From e21c91e73e2cab7b2076e8cdb7bcc848d0671e09 Mon Sep 17 00:00:00 2001
From: Robert Helewka <r@helu.ca>
Date: Sat, 21 Mar 2026 21:07:27 +0000
Subject: [PATCH] refactor: update repository paths and configurations for
 consistency across services

---
 ansible/agent_s/stage.yml                     |  4 +--
 ansible/alloy/oberon/config.alloy.j2          | 27 ------------------
 ansible/alloy/rosalind/config.alloy.j2        | 28 +++++++++++++++++++
 ansible/inventory/group_vars/all/vars.yml     |  4 +--
 ansible/inventory/host_vars/miranda.incus.yml |  2 +-
 ansible/inventory/host_vars/portia.incus.yml  |  2 ++
 .../inventory/host_vars/prospero.incus.yml    |  2 ++
 ansible/inventory/host_vars/puck.incus.yml    |  2 ++
 .../inventory/host_vars/rosalind.incus.yml    |  8 ++++--
 ansible/inventory/host_vars/titania.incus.yml |  6 ++--
 ansible/inventory/hosts                       |  4 ---
 11 files changed, 47 insertions(+), 42 deletions(-)

diff --git a/ansible/agent_s/stage.yml b/ansible/agent_s/stage.yml
index a4ad5ad..f00ff53 100644
--- a/ansible/agent_s/stage.yml
+++ b/ansible/agent_s/stage.yml
@@ -4,9 +4,9 @@
   gather_facts: false
   vars:
     agent_s_archive: "{{rel_dir}}/agent_s_{{agent_s_rel}}.tar"
-    agent_s_repo_dir: "{{github_repo_dir}}/Agent-S"
+    agent_s_repo_dir: "{{github_dir}}/Agent-S"
     pulse_xrdp_archive: "{{rel_dir}}/pulseaudio_module_xrdp_{{pulseaudio_module_xrdp_rel}}.tar"
-    pulse_xrdp_repo_dir: "{{github_repo_dir}}/pulseaudio-module-xrdp"
+    pulse_xrdp_repo_dir: "{{github_dir}}/pulseaudio-module-xrdp"
     rommie_archive: "{{rel_dir}}/rommie_{{rommie_rel}}.tar"
     rommie_repo_dir: "{{repo_dir}}/rommie"
 
diff --git a/ansible/alloy/oberon/config.alloy.j2 b/ansible/alloy/oberon/config.alloy.j2
index 9d7d557..0726570 100644
--- a/ansible/alloy/oberon/config.alloy.j2
+++ b/ansible/alloy/oberon/config.alloy.j2
@@ -33,20 +33,6 @@ loki.source.syslog "rabbitmq_logs" {
   forward_to = [loki.write.default.receiver]
 }
 
-loki.source.syslog "searxng_logs" {
-  listener {
-    address  = "127.0.0.1:{{searxng_syslog_port}}"
-    protocol = "tcp"
-    syslog_format = "{{ syslog_format }}"
-    labels = {
-      job = "searxng",
-      hostname = "{{inventory_hostname}}",
-      environment = "{{deployment_environment}}",
-    }
-  }
-  forward_to = [loki.write.default.receiver]
-}
-
 loki.source.syslog "smtp4dev_logs" {
   listener {
     address  = "127.0.0.1:{{smtp4dev_syslog_port}}"
@@ -72,19 +58,6 @@ prometheus.scrape "default" {
   job_name = "containers"
 }
 
-prometheus.scrape "hass" {
-  targets = [{
-    __address__ = "127.0.0.1:{{hass_port}}",
-    job = "hass",
-    hostname = "{{inventory_hostname}}",
-    environment = "{{deployment_environment}}",
-  }]
-  forward_to      = [prometheus.remote_write.default.receiver]
-  scrape_interval = "60s"
-  metrics_path    = "/api/prometheus"
-  bearer_token    = "{{hass_metrics_token}}"
-}
-
 prometheus.remote_write "default" {
   endpoint {
     url = "{{prometheus_remote_write_url}}"
diff --git a/ansible/alloy/rosalind/config.alloy.j2 b/ansible/alloy/rosalind/config.alloy.j2
index 2b0c49b..220a4fc 100644
--- a/ansible/alloy/rosalind/config.alloy.j2
+++ b/ansible/alloy/rosalind/config.alloy.j2
@@ -46,6 +46,20 @@ loki.source.file "apache_logs" {
   forward_to = [loki.write.default.receiver]
 }
 
