@ -21,10 +21,10 @@
system: true
create_home: false
- name: Add group hass to user {{remote_user}}
- name: Add group hass to keeper_user
become: true
ansible.builtin.user:
name: "{{remote_user}}"
name: "{{keeper_user}}"
groups: "{{hass_group}}"
append: true

15
ansible/inventory/group_vars/all/vars.yml
View File

@@ -1,6 +1,15 @@
# Red Panda Approved Sandbox Environment Variables
remote_user: robert
remote_group: robert
# Account Taxonomy
# keeper_user - Ansible/Terraform management account (sudo). Use {{ keeper_user }} in playbooks.
# watcher_user - Non-sudo observation account.
# principal_user - AI agent / human operator account (host-specific, defined in host_vars).
# NOTE: ansible.cfg retains 'remote_user = ponos' as the Ansible SSH built-in keyword.
# Never use {{ remote_user }} or {{ ansible_user }} as Jinja2 variables in playbooks.
keeper_user: ponos
keeper_uid: 519
keeper_group: ponos
keeper_home: /srv/ponos
watcher_user: poros
watcher_uid: 520
deployment_environment: "agathos"
ansible_python_interpreter: /usr/bin/python3

5
ansible/inventory/host_vars/caliban.incus.yml
View File

@@ -8,6 +8,11 @@ services:
- docker
- kernos
# Account Taxonomy
# principal_user is the AI agent operator account on this host
principal_user: robert
principal_uid: 1000
# Alloy
alloy_log_level: "warn"

4
ansible/kernos/deploy.yml
View File

@@ -21,10 +21,10 @@
system: false
create_home: true
- name: Add remote_user to kernos group
- name: Add keeper_user to kernos group
become: true
ansible.builtin.user:
name: "{{remote_user}}"
name: "{{keeper_user}}"
groups: "{{kernos_group}}"
append: true

4
ansible/lobechat/deploy.yml
View File

@@ -23,10 +23,10 @@
group: "{{lobechat_group}}"
system: true
- name: Add group lobechat to user ponos
- name: Add group lobechat to keeper_user
become: true
ansible.builtin.user:
name: ponos
name: "{{keeper_user}}"
groups: "{{lobechat_group}}"
append: true

4
ansible/loki/deploy.yml
View File

@@ -42,10 +42,10 @@
group: "{{loki_group}}"
system: true
- name: Add group loki to ansible_user
- name: Add group loki to keeper_user
become: true
ansible.builtin.user:
name: "{{ansible_user}}"
name: "{{keeper_user}}"
groups: "{{loki_group}}"
append: true

4
ansible/mcp_switchboard/deploy.yml
View File

@@ -26,10 +26,10 @@
system: true
create_home: false
- name: Add ansible_user to mcp_switchboard group
- name: Add keeper_user to mcp_switchboard group
become: true
ansible.builtin.user:
name: "{{ansible_user}}"
name: "{{keeper_user}}"
groups: "{{mcp_switchboard_group}}"
append: true

6
ansible/mcpo/deploy.yml
View File

@@ -1,8 +1,6 @@
---
- name: Deploy MCPO as a system service
hosts: mcpo
vars:
ansible_common_remote_group: ponos
handlers:
- name: restart mcpo
become: true
@@ -24,10 +22,10 @@
comment: "{{mcpo_user}}"
system: true
- name: Add remote_user to mcpo group
- name: Add keeper_user to mcpo group
become: true
ansible.builtin.user:
name: "{{remote_user}}"
name: "{{keeper_user}}"
groups: "{{mcpo_group}}"
append: true

4
ansible/neo4j/deploy.yml
View File

@@ -24,9 +24,9 @@
group: "{{neo4j_group}}"
system: true
- name: Add group neo4j to user ponos
- name: Add group neo4j to keeper_user
ansible.builtin.user:
name: ponos
name: "{{keeper_user}}"
groups: "{{neo4j_group}}"
append: true

4
ansible/neo4j_mcp/deploy.yml
View File

@@ -24,9 +24,9 @@
group: "{{neo4j_mcp_group}}"
system: true
- name: Add group neo4j_mcp to user ponos
- name: Add group neo4j_mcp to keeper_user
ansible.builtin.user:
name: ponos
name: "{{keeper_user}}"
groups: "{{neo4j_mcp_group}}"
append: true

4
ansible/openwebui/deploy.yml
View File

@@ -20,10 +20,10 @@
comment: "{{openwebui_user}}"
system: true
- name: Add "remote_user" user to OpenWebUI group
- name: Add keeper_user to OpenWebUI group
become: true
ansible.builtin.user:
name: "{{remote_user}}"
name: "{{keeper_user}}"
groups: "{{openwebui_group}}"
append: true

18
ansible/postgresql/deploy.yml
View File

@@ -48,31 +48,31 @@
- name: Create gh directory
become: true
ansible.builtin.file:
path: /home/{{ remote_user }}/gh
path: "{{ keeper_home }}/gh"
state: directory
owner: "{{ remote_user }}"
group: "{{ remote_user }}"
owner: "{{ keeper_user }}"
group: "{{ keeper_group }}"
mode: '755'
- name: Clone pgvector repository
become: true
become_user: "{{ remote_user }}"
become_user: "{{ keeper_user }}"
ansible.builtin.git:
repo: https://github.com/pgvector/pgvector.git
dest: /home/{{ remote_user }}/gh/pgvector
dest: "{{ keeper_home }}/gh/pgvector"
version: v0.8.0
force: true
- name: Build pgvector
become: true
become_user: "{{ remote_user }}"
become_user: "{{ keeper_user }}"
ansible.builtin.make:
chdir: /home/{{ remote_user }}/gh/pgvector
chdir: "{{ keeper_home }}/gh/pgvector"
- name: Install pgvector
become: true
ansible.builtin.make:
chdir: /home/{{ remote_user }}/gh/pgvector
chdir: "{{ keeper_home }}/gh/pgvector"
target: install
- name: Ensure PostgreSQL is running
@@ -121,7 +121,7 @@
- name: Build pgvector with correct pg_config
become: true
ansible.builtin.shell: |
cd /home/{{ remote_user }}/gh/pgvector
cd {{ keeper_home }}/gh/pgvector
make clean
# Use the specific pg_config for the installed version
PG_CONFIG_PATH=$(ls /usr/bin/pg_config-* | head -1)

4
ansible/rabbitmq/deploy.yml
View File

@@ -24,9 +24,9 @@
group: "{{rabbitmq_group}}"
system: true
- name: Add group rabbitmq to user ponos
- name: Add group rabbitmq to keeper_user
ansible.builtin.user:
name: ponos
name: "{{keeper_user}}"
groups: "{{rabbitmq_group}}"
append: true

4
ansible/searxng/deploy.yml
View File

@@ -22,9 +22,9 @@
group: "{{searxng_group}}"
system: true
- name: Add group searxng to ansible_user
- name: Add group searxng to keeper_user
ansible.builtin.user:
name: "{{ansible_user}}"
name: "{{keeper_user}}"
groups: "{{searxng_group}}"
append: true

4
ansible/smtp4dev/deploy.yml
View File

@@ -24,9 +24,9 @@
group: "{{smtp4dev_group}}"
system: true
- name: Add group smtp4dev to user ponos
- name: Add group smtp4dev to keeper_user
ansible.builtin.user:
name: ponos
name: "{{keeper_user}}"
groups: "{{smtp4dev_group}}"
append: true