Introduce the CASE engineering agent by defining kottos_case_port
(24152) and updating the agents list comment. This extends the
systemd-managed pallas process configuration to include the CASE
runtime alongside existing Harper, Scotty, Research, and Tech
Research agents.
- Drop `FREECAD_MCP_` prefix from env vars (use `FREECAD_*`)
- Update freecad_mcp port from 22032 to 22061
- Document that FreeCAD bridge is required for tool calls
- Replace kottos deployment with pallas deployment
- Add ROMMIE_SCREENSHOT_JPEG_QUALITY and ROMMIE_SCREENSHOT_MAX_KB env vars
to control parent-agent screenshot output encoding and size limit
- Configure defaults (quality 80, 512KB cap) in caliban.incus host vars
- Trigger rommie service restart when .env file changes
- Bump Qwen model from 3.5 to 3.6 and update inference endpoints
(nyx:22079→22072, pan:22078→22076) for caliban and puck hosts
- Add Rommie MCP server deployment to site.yml
- Update Rommie docs to reflect new port (20361), model versions,
and health check accepting 200/406 status codes
- Add SearXNG syslog ingestion and blackbox health probes on miranda
and rosalind for per-host attributable failure detection
- Scrape Argos MCP application metrics from miranda
- Add Pallas dashboard panels for downstream availability and turn
error ratios
- Unify Neo4j HTTP/Bolt/syslog ports across ariel and umbriel hosts
- Add neo4j_metrics_port (22094) for APOC exporter sidecar
- Add umbriel to Prometheus node_exporter targets
- Add Neo4j scrape config and alerts for tx rollback rate and
stalled store growth
- Replace kernos_harper MCP with andromeda (caliban.helu.ca)
- Remove angelia MCP from kottos fastagent config
- Switch neo4j group membership from keeper_user to ponos
Introduce structured journal relabel rules on puck to tag Pallas-managed
units with {service, project, component} labels matching the Mnemosyne
and Daedalus schema. Add kottos release variable and vault secrets
example entries for the new Pallas FastAgent runtime.
Remove the defunct mnemosyne syslog listener now that Mnemosyne ships
JSON logs via the docker-socket pipeline.
- Add Jellyfin backend to HAProxy configuration on titania.incus
- Simplify deployment by using community.docker.docker_compose_v2 module
- Consolidate handlers and remove redundant Docker commands
- Update Jellyfin systemd service from oneshot to simple type
- Remove PUID/PGID environment variables from docker-compose template
Add Jellyfin service to ansible inventory with hardware
transcoding and Casdoor SSO configuration. Configure
Alloy syslog listener to capture Jellyfin logs to Loki.
Update documentation with new service mapping and S3
bucket credential retrieval instructions.
- Configure mnemosyne database credentials in ansible inventory
- Update postgresql playbook to provision user and database
- Add setup instructions and DB list to documentation
Enable JupyterLab on caliban host and disable it on puck host.
This migration updates the Ansible inventory host_vars to reflect
the new service distribution across the infrastructure.
Update variable references in the prospero.incus.yml inventory file to remove the redundant _oauth2 suffix from vault keys. This aligns the ansible configuration with the updated secret naming convention.
- Add repo URLs and conditional clone tasks for Agent-S, pulseaudio-module-xrdp, and rommie repositories
- Create required directories (github_dir and repo_dir) before cloning
- Update fetch/pull commands to only execute when repositories are not freshly cloned
- Fix vault variable naming inconsistencies in host_vars files (rosalind.incus.yml, titania.incus.yml)
Add pgadmin_oauth_client_id and pgadmin_oauth_client_secret variables to the titania inventory. This enables OAuth2 authentication for pgAdmin on the titania host.
Remove the Ansible tasks responsible for initializing the PgAdmin database
and starting the PgAdmin systemd service. These steps are no longer required
in the current deployment workflow.
Add comprehensive terraform import documentation for Incus resources.
Includes syntax for importing containers with for_each keys, retrieving
image fingerprints, and specific import commands for Uranian hosts.
Covers troubleshooting for common import issues and state verification.
Removes obsolete korax.helu.ca host from ansible inventory.
Move TLS termination and reverse proxying entirely to Titania's
HAProxy, eliminating the redundant HAProxy instance on Prospero.
Backends now communicate over plain HTTP within the internal network.
- Remove HAProxy container, config, certs, and syslog from Prospero
- Remove ssl_backend flags from Titania backend definitions
- Replace pplg_haproxy_* vars with single pplg_domain variable
- Remove HAProxy syslog source from Alloy config
- Update OAuth2-Proxy to listen on all interfaces for Titania access
Added kernos_api_keys configuration variable to enable optional
request authentication via Bearer or X-Api-Key headers. Updated
Kernos documentation with setup instructions and usage examples.
Also corrected FastAPI project port assignments in Ouranos docs.
- Switch freecad-mcp installation from PyPI to Heluca GitHub fork,
using a configurable git ref (freecad_mcp_git_ref) instead of
pinned PyPI version
- Retarget freecad-mcp deployment from Caliban to Larissa, update
port from 22032 to 22063, and change service user to freecad-mcp
- Add git to apt dependencies for pip git+https installs
- Make deployment summary use inventory_hostname instead of hardcoded host
- Refactor kernos deploy to target all ubuntu hosts with service-based
filtering via `services` host_var, replacing static host group
- Upgrade rommie model from Qwen3-VL-30B-A3B to Qwen3.5-35B-A3B-UD-Q4_K_XL
and update model URL port to 22079
- Reassign freecad_mcp_port (22032 -> 22063) and kernos_port
(20201 -> 22062) for consistent port numbering
- Flush handlers before health check to ensure systemd reload
completes before verifying the endpoint
- Update expected MCP health check status code from 405 to 406
Change Docker image reference from local `mcp/grafana:latest` to
`git.helu.ca/r/mcp-grafana:latest` to pull from the correct remote
container registry.
Move searxng, openwebui, mcp_switchboard, and hass services from
oberon.incus to puck.incus, consolidating service host variables
accordingly. Clean up oberon to only run alloy, docker, rabbitmq,
and smtp4dev.
Extract oauth2-proxy from a searxng-specific sidecar into a
standalone reusable role with generic naming, supporting multiple
proxy instances per host via parameterized systemd units and
config directories.
Refactor searxng role to use updated templates (settings.yml.j2,
limiter.toml.j2) and integrate with the new generic oauth2-proxy
role. Add Caddy reverse proxy configurations for puck-hosted
services.
Move searxng_oauth2_proxy_version to global vars for consistency.
