refactor: migrate services from oberon to puck and extract oauth2-proxy role
Move searxng, openwebui, mcp_switchboard, and hass services from oberon.incus to puck.incus, consolidating service host variables accordingly. Clean up oberon to only run alloy, docker, rabbitmq, and smtp4dev. Extract oauth2-proxy from a searxng-specific sidecar into a standalone reusable role with generic naming, supporting multiple proxy instances per host via parameterized systemd units and config directories. Refactor searxng role to use updated templates (settings.yml.j2, limiter.toml.j2) and integrate with the new generic oauth2-proxy role. Add Caddy reverse proxy configurations for puck-hosted services. Move searxng_oauth2_proxy_version to global vars for consistency.
This commit is contained in:
@@ -4,74 +4,13 @@
|
||||
services:
|
||||
- alloy
|
||||
- docker
|
||||
|
||||
- rabbitmq
|
||||
- searxng
|
||||
- smtp4dev
|
||||
|
||||
# Alloy
|
||||
alloy_log_level: "warn"
|
||||
rabbitmq_syslog_port: 51402
|
||||
searxng_syslog_port: 51403
|
||||
|
||||
# MCP Switchboard Configuration
|
||||
mcp_switchboard_user: mcpsb
|
||||
mcp_switchboard_group: mcpsb
|
||||
mcp_switchboard_directory: /srv/mcp_switchboard
|
||||
mcp_switchboard_port: 22785
|
||||
mcp_switchboard_docker_host: "tcp://miranda.incus:2375"
|
||||
mcp_switchboard_db_host: portia.incus
|
||||
mcp_switchboard_db_port: 5432
|
||||
mcp_switchboard_db_name: mcp_switchboard
|
||||
mcp_switchboard_db_user: mcpsb
|
||||
mcp_switchboard_db_password: "{{ vault_mcp_switchboard_db_password }}"
|
||||
mcp_switchboard_rabbitmq_host: localhost
|
||||
mcp_switchboard_rabbitmq_port: 5672
|
||||
mcp_switchboard_rabbitmq_user: rabbitmq
|
||||
mcp_switchboard_rabbitmq_password: "{{ vault_mcp_switchboard_rabbitmq_password }}"
|
||||
mcp_switchboard_secret_key: "{{ vault_mcp_switchboard_secret_key }}"
|
||||
|
||||
# Open WebUI Configuration
|
||||
openwebui_user: openwebui
|
||||
openwebui_group: openwebui
|
||||
openwebui_directory: /srv/openwebui
|
||||
openwebui_cors_allow_origin: https://openwebui.ouranos.helu.ca
|
||||
openwebui_port: 22088
|
||||
openwebui_host: puck.incus
|
||||
openwebui_secret_key: "{{ vault_openwebui_secret_key }}"
|
||||
openwebui_enable_signup: true
|
||||
openwebui_enable_email_login: false
|
||||
|
||||
# OAuth/OIDC Configuration (Casdoor SSO)
|
||||
openwebui_oauth_client_id: "{{ vault_openwebui_oauth_client_id }}"
|
||||
openwebui_oauth_client_secret: "{{ vault_openwebui_oauth_client_secret }}"
|
||||
openwebui_oauth_provider_name: "Casdoor"
|
||||
openwebui_oauth_provider_url: "https://id.ouranos.helu.ca/.well-known/openid-configuration"
|
||||
|
||||
# Database Configuration
|
||||
openwebui_db_host: portia.incus
|
||||
openwebui_db_port: 5432
|
||||
openwebui_db_name: openwebui
|
||||
openwebui_db_user: openwebui
|
||||
openwebui_db_password: "{{ vault_openwebui_db_password }}"
|
||||
|
||||
# API Keys
|
||||
openwebui_openai_api_key: "{{ vault_openwebui_openai_api_key }}"
|
||||
openwebui_anthropic_api_key: "{{ vault_openwebui_anthropic_api_key }}"
|
||||
openwebui_groq_api_key: "{{ vault_openwebui_groq_api_key }}"
|
||||
openwebui_mistral_api_key: "{{ vault_openwebui_mistral_api_key }}"
|
||||
|
||||
# Ollama Configuration
|
||||
ollama_api_base_url: ""
|
||||
openwebui_ollama_api_key: ""
|
||||
|
||||
# SSL Configuration
|
||||
openwebui_enable_https: false
|
||||
openwebui_ssl_cert_path: ""
|
||||
openwebui_ssl_key_path: ""
|
||||
|
||||
# Logging
|
||||
openwebui_log_level: info
|
||||
smtp4dev_syslog_port: 51405
|
||||
|
||||
# RabbitMQ Config
|
||||
rabbitmq_user: rabbitmq
|
||||
@@ -81,33 +20,6 @@ rabbitmq_amqp_port: 5672
|
||||
rabbitmq_management_port: 25582
|
||||
rabbitmq_password: "{{ vault_rabbitmq_password }}"
|
||||
|
||||
# Redis password
|
||||
redis_password: "{{ vault_redis_password }}"
|
||||
|
||||
# SearXNG Configuration
|
||||
searxng_user: searxng
|
||||
searxng_group: searxng
|
||||
searxng_directory: /srv/searxng
|
||||
searxng_port: 22083
|
||||
searxng_base_url: http://oberon.incus:22083/
|
||||
searxng_instance_name: "Ouranos Search"
|
||||
searxng_secret_key: "{{ vault_searxng_secret_key }}"
|
||||
|
||||
# SearXNG OAuth2-Proxy Sidecar
|
||||
# Note: Each host supports at most one OAuth2-Proxy sidecar instance
|
||||
# (binary shared at /usr/local/bin/oauth2-proxy, unique systemd unit per service)
|
||||
searxng_oauth2_proxy_dir: /etc/oauth2-proxy-searxng
|
||||
searxng_oauth2_proxy_version: "7.6.0"
|
||||
searxng_proxy_port: 22073
|
||||
searxng_domain: "ouranos.helu.ca"
|
||||
searxng_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
|
||||
searxng_oauth2_redirect_url: "https://searxng.ouranos.helu.ca/oauth2/callback"
|
||||
|
||||
# OAuth2 Credentials (from vault)
|
||||
searxng_oauth2_client_id: "{{ vault_searxng_oauth2_client_id }}"
|
||||
searxng_oauth2_client_secret: "{{ vault_searxng_oauth2_client_secret }}"
|
||||
searxng_oauth2_cookie_secret: "{{ vault_searxng_oauth2_cookie_secret }}"
|
||||
|
||||
# smtp4dev Configuration
|
||||
smtp4dev_user: smtp4dev
|
||||
smtp4dev_group: smtp4dev
|
||||
@@ -115,18 +27,4 @@ smtp4dev_directory: /srv/smtp4dev
|
||||
smtp4dev_port: 22085
|
||||
smtp4dev_smtp_port: 22025
|
||||
smtp4dev_imap_port: 22045
|
||||
smtp4dev_syslog_port: 51405
|
||||
|
||||
# Home Assistant Configuration
|
||||
hass_user: hass
|
||||
hass_group: hass
|
||||
hass_directory: /srv/hass
|
||||
hass_media_directory: /srv/hass/media
|
||||
hass_port: 8123
|
||||
hass_version: "2026.2.0"
|
||||
hass_db_host: portia.incus
|
||||
hass_db_port: 5432
|
||||
hass_db_name: hass
|
||||
hass_db_user: hass
|
||||
hass_db_password: "{{ vault_hass_db_password }}"
|
||||
hass_metrics_token: "{{ vault_hass_metrics_token }}"
|
||||
|
||||
Reference in New Issue
Block a user