Refactor user management in Ansible playbooks to standardize on keeper_user

- Updated user addition tasks across multiple playbooks (mcp_switchboard, mcpo, neo4j, neo4j_mcp, openwebui, postgresql, rabbitmq, searxng, smtp4dev) to replace references to ansible_user and remote_user with keeper_user.
- Modified PostgreSQL deployment to create directories and manage files under keeper_user's home.
- Enhanced documentation to clarify account taxonomy and usage of keeper_user in playbooks.
- Introduced new deployment for Agent S, including environment setup, desktop environment installation, XRDP configuration, and accessibility support.
- Added staging playbook for preparing release tarballs from local repositories.
- Created templates for XRDP configuration and environment activation scripts.
- Removed obsolete sunwait documentation.

ansible/inventory/group_vars/all/vars.yml

@@ -1,6 +1,15 @@
-# Red Panda Approved Sandbox Environment Variables
-remote_user: robert
-remote_group: robert
+# Account Taxonomy
+# keeper_user  - Ansible/Terraform management account (sudo). Use {{ keeper_user }} in playbooks.
+# watcher_user - Non-sudo observation account.
+# principal_user - AI agent / human operator account (host-specific, defined in host_vars).
+# NOTE: ansible.cfg retains 'remote_user = ponos' as the Ansible SSH built-in keyword.
+#       Never use {{ remote_user }} or {{ ansible_user }} as Jinja2 variables in playbooks.
+keeper_user: ponos
+keeper_uid: 519
+keeper_group: ponos
+keeper_home: /srv/ponos
+watcher_user: poros
+watcher_uid: 520
 deployment_environment: "agathos"
 ansible_python_interpreter: /usr/bin/python3
 

ansible/inventory/host_vars/caliban.incus.yml

@@ -8,6 +8,11 @@ services:
   - docker
   - kernos
 
+# Account Taxonomy
+# principal_user is the AI agent operator account on this host
+principal_user: robert
+principal_uid: 1000
+
 # Alloy
 alloy_log_level: "warn"