diff --git a/ansible/inventory/group_vars/all/vars.yml b/ansible/inventory/group_vars/all/vars.yml
index 5525a0a..045af5b 100644
--- a/ansible/inventory/group_vars/all/vars.yml
+++ b/ansible/inventory/group_vars/all/vars.yml
@@ -38,6 +38,7 @@ rommie_rel: master
 # PyPI release version (no 'v' prefix) - https://pypi.org/project/open-webui/
 openwebui_rel: 0.8.3
 pulseaudio_module_xrdp_rel: 
+searxng_oauth2_proxy_version: 7.6.0
 
 # MCP URLs
 argos_mcp_url: http://miranda.incus:25534/mcp
diff --git a/ansible/inventory/host_vars/oberon.incus.yml b/ansible/inventory/host_vars/oberon.incus.yml
index 3c599e4..20deb11 100644
--- a/ansible/inventory/host_vars/oberon.incus.yml
+++ b/ansible/inventory/host_vars/oberon.incus.yml
@@ -4,74 +4,13 @@
 services:
   - alloy
   - docker
-
   - rabbitmq
-  - searxng
   - smtp4dev
 
 # Alloy
 alloy_log_level: "warn"
 rabbitmq_syslog_port: 51402
-searxng_syslog_port: 51403
-
-# MCP Switchboard Configuration
-mcp_switchboard_user: mcpsb
-mcp_switchboard_group: mcpsb
-mcp_switchboard_directory: /srv/mcp_switchboard
-mcp_switchboard_port: 22785
-mcp_switchboard_docker_host: "tcp://miranda.incus:2375"
-mcp_switchboard_db_host: portia.incus
-mcp_switchboard_db_port: 5432
-mcp_switchboard_db_name: mcp_switchboard
-mcp_switchboard_db_user: mcpsb
-mcp_switchboard_db_password: "{{ vault_mcp_switchboard_db_password }}"
-mcp_switchboard_rabbitmq_host: localhost
-mcp_switchboard_rabbitmq_port: 5672
-mcp_switchboard_rabbitmq_user: rabbitmq
-mcp_switchboard_rabbitmq_password: "{{ vault_mcp_switchboard_rabbitmq_password }}"
-mcp_switchboard_secret_key: "{{ vault_mcp_switchboard_secret_key }}"
-
-# Open WebUI Configuration
-openwebui_user: openwebui
-openwebui_group: openwebui
-openwebui_directory: /srv/openwebui
-openwebui_cors_allow_origin: https://openwebui.ouranos.helu.ca
-openwebui_port: 22088
-openwebui_host: puck.incus
-openwebui_secret_key: "{{ vault_openwebui_secret_key }}"
-openwebui_enable_signup: true
-openwebui_enable_email_login: false
-
-# OAuth/OIDC Configuration (Casdoor SSO)
-openwebui_oauth_client_id: "{{ vault_openwebui_oauth_client_id }}"
-openwebui_oauth_client_secret: "{{ vault_openwebui_oauth_client_secret }}"
-openwebui_oauth_provider_name: "Casdoor"
-openwebui_oauth_provider_url: "https://id.ouranos.helu.ca/.well-known/openid-configuration"
-
-# Database Configuration
-openwebui_db_host: portia.incus
-openwebui_db_port: 5432
-openwebui_db_name: openwebui
-openwebui_db_user: openwebui
-openwebui_db_password: "{{ vault_openwebui_db_password }}"
-
-# API Keys
-openwebui_openai_api_key: "{{ vault_openwebui_openai_api_key }}"
-openwebui_anthropic_api_key: "{{ vault_openwebui_anthropic_api_key }}"
-openwebui_groq_api_key: "{{ vault_openwebui_groq_api_key }}"
-openwebui_mistral_api_key: "{{ vault_openwebui_mistral_api_key }}"
-
-# Ollama Configuration
-ollama_api_base_url: ""
-openwebui_ollama_api_key: ""
-
-# SSL Configuration
-openwebui_enable_https: false
-openwebui_ssl_cert_path: ""
-openwebui_ssl_key_path: ""
-
-# Logging
-openwebui_log_level: info
+smtp4dev_syslog_port: 51405
 
 # RabbitMQ Config
 rabbitmq_user: rabbitmq
@@ -81,33 +20,6 @@ rabbitmq_amqp_port: 5672
 rabbitmq_management_port: 25582
 rabbitmq_password: "{{ vault_rabbitmq_password }}"
 
-# Redis password
-redis_password: "{{ vault_redis_password }}"
-
-# SearXNG Configuration
-searxng_user: searxng
-searxng_group: searxng
-searxng_directory: /srv/searxng
-searxng_port: 22083
-searxng_base_url: http://oberon.incus:22083/
-searxng_instance_name: "Ouranos Search"
-searxng_secret_key: "{{ vault_searxng_secret_key }}"
-
-# SearXNG OAuth2-Proxy Sidecar
-# Note: Each host supports at most one OAuth2-Proxy sidecar instance
-# (binary shared at /usr/local/bin/oauth2-proxy, unique systemd unit per service)
-searxng_oauth2_proxy_dir: /etc/oauth2-proxy-searxng
-searxng_oauth2_proxy_version: "7.6.0"
-searxng_proxy_port: 22073
-searxng_domain: "ouranos.helu.ca"
-searxng_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
-searxng_oauth2_redirect_url: "https://searxng.ouranos.helu.ca/oauth2/callback"
-
-# OAuth2 Credentials (from vault)
-searxng_oauth2_client_id: "{{ vault_searxng_oauth2_client_id }}"
-searxng_oauth2_client_secret: "{{ vault_searxng_oauth2_client_secret }}"
-searxng_oauth2_cookie_secret: "{{ vault_searxng_oauth2_cookie_secret }}"
-
 # smtp4dev Configuration
 smtp4dev_user: smtp4dev
 smtp4dev_group: smtp4dev
@@ -115,18 +27,4 @@ smtp4dev_directory: /srv/smtp4dev
 smtp4dev_port: 22085
 smtp4dev_smtp_port: 22025
 smtp4dev_imap_port: 22045
-smtp4dev_syslog_port: 51405
 
