Robert Helewka
343b0e13d6
The renewal deploy-hook ran as the certbot user but lacked permissions to write the combined PEM to /etc/haproxy/certs and to reload HAProxy, causing silent failures that left a stale certificate in production until expiry. - Add certbot user to the haproxy group so it can write the combined PEM - Grant certbot NOPASSWD sudo for `systemctl reload haproxy` only - Make the Prometheus textfile directory group-owned by certbot (0775) so cert-metrics.sh can atomically update ssl_cert.prom - Refactor renewal-hook.sh to always refresh cert metrics on exit via a trap, ensuring expiry alerts fire when the hook itself is broken - Replace `set -e` with explicit error handling and structured logging
44 lines
2.1 KiB
Django/Jinja
44 lines
2.1 KiB
Django/Jinja
# Rommie Environment Configuration
|
|
# MCP server wrapping Agent S for GUI automation
|
|
|
|
# ============================================================================
|
|
# Required for Agent S
|
|
# ============================================================================
|
|
HF_TOKEN=0000
|
|
OPENAI_API_KEY=0000
|
|
DISPLAY={{ rommie_display }}
|
|
|
|
# ============================================================================
|
|
# Agent S Model Configuration
|
|
# ============================================================================
|
|
ROMMIE_MODEL={{ rommie_model }}
|
|
ROMMIE_MODEL_URL={{ rommie_model_url }}
|
|
ROMMIE_PROVIDER={{ rommie_provider | default('openai') }}
|
|
|
|
# ============================================================================
|
|
# Grounding Model Configuration
|
|
# ============================================================================
|
|
ROMMIE_GROUND_PROVIDER={{ rommie_ground_provider | default('huggingface') }}
|
|
ROMMIE_GROUND_URL={{ rommie_ground_url }}
|
|
ROMMIE_GROUND_MODEL={{ rommie_ground_model }}
|
|
ROMMIE_GROUNDING_WIDTH={{ rommie_grounding_width | default(1024) }}
|
|
ROMMIE_GROUNDING_HEIGHT={{ rommie_grounding_height | default(1024) }}
|
|
|
|
# ============================================================================
|
|
# Server Configuration
|
|
# ============================================================================
|
|
ROMMIE_HOST={{ rommie_host | default('0.0.0.0') }}
|
|
ROMMIE_PORT={{ rommie_port }}
|
|
|
|
# Idle MCP sessions are reaped after this many seconds (<=0 disables).
|
|
# Prevents unbounded StreamableHTTP transport accumulation from clients
|
|
# that drop their connection without sending an explicit DELETE.
|
|
ROMMIE_SESSION_IDLE_TIMEOUT={{ rommie_session_idle_timeout | default(1800) }}
|
|
|
|
# ============================================================================
|
|
# get_screenshot (parent-agent) output
|
|
# JPEG-encode and refuse if over the cap (asks operator to lower RDP resolution)
|
|
# ============================================================================
|
|
ROMMIE_SCREENSHOT_JPEG_QUALITY={{ rommie_screenshot_jpeg_quality | default(80) }}
|
|
ROMMIE_SCREENSHOT_MAX_KB={{ rommie_screenshot_max_kb | default(512) }}
|