--- # Caliban Configuration - Agent Automation Host # Services: caliban (Agent S), alloy, docker, kernos services: - alloy - caliban - docker - freecad_mcp - jupyterlab - kernos - rommie # Account Taxonomy # principal_user is the AI agent operator account on this host principal_user: robert principal_uid: 1000 # Alloy alloy_log_level: "warn" # Rommie MCP Server Configuration (Agent S GUI Automation) rommie_port: 20361 rommie_host: "0.0.0.0" rommie_display: ":10" rommie_model: Qwen3.6-27B-Q5_K_M rommie_model_url: "http://nyx.helu.ca:29000" rommie_provider: "openai" rommie_ground_provider: "huggingface" rommie_ground_url: "http://pan.helu.ca:29000" rommie_ground_model: "UI-TARS-7B-DPO-Q6_K_L.gguf" rommie_grounding_width: 1024 rommie_grounding_height: 1024 # get_screenshot output for the parent agent (Agent S autonomous capture unaffected) rommie_screenshot_jpeg_quality: 80 rommie_screenshot_max_kb: 512 # FreeCAD Robust MCP Server Configuration freecad_mcp_user: harper freecad_mcp_group: harper freecad_mcp_directory: /srv/freecad-mcp freecad_mcp_port: 22061 freecad_mcp_xmlrpc_port: 9875 freecad_mcp_socket_port: 9876 # FreeCAD MCP Bridge (GUI, runs as principal_user on the XRDP display) freecad_mcp_bridge_directory: "/home/{{ principal_user }}/freecad-mcp-bridge" freecad_mcp_bridge_display: ":10" # JupyterLab Configuration jupyterlab_user: robert jupyterlab_group: robert jupyterlab_notebook_dir: /home/robert/notebook jupyterlab_venv_dir: /home/robert/env/jupyter ## Ports jupyterlab_port: 22081 # JupyterLab (localhost only) jupyterlab_proxy_port: 22071 # OAuth2-Proxy (exposed to HAProxy) ## OAuth2-Proxy Configuration jupyterlab_oauth2_proxy_dir: /etc/oauth2-proxy-jupyter jupyterlab_oauth2_proxy_version: "7.6.0" jupyterlab_domain: "ouranos.helu.ca" jupyterlab_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca" jupyterlab_oauth2_redirect_url: "https://jupyterlab.ouranos.helu.ca/oauth2/callback" ## OAuth2 Credentials (from vault) jupyterlab_oauth_client_id: "{{ vault_jupyterlab_oauth_client_id }}" jupyterlab_oauth_client_secret: "{{ vault_jupyterlab_oauth_client_secret }}" jupyterlab_oauth2_cookie_secret: "{{ vault_jupyterlab_oauth2_cookie_secret }}" # Kernos MCP Shell Server Configuration kernos_user: harper kernos_group: harper kernos_api_keys: "{{ vault_caliban_kernos_api_keys }}" kernos_directory: /srv/kernos kernos_port: 20261 kernos_host: "0.0.0.0" kernos_log_level: INFO kernos_log_format: json kernos_environment: sandbox kernos_allow_commands: "apt,awk,base64,bash,cat,chmod,cp,curl,cut,date,dd,df,dig,dmesg,docker,du,echo,env,file,find,free,git,grep,gunzip,gzip,head,host,hostname,id,ip,jq,kill,less,ln,ls,lsblk,lspci,lsusb,make,mkdir,mv,nc,node,nohup,npm,npx,ping,pip,pkill,pnpm,printenv,ps,pwd,python3,rm,rsync,run-captured,scp,sed,sleep,sort,source,ssh,ssh-keygen,ssh-keyscan,stat,sudo,tail,tar,tee,timeout,touch,tr,tree,uname,uniq,unzip,uptime,wc,wget,which,whoami,xargs,xz,zip"