-# Home Assistant Configuration
-hass_user: hass
-hass_group: hass
-hass_directory: /srv/hass
-hass_media_directory: /srv/hass/media
-hass_port: 8123
-hass_version: "2026.2.0"
-hass_db_host: portia.incus
-hass_db_port: 5432
-hass_db_name: hass
-hass_db_user: hass
-hass_db_password: "{{ vault_hass_db_password }}"
-hass_metrics_token: "{{ vault_hass_metrics_token }}"
diff --git a/ansible/inventory/host_vars/rosalind.incus.yml b/ansible/inventory/host_vars/rosalind.incus.yml
index f2dd4af..0395764 100644
--- a/ansible/inventory/host_vars/rosalind.incus.yml
+++ b/ansible/inventory/host_vars/rosalind.incus.yml
@@ -12,10 +12,12 @@ services:
   - nextcloud
   - openwebui
   - hass
+  - searxng
 
 # Alloy
 alloy_log_level: "warn"
 lobechat_syslog_port: 51461
+searxng_syslog_port: 51403
 
 # AnythingLLM Configuration
 anythingllm_user: anythingllm
@@ -99,6 +101,20 @@ gitea_oauth_token_url: "https://id.ouranos.helu.ca/api/login/oauth/access_token"
 gitea_oauth_userinfo_url: "https://id.ouranos.helu.ca/api/userinfo"
 gitea_oauth_scopes: "openid profile email"
 
+# Home Assistant Configuration
+hass_user: hass
+hass_group: hass
+hass_directory: /srv/hass
+hass_media_directory: /srv/hass/media
+hass_port: 8123
+hass_version: "2026.2.0"
+hass_db_host: portia.incus
+hass_db_port: 5432
+hass_db_name: hass
+hass_db_user: hass
+hass_db_password: "{{ vault_hass_db_password }}"
+hass_metrics_token: "{{ vault_hass_metrics_token }}"
+
 # LobeChat Configuration
 lobechat_user: lobechat
 lobechat_group: lobechat
@@ -155,3 +171,69 @@ nextcloud_domain: nextcloud.ouranos.helu.ca
 nextcloud_instance_id: ""
 nextcloud_password_salt: ""
 nextcloud_secret: ""
+
+
+# Open WebUI Configuration
+openwebui_user: openwebui
+openwebui_group: openwebui
+openwebui_directory: /srv/openwebui
+openwebui_cors_allow_origin: https://openwebui.ouranos.helu.ca
+openwebui_port: 22088
+openwebui_host: puck.incus
+openwebui_secret_key: "{{ vault_openwebui_secret_key }}"
+openwebui_enable_signup: true
+openwebui_enable_email_login: false
+
+# OAuth/OIDC Configuration (Casdoor SSO)
+openwebui_oauth_client_id: "{{ vault_openwebui_oauth_client_id }}"
+openwebui_oauth_client_secret: "{{ vault_openwebui_oauth_client_secret }}"
+openwebui_oauth_provider_name: "Casdoor"
+openwebui_oauth_provider_url: "https://id.ouranos.helu.ca/.well-known/openid-configuration"
+
+# Database Configuration
+openwebui_db_host: portia.incus
+openwebui_db_port: 5432
+openwebui_db_name: openwebui
+openwebui_db_user: openwebui
+openwebui_db_password: "{{ vault_openwebui_db_password }}"
+
+# API Keys
+openwebui_openai_api_key: "{{ vault_openwebui_openai_api_key }}"
+openwebui_anthropic_api_key: "{{ vault_openwebui_anthropic_api_key }}"
+openwebui_groq_api_key: "{{ vault_openwebui_groq_api_key }}"
+openwebui_mistral_api_key: "{{ vault_openwebui_mistral_api_key }}"
+
+# Ollama Configuration
+ollama_api_base_url: ""
+openwebui_ollama_api_key: ""
+
+# SSL Configuration
+openwebui_enable_https: false
+openwebui_ssl_cert_path: ""
+openwebui_ssl_key_path: ""
+
+# Logging
+openwebui_log_level: info
+
+# SearXNG Configuration
+searxng_user: searxng
+searxng_group: searxng
+searxng_directory: /srv/searxng
+searxng_port: 22083
+searxng_base_url: http://rosalind.incus:22083/
+searxng_instance_name: "Ouranos Search"
+searxng_secret_key: "{{ vault_searxng_secret_key }}"
+
+# SearXNG OAuth2-Proxy Sidecar
+# Note: Each host supports at most one OAuth2-Proxy sidecar instance
+# (binary shared at /usr/local/bin/oauth2-proxy, unique systemd unit per service)
+searxng_oauth2_proxy_dir: /etc/oauth2-proxy-searxng
+searxng_proxy_port: 22073
+searxng_domain: "ouranos.helu.ca"
+searxng_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
+searxng_oauth2_redirect_url: "https://searxng.ouranos.helu.ca/oauth2/callback"
+
+# OAuth2 Credentials (from vault)
+searxng_oauth2_client_id: "{{ vault_searxng_oauth2_client_id }}"
+searxng_oauth2_client_secret: "{{ vault_searxng_oauth2_client_secret }}"
+searxng_oauth2_cookie_secret: "{{ vault_searxng_oauth2_cookie_secret }}"
\ No newline at end of file