# Account Taxonomy # keeper_user - Ansible/Terraform management account (sudo). Use {{ keeper_user }} in playbooks. # watcher_user - Non-sudo observation account. # principal_user - AI agent / human operator account (host-specific, defined in host_vars). # NOTE: ansible.cfg retains 'remote_user = ponos' as the Ansible SSH built-in keyword. # Never use {{ remote_user }} or {{ ansible_user }} as Jinja2 variables in playbooks. keeper_user: ponos keeper_uid: 519 keeper_group: ponos keeper_home: /srv/ponos watcher_user: poros watcher_uid: 520 deployment_environment: "ouranos" ansible_python_interpreter: /usr/bin/python3 # Incus configuration (matches terraform.tfvars) incus_project_name: ouranos incus_storage_pool: default # Gitea Runner act_runner_version: "0.2.13" gitea_runner_instance_url: "https://gitea.ouranos.helu.ca" # Release versions for staging playbooks anythingllm_rel: master athena_rel: master athena_mcp_rel: master argos_rel: master arke_rel: master angelia_rel: master kairos_rel: master kairos_mcp_rel: master spelunker_rel: master mcp_switchboard_rel: master kernos_rel: master # PyPI release version (no 'v' prefix) - https://pypi.org/project/open-webui/ openwebui_rel: 0.8.3 # MCP URLs argos_mcp_url: http://miranda.incus:25534/mcp angelia_mcp_url: https://ouranos.helu.ca/mcp/ angelia_mcp_auth: "{{ vault_angelia_mcp_auth }}" caliban_mcp_url: http://caliban.incus:22021/mcp gitea_mcp_url: http://miranda.incus:25535/mcp gitea_mcp_access_token: "{{ vault_gitea_mcp_access_token }}" github_personal_access_token: "{{ vault_github_personal_access_token }}" grafana_mcp_url: http://miranda.incus:25533/mcp huggingface_mcp_token: "{{ vault_huggingface_mcp_token }}" neo4j_mcp_url: http://circe.helu.ca:22034/mcp nike_mcp_url: http://puck.incus:22031/mcp korax_mcp_url: http://korax.helu.ca:22021/mcp rommie_mcp_url: http://caliban.incus:22031/mcp # Monitoring and Logging (internal endpoints on Prospero) loki_url: http://prospero.incus:3100/loki/api/v1/push prometheus_remote_write_url: http://prospero.incus:9090/api/v1/write syslog_format: "rfc3164" # Docker configuration docker_gpg_key_url: https://download.docker.com/linux/debian/gpg docker_gpg_key_path: /etc/apt/keyrings/docker.asc docker_gpg_key_checksum: sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570 # RabbitMQ provisioning config rabbitmq_vhosts: - name: kairos - name: spelunker rabbitmq_users: - name: kairos password: "{{ kairos_rabbitmq_password }}" tags: [] - name: spelunker password: "{{ spelunker_rabbitmq_password }}" tags: [] rabbitmq_permissions: - vhost: kairos user: kairos configure_priv: .* read_priv: .* write_priv: .* - vhost: spelunker user: spelunker configure_priv: .* read_priv: .* write_priv: .* # SMTP (smtp4dev on Oberon) smtp_host: oberon.incus smtp_port: 22025 smtp_from: noreply@ouranos.helu.ca smtp_from_name: "Ouranos" # Release directory paths github_dir: ~/gh repo_dir: ~/dv rel_dir: ~/rel # Vault Variable Mappings kairos_rabbitmq_password: "{{ vault_kairos_rabbitmq_password }}" spelunker_rabbitmq_password: "{{ vault_spelunker_rabbitmq_password }}" caliban_x11vnc_password: "{{ vault_caliban_x11vnc_password }}" grafana_service_account_token: "{{ vault_grafana_service_account_token }}" # Home Assistant hass_metrics_token: "{{ vault_hass_metrics_token }}" # Namecheap DNS API (for certbot DNS-01 validation) namecheap_username: "{{ vault_namecheap_username }}" namecheap_api_key: "{{ vault_namecheap_api_key }}" # OAuth2-Proxy Vault Mappings (used for SearXNG auth) # Note: These must be set in vault.yml after configuring Casdoor application # vault_oauth2_proxy_client_id: "" # vault_oauth2_proxy_client_secret: "" # vault_oauth2_proxy_cookie_secret: ""