r/ouranos
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
3bdb11dc721bc74beff05f800c26a2c440aa315f
ouranos/ansible/inventory/group_vars/all/vars.yml
Robert Helewka 3c2f8c57ca feat(observability): add SearXNG, Argos, and Pallas monitoring 
- Add SearXNG syslog ingestion and blackbox health probes on miranda
  and rosalind for per-host attributable failure detection
- Scrape Argos MCP application metrics from miranda
- Add Pallas dashboard panels for downstream availability and turn
  error ratios
2026-05-24 23:52:53 -04:00

148 lines
4.8 KiB
YAML
Raw Blame History

# Account Taxonomy
# keeper_user - Ansible/Terraform management account (sudo). Use {{ keeper_user }} in playbooks.
# watcher_user - Non-sudo observation account.
# principal_user - AI agent / human operator account (host-specific, defined in host_vars).
# NOTE: ansible.cfg retains 'remote_user = ponos' as the Ansible SSH built-in keyword.
# Never use {{ remote_user }} or {{ ansible_user }} as Jinja2 variables in playbooks.
keeper_user: ponos
keeper_uid: 519
keeper_group: ponos
keeper_home: /srv/ponos
watcher_user: poros
watcher_uid: 520
deployment_environment: "ouranos"
ansible_python_interpreter: /usr/bin/python3
# Incus configuration (matches terraform.tfvars)
incus_project_name: ouranos
incus_storage_pool: default
# Gitea Runner
act_runner_version: "0.2.13"
gitea_runner_instance_url: "https://gitea.ouranos.helu.ca"
# Release versions for staging playbooks
agent_s_rel: main
anythingllm_rel: master
athena_rel: main
athena_mcp_rel: main
argos_rel: latest
arke_rel: main
angelia_rel: main
kairos_rel: main
spelunker_rel: main
mcp_switchboard_rel: main
kernos_rel: main
rommie_rel: main
kottos_rel: main
# PyPI release version (no 'v' prefix) - https://pypi.org/project/open-webui/
freecad_mcp_version: 0.6.1
openwebui_rel: 0.8.3
pulseaudio_module_xrdp_rel: devel
searxng_oauth2_proxy_version: 7.6.0
# Git ref (branch, tag, or commit) - https://github.com/heluca/freecad-addon-robust-mcp-server
freecad_mcp_git_ref: "main"
# Docker image versions (third-party)
# Centralized for vulnerability tracking and controlled upgrades
casdoor_image_version: "3.0.1"
flower_image_version: latest
grafana_mcp_image_version: latest
gitea_mcp_image_version: latest
neo4j_version: latest
neo4j_mcp_image_version: latest
memcached_image_version: "1.6-trixie"
nginx_image_version: "1.27-bookworm"
nginx_exporter_image_version: "1.4"
oauth2_proxy_image_version: "v7.6.0"
rabbitmq_image_version: "3-management-alpine"
searxng_image_version: "latest"
# MCP URLs
argos_mcp_url: http://miranda.incus:20861/mcp
angelia_mcp_url: https://ouranos.helu.ca/mcp/
angelia_mcp_auth: "{{ vault_angelia_mcp_auth }}"
caliban_mcp_url: http://caliban.incus:22021/mcp
gitea_mcp_url: http://miranda.incus:22062/mcp
gitea_mcp_access_token: "{{ vault_gitea_mcp_access_token }}"
github_personal_access_token: "{{ vault_github_personal_access_token }}"
grafana_mcp_url: http://miranda.incus:22063/mcp
huggingface_mcp_token: "{{ vault_huggingface_mcp_token }}"
neo4j_mcp_url: http://miranda.incus:22064/mcp
nike_mcp_url: http://puck.incus:20661/mcp
rommie_mcp_url: https://rommie.ouranos.helu.ca/mcp
freecad_mcp_url: https://freecad-mcp.ouranos.helu.ca/mcp
# Monitoring and Logging (internal endpoints on Prospero)
loki_url: http://prospero.incus:3100/loki/api/v1/push
prometheus_remote_write_url: http://prospero.incus:9090/api/v1/write
syslog_format: "rfc3164"
# Docker configuration
docker_gpg_key_url: https://download.docker.com/linux/debian/gpg
docker_gpg_key_path: /etc/apt/keyrings/docker.asc
docker_gpg_key_checksum: sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570
# RabbitMQ provisioning config
rabbitmq_vhosts:
- name: kairos
- name: mnemosyne
- name: spelunker
rabbitmq_users:
- name: kairos
password: "{{ kairos_rabbitmq_password }}"
tags: []
- name: mnemosyne
password: "{{ vault_mnemosyne_rabbitmq_password }}"
tags: []
- name: spelunker
password: "{{ spelunker_rabbitmq_password }}"
tags: []
rabbitmq_permissions:
- vhost: kairos
user: kairos
configure_priv: .*
read_priv: .*
write_priv: .*
- vhost: mnemosyne
user: mnemosyne
configure_priv: .*
read_priv: .*
write_priv: .*
- vhost: spelunker
user: spelunker
configure_priv: .*
read_priv: .*
write_priv: .*
# SMTP (smtp4dev on Oberon)
smtp_host: oberon.incus
smtp_port: 22025
smtp_from: noreply@ouranos.helu.ca
smtp_from_name: "Ouranos"
# Release directory paths
github_dir: ~/gh
repo_dir: ~/git
rel_dir: ~/rel
# Vault Variable Mappings
kairos_rabbitmq_password: "{{ vault_kairos_rabbitmq_password }}"
spelunker_rabbitmq_password: "{{ vault_spelunker_rabbitmq_password }}"
caliban_x11vnc_password: "{{ vault_caliban_x11vnc_password }}"
grafana_service_account_token: "{{ vault_grafana_service_account_token }}"
# Home Assistant
hass_metrics_token: "{{ vault_hass_metrics_token }}"
# Namecheap DNS API (for certbot DNS-01 validation)
namecheap_username: "{{ vault_namecheap_username }}"
namecheap_api_key: "{{ vault_namecheap_api_key }}"
# OAuth2-Proxy Vault Mappings (used for SearXNG auth)
# Note: These must be set in vault.yml after configuring Casdoor application
# vault_oauth2_proxy_client_id: "<from-casdoor-application>"
# vault_oauth2_proxy_client_secret: "<generate with: python3 -c 'import secrets; print(secrets.token_urlsafe(32))'>"
# vault_oauth2_proxy_cookie_secret: "<generate with: python3 -c 'import secrets; print(secrets.token_urlsafe(32))'>"
Reference in New Issue View Git Blame Copy Permalink