ouranos/ansible/inventory/host_vars/prospero.incus.yml

---
# Prospero Configuration - PPLG Observability & Admin Stack
# Services: pplg (PgAdmin, Prometheus, Loki, Grafana + OAuth2-Proxy)


services:
  - alloy
  - pplg

# Alloy
alloy_log_level: "warn"

# ============================================================================
# PPLG Domain (TLS termination handled by Titania HAProxy)
# ============================================================================

pplg_domain: "ouranos.helu.ca"

# ============================================================================
# Grafana
# ============================================================================

# Grafana Datasources
prometheus_datasource_name: Prospero-Prometheus
prometheus_host: prospero.incus
prometheus_port: 9090
prometheus_datasource_uid: prospero-prometheus
loki_datasource_name: Prospero-Loki
loki_host: prospero.incus
loki_port: 3100
loki_datasource_uid: prospero-loki

# Grafana Users
grafana_admin_name: "{{ vault_grafana_admin_name }}"
grafana_admin_login: "{{ vault_grafana_admin_login }}"
grafana_admin_password: "{{ vault_grafana_admin_password }}"
grafana_viewer_name: "{{ vault_grafana_viewer_name }}"
grafana_viewer_login: "{{ vault_grafana_viewer_login }}"
grafana_viewer_password: "{{ vault_grafana_viewer_password }}"

# Grafana OAuth (Casdoor SSO)
grafana_oauth_enabled: true
grafana_oauth_name: "Casdoor"
grafana_oauth_client_id: "{{ vault_grafana_oauth_client_id }}"
grafana_oauth_client_secret: "{{ vault_grafana_oauth_client_secret }}"
grafana_oauth_auth_url: "https://id.ouranos.helu.ca/login/oauth/authorize"
grafana_oauth_token_url: "https://id.ouranos.helu.ca/api/login/oauth/access_token"
grafana_oauth_api_url: "https://id.ouranos.helu.ca/api/userinfo"
grafana_oauth_scopes: "openid profile email"
grafana_root_url: "https://grafana.ouranos.helu.ca"
grafana_oauth_allow_sign_up: true
grafana_oauth_skip_tls_verify: false

# ============================================================================
# Prometheus
# ============================================================================

prometheus_user: prometheus
prometheus_group: prometheus
prometheus_scrape_interval: 15s
prometheus_evaluation_interval: 15s
alertmanager_host: prospero.incus
alertmanager_port: 9093
loki_metrics_port: 3100
prometheus_targets:
  - 'oberon.incus:9100'
  - 'portia.incus:9100'
  - 'ariel.incus:9100'
  - 'puck.incus:9100'
  - 'puck.incus:25571'
  - 'miranda.incus:9100'
  - 'sycorax.incus:9100'
  - 'prospero.incus:9100'
  - 'rosalind.incus:9100'
  - 'umbriel.incus:9100'

# Neo4j scrape targets (neo4j-apoc-exporter sidecar on each Neo4j host)
neo4j_metrics_targets:
  - 'ariel.incus:22094'
  - 'umbriel.incus:22094'

# Pallas scrape targets — one entry per Pallas deployment (registry
# port). The `instance` label distinguishes deployments; the `agent`
# dimension comes from labels on the metrics themselves.
pallas_metrics_targets:
  - targets: ['caliban.incus:24000']
    labels: {instance: iolaus}
  - targets: ['caliban.incus:24100']
    labels: {instance: kottos}
  - targets: ['caliban.incus:24200']
    labels: {instance: mentor}

# Prometheus OAuth2-Proxy Sidecar
prometheus_proxy_port: 9091
prometheus_oauth2_proxy_dir: /etc/oauth2-proxy-prometheus
prometheus_oauth2_proxy_version: "7.6.0"
prometheus_oauth2_oidc_issuer_url: "https://id.ouranos.helu.ca"
prometheus_oauth2_client_id: "{{ vault_prometheus_oauth_client_id }}"
prometheus_oauth2_client_secret: "{{ vault_prometheus_oauth_client_secret }}"
prometheus_oauth2_cookie_secret: "{{ vault_prometheus_oauth_cookie_secret }}"

# ============================================================================
# Alertmanager
# ============================================================================

alertmanager_user: prometheus
alertmanager_group: prometheus
alertmanager_resolve_timeout: 5m
alertmanager_group_wait: 30s
alertmanager_group_interval: 5m
alertmanager_repeat_interval: 4h
pushover_user_key: "{{ vault_pushover_user_key }}"
pushover_api_token: "{{ vault_pushover_api_token }}"
pushover_priority: 1
pushover_retry: 30
pushover_expire: 3600

# ============================================================================
# Loki
# ============================================================================

loki_user: loki
loki_group: loki
loki_data_dir: /var/lib/loki
loki_config_dir: /etc/loki
loki_config_file: config.yml
loki_grpc_port: 9096

# ============================================================================
# PgAdmin (Gunicorn - no Apache)
# ============================================================================

pgadmin_user: pgadmin
pgadmin_group: pgadmin
pgadmin_port: 5050
pgadmin_data_dir: /var/lib/pgadmin
pgadmin_log_dir: /var/log/pgadmin
pgadmin_email: "{{ vault_pgadmin_email }}"
pgadmin_password: "{{ vault_pgadmin_password }}"

# PgAdmin OAuth (Casdoor SSO)
pgadmin_oauth_client_id: "{{ vault_pgadmin_oauth_client_id }}"
pgadmin_oauth_client_secret: "{{ vault_pgadmin_oauth_client_secret }}"

# ============================================================================
# Prometheus Metrics Scraping
# ============================================================================

# Casdoor
casdoor_metrics_host: titania.incus
casdoor_metrics_port: 22081
casdoor_prometheus_access_key: "{{ vault_casdoor_prometheus_access_key }}"
casdoor_prometheus_access_secret: "{{ vault_casdoor_prometheus_access_secret }}"

# Daedalus Metrics
daedalus_metrics_host: caliban.incus
daedalus_metrics_port: 23081

# Mnemosyne — two scrape targets:
#   app: Django /metrics via nginx (django-prometheus + custom pipeline/MCP counters)
#   web: nginx-prometheus-exporter sidecar (nginx stub_status → Prometheus format)
mnemosyne_app_metrics_host: caliban.incus
mnemosyne_app_metrics_port: 23181
mnemosyne_web_metrics_host: caliban.incus
mnemosyne_web_metrics_port: 23191

# Athena — two scrape targets (same shape as Mnemosyne):
#   app: Django /metrics via nginx (django-prometheus)
#   web: nginx-prometheus-exporter sidecar (nginx stub_status → Prometheus format)
athena_app_metrics_host: puck.incus
athena_app_metrics_port: 22481
athena_web_metrics_host: puck.incus
athena_web_metrics_port: 22491