chore: update ansible vault secrets and credentials

Updated encrypted vault.yml file with new credentials and secrets for production infrastructure
2026-05-17 07:32:51 -04:00
parent 52d444f731
commit 698ceacb74
6 changed files with 502 additions and 491 deletions
--- a/ansible/inventory/host_vars/caliban.incus.yml
+++ b/ansible/inventory/host_vars/caliban.incus.yml
@@ -39,6 +39,30 @@ freecad_mcp_group: harper
 freecad_mcp_directory: /srv/freecad-mcp
 freecad_mcp_port: 22061

+
+# JupyterLab Configuration
+jupyterlab_user: robert
+jupyterlab_group: robert
+jupyterlab_notebook_dir: /home/robert/notebook
+jupyterlab_venv_dir: /home/robert/env/jupyter
+
+## Ports
+jupyterlab_port: 22081           # JupyterLab (localhost only)
+jupyterlab_proxy_port: 22071     # OAuth2-Proxy (exposed to HAProxy)
+
+## OAuth2-Proxy Configuration
+jupyterlab_oauth2_proxy_dir: /etc/oauth2-proxy-jupyter
+jupyterlab_oauth2_proxy_version: "7.6.0"
+jupyterlab_domain: "ouranos.helu.ca"
+jupyterlab_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
+jupyterlab_oauth2_redirect_url: "https://jupyterlab.ouranos.helu.ca/oauth2/callback"
+
+## OAuth2 Credentials (from vault)
+jupyterlab_oauth_client_id: "{{ vault_jupyterlab_oauth_client_id }}"
+jupyterlab_oauth_client_secret: "{{ vault_jupyterlab_oauth_client_secret }}"
+jupyterlab_oauth2_cookie_secret: "{{ vault_jupyterlab_oauth2_cookie_secret }}"
+
+
 # Kernos MCP Shell Server Configuration
 kernos_user: harper
 kernos_group: harper
--- a/ansible/inventory/host_vars/portia.incus.yml
+++ b/ansible/inventory/host_vars/portia.incus.yml
@@ -56,6 +56,9 @@ mnemosyne_db_password: "{{ vault_mnemosyne_db_password }}"
 hold_slayer_db_name: hold_slayer
 hold_slayer_db_user: hold_slayer
 hold_slayer_db_password: "{{ vault_hold_slayer_db_password }}"
+hecate_db_name: hecate
+hecate_db_user: hecate
+hecate_db_password: "{{ vault_hecate_db_password }}"

 # PostgreSQL admin password
 postgres_password: "{{ vault_postgres_password }}"
--- a/ansible/inventory/host_vars/puck.incus.yml
+++ b/ansible/inventory/host_vars/puck.incus.yml
@@ -112,26 +112,4 @@ athena_casdoor_client_secret: "{{ vault_athena_oauth_client_secret }}"
 athena_secret_key: "{{ vault_athena_secret_key }}"
 athena_db_password: "{{ vault_athena_db_password }}"

-# =============================================================================
-# JupyterLab Configuration
-# =============================================================================
-jupyterlab_user: robert
-jupyterlab_group: robert
-jupyterlab_notebook_dir: /home/robert
-jupyterlab_venv_dir: /home/robert/env/jupyter

-# Ports
-jupyterlab_port: 22081           # JupyterLab (localhost only)
-jupyterlab_proxy_port: 22071     # OAuth2-Proxy (exposed to HAProxy)
-
-# OAuth2-Proxy Configuration
-jupyterlab_oauth2_proxy_dir: /etc/oauth2-proxy-jupyter
-jupyterlab_oauth2_proxy_version: "7.6.0"
-jupyterlab_domain: "ouranos.helu.ca"
-jupyterlab_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
-jupyterlab_oauth2_redirect_url: "https://jupyterlab.ouranos.helu.ca/oauth2/callback"
-
-# OAuth2 Credentials (from vault)
-jupyterlab_oauth_client_id: "{{ vault_jupyterlab_oauth_client_id }}"
-jupyterlab_oauth_client_secret: "{{ vault_jupyterlab_oauth_client_secret }}"
-jupyterlab_oauth2_cookie_secret: "{{ vault_jupyterlab_oauth2_cookie_secret }}"
--- a/ansible/inventory/host_vars/titania.incus.yml
+++ b/ansible/inventory/host_vars/titania.incus.yml
@@ -188,7 +188,7 @@ haproxy_backends:
    health_path: "/ready/"

  - subdomain: "jupyterlab"
-    backend_host: "puck.incus"
+    backend_host: "caliban.incus"
    backend_port: 22071  # OAuth2-Proxy port
    health_path: "/ping"
    timeout_server: 300s  # WebSocket support