chore(ansible): centralize third-party Docker image versions

Add centralized image version variables in group_vars/all/vars.yml for vulnerability tracking and controlled upgrades of third-party Docker images (casdoor, flower, grafana-mcp, gitea-mcp, neo4j, memcached, nginx, oauth2-proxy, rabbitmq, searxng). Update vault.yml accordingly.
2026-05-03 18:57:58 -04:00
parent 2be323f27e
commit 4ae6379613
11 changed files with 681 additions and 497 deletions
--- a/ansible/alloy/umbriel/config.alloy.j2
+++ b/ansible/alloy/umbriel/config.alloy.j2
@@ -0,0 +1,57 @@
+logging {
+  level = "{{alloy_log_level}}"
+}
+
+loki.source.file "system_logs" {
+  targets = [
+    {__path__ = "/var/log/syslog", job = "syslog"},
+    {__path__ = "/var/log/auth.log", job = "auth"},
+  ]
+  forward_to = [loki.write.default.receiver]
+}
+
+loki.source.journal "systemd_logs" {
+  forward_to = [loki.write.default.receiver]
+  labels = {
+    job = "systemd",
+    hostname = "{{inventory_hostname}}",
+    environment = "{{deployment_environment}}",
+  }
+}
+
+loki.source.syslog "neo4j_logs" {
+  listener {
+    address  = "127.0.0.1:{{neo4j_syslog_port}}"
+    protocol = "tcp"
+    syslog_format = "{{ syslog_format }}"
+    labels = {
+      job = "neo4j",
+      hostname = "{{inventory_hostname}}",
+      environment = "{{deployment_environment}}",
+    }
+  }
+  forward_to = [loki.write.default.receiver]
+}
+
+prometheus.exporter.unix "default" {
+  include_exporter_metrics = true
+  disable_collectors = ["mdadm"]
+}
+
+prometheus.scrape "default" {
+  targets    = prometheus.exporter.unix.default.targets
+  forward_to = [prometheus.remote_write.default.receiver]
+  job_name = "containers"
+}
+
+prometheus.remote_write "default" {
+  endpoint {
+    url = "{{prometheus_remote_write_url}}"
+  }
+}
+
+loki.write "default" {
+  endpoint {
+    url = "{{loki_url}}"
+  }
+}