Add Athena configuration and secrets to inventory and templates

- Updated vault.yml.example to include Athena secrets: secret key, DB password, OAuth client ID, and client secret.
- Modified puck.incus.yml to add Athena service and configuration details, including user, group, directory, port, and domain.
- Updated titania.incus.yml to change OAuth client ID and secret variable names for consistency with Athena.
- Added Athena configuration to mcpo config template, including URL and authorization headers.

ansible/inventory/host_vars/puck.incus.yml

@@ -7,6 +7,7 @@ services:
   - docker
   - gitea_runner
   - jupyterlab
+  - athena
 
 # Gitea Runner
 gitea_runner_name: "puck-runner"
@@ -22,6 +23,23 @@ spelunker_syslog_port: 51481
 jupyterlab_syslog_port: 51491
 daedalus_syslog_port: 51401
 
+# =============================================================================
+# Athena Configuration
+# =============================================================================
+athena_user: athena
+athena_group: athena
+athena_directory: /srv/athena
+athena_port: 22481
+athena_domain: "ouranos.helu.ca"
+
+# Casdoor SSO Credentials (from vault)
+athena_casdoor_client_id: "{{ vault_athena_oauth_client_id }}"
+athena_casdoor_client_secret: "{{ vault_athena_oauth_client_secret }}"
+
+# Application Secrets (from vault)
+athena_secret_key: "{{ vault_athena_secret_key }}"
+athena_db_password: "{{ vault_athena_db_password }}"
+
 # =============================================================================
 # JupyterLab Configuration
 # =============================================================================