Refactor user management in Ansible playbooks to standardize on keeper_user

- Updated user addition tasks across multiple playbooks (mcp_switchboard, mcpo, neo4j, neo4j_mcp, openwebui, postgresql, rabbitmq, searxng, smtp4dev) to replace references to ansible_user and remote_user with keeper_user. - Modified PostgreSQL deployment to create directories and manage files under keeper_user's home. - Enhanced documentation to clarify account taxonomy and usage of keeper_user in playbooks. - Introduced new deployment for Agent S, including environment setup, desktop environment installation, XRDP configuration, and accessibility support. - Added staging playbook for preparing release tarballs from local repositories. - Created templates for XRDP configuration and environment activation scripts. - Removed obsolete sunwait documentation.
2026-03-05 10:37:41 +00:00
parent b4d60f2f38
commit 042df52bca
35 changed files with 610 additions and 298 deletions
--- a/terraform/containers.tf
+++ b/terraform/containers.tf
@@ -7,9 +7,9 @@ packages:
  - apt-utils
  - openssh-server
 users:
-  - name: ${var.system_user}
-    uid: ${var.user_uid}
-    system: true
+  - name: ${var.keeper_user}
+    uid: ${var.keeper_uid}
+    homedir: /srv/${var.keeper_user}
    sudo: ALL=(ALL) NOPASSWD:ALL
    shell: /bin/bash
    groups: sudo
@@ -271,11 +271,15 @@ resource "incus_instance" "uranian_hosts" {
  )

  file {
-    target_path        = "/home/${var.system_user}/.ssh/authorized_keys"
+    target_path        = "/srv/${var.keeper_user}/.ssh/authorized_keys"
    source_path        = var.ssh_key_path
-    uid                = var.user_uid
-    gid                = var.user_uid
+    uid                = var.keeper_uid
+    gid                = var.keeper_uid
    mode               = 0750
    create_directories = true
  }
+
+  lifecycle {
+    ignore_changes = [config]
+  }
 }