Added kernos_api_keys configuration variable to enable optional
request authentication via Bearer or X-Api-Key headers. Updated
Kernos documentation with setup instructions and usage examples.
Also corrected FastAPI project port assignments in Ouranos docs.
- Switch freecad-mcp installation from PyPI to Heluca GitHub fork,
using a configurable git ref (freecad_mcp_git_ref) instead of
pinned PyPI version
- Retarget freecad-mcp deployment from Caliban to Larissa, update
port from 22032 to 22063, and change service user to freecad-mcp
- Add git to apt dependencies for pip git+https installs
- Make deployment summary use inventory_hostname instead of hardcoded host
- Refactor kernos deploy to target all ubuntu hosts with service-based
filtering via `services` host_var, replacing static host group
- Upgrade rommie model from Qwen3-VL-30B-A3B to Qwen3.5-35B-A3B-UD-Q4_K_XL
and update model URL port to 22079
- Reassign freecad_mcp_port (22032 -> 22063) and kernos_port
(20201 -> 22062) for consistent port numbering
- Flush handlers before health check to ensure systemd reload
completes before verifying the endpoint
- Update expected MCP health check status code from 405 to 406
Change Docker image reference from local `mcp/grafana:latest` to
`git.helu.ca/r/mcp-grafana:latest` to pull from the correct remote
container registry.
Move searxng, openwebui, mcp_switchboard, and hass services from
oberon.incus to puck.incus, consolidating service host variables
accordingly. Clean up oberon to only run alloy, docker, rabbitmq,
and smtp4dev.
Extract oauth2-proxy from a searxng-specific sidecar into a
standalone reusable role with generic naming, supporting multiple
proxy instances per host via parameterized systemd units and
config directories.
Refactor searxng role to use updated templates (settings.yml.j2,
limiter.toml.j2) and integrate with the new generic oauth2-proxy
role. Add Caddy reverse proxy configurations for puck-hosted
services.
Move searxng_oauth2_proxy_version to global vars for consistency.
- Updated vault.yml.example to include Athena secrets: secret key, DB password, OAuth client ID, and client secret.
- Modified puck.incus.yml to add Athena service and configuration details, including user, group, directory, port, and domain.
- Updated titania.incus.yml to change OAuth client ID and secret variable names for consistency with Athena.
- Added Athena configuration to mcpo config template, including URL and authorization headers.
- Updated HAProxy configuration template to reflect changes for the Taurus Production Environment, including SSL settings and rate limiting for specific endpoints.
- Introduced new playbooks for certificate distribution and validation with OCI Vault, ensuring certificates are correctly managed and renewed.
- Added hooks for uploading renewed certificates to OCI Vault and validating their integrity.
- Enhanced the HAProxy configuration playbook to ensure proper service management and verification of the HAProxy service.
- Updated inventory variables for certificate management and ensured compatibility with the new structure.
- Updated user addition tasks across multiple playbooks (mcp_switchboard, mcpo, neo4j, neo4j_mcp, openwebui, postgresql, rabbitmq, searxng, smtp4dev) to replace references to ansible_user and remote_user with keeper_user.
- Modified PostgreSQL deployment to create directories and manage files under keeper_user's home.
- Enhanced documentation to clarify account taxonomy and usage of keeper_user in playbooks.
- Introduced new deployment for Agent S, including environment setup, desktop environment installation, XRDP configuration, and accessibility support.
- Added staging playbook for preparing release tarballs from local repositories.
- Created templates for XRDP configuration and environment activation scripts.
- Removed obsolete sunwait documentation.
Replaces the minimal project description with a comprehensive README
including a component overview table, quick start instructions, common
Ansible operations, and links to detailed documentation. Aligns with
Red Panda Approval™ standards.