+prometheus.scrape "hass" {
+  targets = [{
+    __address__ = "127.0.0.1:{{hass_port}}",
+    job = "hass",
+    hostname = "{{inventory_hostname}}",
+    environment = "{{deployment_environment}}",
+  }]
+  forward_to      = [prometheus.remote_write.default.receiver]
+  scrape_interval = "60s"
+  metrics_path    = "/api/prometheus"
+  bearer_token    = "{{hass_metrics_token}}"
+}
+
+
 // Lobechat Docker syslog
 loki.source.syslog "lobechat_logs" {
   listener {
@@ -61,6 +75,20 @@ loki.source.syslog "lobechat_logs" {
   forward_to = [loki.write.default.receiver]
 }
 
+loki.source.syslog "searxng_logs" {
+  listener {
+    address  = "127.0.0.1:{{searxng_syslog_port}}"
+    protocol = "tcp"
+    syslog_format = "{{ syslog_format }}"
+    labels = {
+      job = "searxng",
+      hostname = "{{inventory_hostname}}",
+      environment = "{{deployment_environment}}",
+    }
+  }
+  forward_to = [loki.write.default.receiver]
+}
+
 // Loki endpoint
 loki.write "default" {
   endpoint {
diff --git a/ansible/inventory/group_vars/all/vars.yml b/ansible/inventory/group_vars/all/vars.yml
index 045af5b..fd99b7c 100644
--- a/ansible/inventory/group_vars/all/vars.yml
+++ b/ansible/inventory/group_vars/all/vars.yml
@@ -22,7 +22,7 @@ act_runner_version: "0.2.13"
 gitea_runner_instance_url: "https://gitea.ouranos.helu.ca"
 
 # Release versions for staging playbooks
-agent_s_rel: master
+agent_s_rel: main
 anythingllm_rel: master
 athena_rel: main
 athena_mcp_rel: main
@@ -37,7 +37,7 @@ kernos_rel: master
 rommie_rel: master
 # PyPI release version (no 'v' prefix) - https://pypi.org/project/open-webui/
 openwebui_rel: 0.8.3
-pulseaudio_module_xrdp_rel: 
+pulseaudio_module_xrdp_rel: devel
 searxng_oauth2_proxy_version: 7.6.0
 
 # MCP URLs
diff --git a/ansible/inventory/host_vars/miranda.incus.yml b/ansible/inventory/host_vars/miranda.incus.yml
index bd5585c..8a1aea2 100644
--- a/ansible/inventory/host_vars/miranda.incus.yml
+++ b/ansible/inventory/host_vars/miranda.incus.yml
@@ -24,7 +24,7 @@ argos_group: argos
 argos_directory: /srv/argos
 argos_port: 25534
 argos_log_level: INFO
-argos_searxng_instances: http://oberon.incus:22083/
+argos_searxng_instances: http://rosalind.incus:22089/
 argos_cache_ttl: 300
 argos_max_results: 10
 argos_request_timeout: 30.0
diff --git a/ansible/inventory/host_vars/portia.incus.yml b/ansible/inventory/host_vars/portia.incus.yml
index ea03bcb..240d574 100644
--- a/ansible/inventory/host_vars/portia.incus.yml
+++ b/ansible/inventory/host_vars/portia.incus.yml
@@ -3,6 +3,8 @@
 # Services: alloy, postgresql
 # Note: PgAdmin moved to Prospero (PPLG stack)
 
