Add Athena configuration and secrets to inventory and templates

- Updated vault.yml.example to include Athena secrets: secret key, DB password, OAuth client ID, and client secret.
- Modified puck.incus.yml to add Athena service and configuration details, including user, group, directory, port, and domain.
- Updated titania.incus.yml to change OAuth client ID and secret variable names for consistency with Athena.
- Added Athena configuration to mcpo config template, including URL and authorization headers.

ansible/inventory/host_vars/puck.incus.yml

@@ -7,6 +7,7 @@ services:
   - docker
   - gitea_runner
   - jupyterlab
+  - athena
 
 # Gitea Runner
 gitea_runner_name: "puck-runner"
@@ -22,6 +23,23 @@ spelunker_syslog_port: 51481
 jupyterlab_syslog_port: 51491
 daedalus_syslog_port: 51401
 
+# =============================================================================
+# Athena Configuration
+# =============================================================================
+athena_user: athena
+athena_group: athena
+athena_directory: /srv/athena
+athena_port: 22481
+athena_domain: "ouranos.helu.ca"
+
+# Casdoor SSO Credentials (from vault)
+athena_casdoor_client_id: "{{ vault_athena_oauth_client_id }}"
+athena_casdoor_client_secret: "{{ vault_athena_oauth_client_secret }}"
+
+# Application Secrets (from vault)
+athena_secret_key: "{{ vault_athena_secret_key }}"
+athena_db_password: "{{ vault_athena_db_password }}"
+
 # =============================================================================
 # JupyterLab Configuration
 # =============================================================================

ansible/inventory/host_vars/titania.incus.yml

@@ -221,17 +221,21 @@ casdoor_radius_server_port: 1812
 casdoor_radius_default_organization: "built-in"
 casdoor_radius_secret: "{{ vault_casdoor_radius_secret }}"
 # Oath2
-angelia_oauth_client_id: "{{ vault_angelia_oauth_client_id }}"
-angelia_oauth_client_secret: "{{ vault_angelia_oauth_client_secret }}"
-athena_oauth_client_id: "{{ vault_athena_oauth_client_id }}"
-athena_oauth_client_secret: "{{ vault_athena_oauth_client_secret }}"
-daedalus_oauth_client_id: "{{ vault_daedalus_oauth_client_id }}"
-daedalus_oauth_client_secret: "{{ vault_daedalus_oauth_client_secret }}"
-gitea_oauth_client_id: "{{ vault_gitea_oauth_client_id }}"
-gitea_oauth_client_secret: "{{ vault_gitea_oauth_client_secret }}"
-jupyterlab_oauth_client_id: "{{ vault_jupyterlab_oauth_client_id }}"
-jupyterlab_oauth_client_secret: "{{ vault_jupyterlab_oauth_client_secret }}"
-openwebui_oauth_client_id: "{{ vault_openwebui_oauth_client_id }}"
-openwebui_oauth_client_secret: "{{ vault_openwebui_oauth_client_secret }}"
-searxng_oauth_client_id: "{{ vault_searxng_oauth_client_id }}"
-searxng_oauth_client_secret: "{{ vault_searxng_oauth_client_secret }}"
+angelia_oauth2_client_id: "{{ vault_angelia_oauth_client_id }}"
+angelia_oauth2_client_secret: "{{ vault_angelia_oauth_client_secret }}"
+athena_oauth2_client_id: "{{ vault_athena_oauth_client_id }}"
+athena_oauth2_client_secret: "{{ vault_athena_oauth_client_secret }}"
+daedalus_oauth2_client_id: "{{ vault_daedalus_oauth2_client_id }}"
+daedalus_oauth2_client_secret: "{{ vault_daedalus_oauth2_client_secret }}"
+gitea_oauth2_client_id: "{{ vault_gitea_oauth_client_id }}"
+gitea_oauth2_client_secret: "{{ vault_gitea_oauth_client_secret }}"
+jupyterlab_oauth2_client_id: "{{ vault_jupyterlab_oauth_client_id }}"
+jupyterlab_oauth2_client_secret: "{{ vault_jupyterlab_oauth_client_secret }}"
+kairos_oauth2_client_id: "{{ vault_athena_oauth_client_id }}"
+kairos_oauth2_client_secret: "{{ vault_athena_oauth_client_secret }}"
+openwebui_oauth2_client_id: "{{ vault_openwebui_oauth_client_id }}"
+openwebui_oauth2_client_secret: "{{ vault_openwebui_oauth_client_secret }}"
+searxng_oauth2_client_id: "{{ vault_searxng_oauth2_client_id }}"
+searxng_oauth2_client_secret: "{{ vault_searxng_oauth2_client_secret }}"
+spelunker_oauth2_client_id: "{{ vault_athena_oauth_client_id }}"
+spelunker_oauth2_client_secret: "{{ vault_athena_oauth_client_secret }}"