+ansible_user: robert
+
 services:
   - alloy
   - postgresql
diff --git a/ansible/inventory/host_vars/prospero.incus.yml b/ansible/inventory/host_vars/prospero.incus.yml
index 13ddeb6..2745a42 100644
--- a/ansible/inventory/host_vars/prospero.incus.yml
+++ b/ansible/inventory/host_vars/prospero.incus.yml
@@ -2,6 +2,8 @@
 # Prospero Configuration - PPLG Observability & Admin Stack
 # Services: pplg (PgAdmin, Prometheus, Loki, Grafana + HAProxy + OAuth2-Proxy)
 
+ansible_user: robert
+
 services:
   - alloy
   - pplg
diff --git a/ansible/inventory/host_vars/puck.incus.yml b/ansible/inventory/host_vars/puck.incus.yml
index 06340c6..0f39c49 100644
--- a/ansible/inventory/host_vars/puck.incus.yml
+++ b/ansible/inventory/host_vars/puck.incus.yml
@@ -2,6 +2,8 @@
 # Puck Configuration - Application Runtime
 # Services: alloy, docker, lxqt, jupyterlab
 
+ansible_user: robert
+
 services:
   - alloy
   - docker
diff --git a/ansible/inventory/host_vars/rosalind.incus.yml b/ansible/inventory/host_vars/rosalind.incus.yml
index 0395764..3a88cfb 100644
--- a/ansible/inventory/host_vars/rosalind.incus.yml
+++ b/ansible/inventory/host_vars/rosalind.incus.yml
@@ -2,6 +2,8 @@
 # Rosalind Configuration - GO, Node.js, PHP Apps
 # Services: alloy, gitea, lobechat, nextcloud
 
+ansible_user: robert
+
 services:
   - alloy
   - anythingllm
@@ -219,8 +221,8 @@ openwebui_log_level: info
 searxng_user: searxng
 searxng_group: searxng
 searxng_directory: /srv/searxng
-searxng_port: 22083
-searxng_base_url: http://rosalind.incus:22083/
+searxng_port: 22089
+searxng_base_url: http://rosalind.incus:22089/
 searxng_instance_name: "Ouranos Search"
 searxng_secret_key: "{{ vault_searxng_secret_key }}"
 
@@ -228,7 +230,7 @@ searxng_secret_key: "{{ vault_searxng_secret_key }}"
 # Note: Each host supports at most one OAuth2-Proxy sidecar instance
 # (binary shared at /usr/local/bin/oauth2-proxy, unique systemd unit per service)
 searxng_oauth2_proxy_dir: /etc/oauth2-proxy-searxng
-searxng_proxy_port: 22073
+searxng_proxy_port: 22079
 searxng_domain: "ouranos.helu.ca"
 searxng_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
 searxng_oauth2_redirect_url: "https://searxng.ouranos.helu.ca/oauth2/callback"
diff --git a/ansible/inventory/host_vars/titania.incus.yml b/ansible/inventory/host_vars/titania.incus.yml
index e42108b..2e330d7 100644
--- a/ansible/inventory/host_vars/titania.incus.yml
+++ b/ansible/inventory/host_vars/titania.incus.yml
@@ -65,7 +65,7 @@ haproxy_backends:
     redirect_root: "/login/heluca"  # Redirect root to branded org login page
 
   - subdomain: "openwebui"
-    backend_host: "oberon.incus"
+    backend_host: "rosalind.incus"
     backend_port: 22088
     health_path: "/"
 
@@ -81,8 +81,8 @@ haproxy_backends:
   
   # SearXNG - routed through OAuth2-Proxy sidecar on Oberon
   - subdomain: "searxng"
-    backend_host: "oberon.incus"
-    backend_port: 22073
+    backend_host: "rosalind.incus"
+    backend_port: 22079
     health_path: "/ping"
 
   - subdomain: "pgadmin"
diff --git a/ansible/inventory/hosts b/ansible/inventory/hosts
index 82fd755..5508d28 100644
--- a/ansible/inventory/hosts
+++ b/ansible/inventory/hosts
@@ -41,10 +41,6 @@ kernos:
     caliban.incus:
     korax.helu.ca:
 
-searxng:
-  hosts:
-    oberon.incus:
-
 gitea:
   hosts:
     rosalind.incus: