r/ouranos
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
43fae203d18903fe6f7bbf736870eda29cc96f92
ouranos/ansible/inventory/group_vars/all/vars.yml
Robert Helewka 8c95173705 feat(alloy): add journal relabeling and kottos integration on puck 
Introduce structured journal relabel rules on puck to tag Pallas-managed
units with {service, project, component} labels matching the Mnemosyne
and Daedalus schema. Add kottos release variable and vault secrets
example entries for the new Pallas FastAgent runtime.

Remove the defunct mnemosyne syslog listener now that Mnemosyne ships
JSON logs via the docker-socket pipeline.
2026-05-11 13:54:14 -04:00

149 lines
4.9 KiB
YAML
Raw Blame History

# Account Taxonomy
# keeper_user - Ansible/Terraform management account (sudo). Use {{ keeper_user }} in playbooks.
# watcher_user - Non-sudo observation account.
# principal_user - AI agent / human operator account (host-specific, defined in host_vars).
# NOTE: ansible.cfg retains 'remote_user = ponos' as the Ansible SSH built-in keyword.
# Never use {{ remote_user }} or {{ ansible_user }} as Jinja2 variables in playbooks.
keeper_user: ponos
keeper_uid: 519
keeper_group: ponos
keeper_home: /srv/ponos
watcher_user: poros
watcher_uid: 520
deployment_environment: "ouranos"
ansible_python_interpreter: /usr/bin/python3
# Incus configuration (matches terraform.tfvars)
incus_project_name: ouranos
incus_storage_pool: default
# Gitea Runner
act_runner_version: "0.2.13"
gitea_runner_instance_url: "https://gitea.ouranos.helu.ca"
# Release versions for staging playbooks
agent_s_rel: main
anythingllm_rel: master
athena_rel: main
athena_mcp_rel: main
argos_rel: latest
arke_rel: main
angelia_rel: main
kairos_rel: main
spelunker_rel: main
mcp_switchboard_rel: main
kernos_rel: main
rommie_rel: main
kottos_rel: main
# PyPI release version (no 'v' prefix) - https://pypi.org/project/open-webui/
freecad_mcp_version: 0.6.1
openwebui_rel: 0.8.3
pulseaudio_module_xrdp_rel: devel
searxng_oauth2_proxy_version: 7.6.0
# Git ref (branch, tag, or commit) - https://github.com/heluca/freecad-addon-robust-mcp-server
freecad_mcp_git_ref: "main"
# Docker image versions (third-party)
# Centralized for vulnerability tracking and controlled upgrades
casdoor_image_version: "3.0.1"
flower_image_version: "latest"
grafana_mcp_image_version: "latest"
gitea_mcp_image_version: latest
neo4j_image_version: community-trixie
neo4j_mcp_image_version: "latest"
memcached_image_version: "1.6-trixie"
nginx_image_version: "1.27-bookworm"
nginx_exporter_image_version: "1.4"
oauth2_proxy_image_version: "v7.6.0"
rabbitmq_image_version: "3-management-alpine"
searxng_image_version: "latest"
# MCP URLs
argos_mcp_url: http://miranda.incus:25534/mcp
angelia_mcp_url: https://ouranos.helu.ca/mcp/
angelia_mcp_auth: "{{ vault_angelia_mcp_auth }}"
caliban_mcp_url: http://caliban.incus:22021/mcp
gitea_mcp_url: http://miranda.incus:25535/mcp
gitea_mcp_access_token: "{{ vault_gitea_mcp_access_token }}"
github_personal_access_token: "{{ vault_github_personal_access_token }}"
grafana_mcp_url: http://miranda.incus:25533/mcp
huggingface_mcp_token: "{{ vault_huggingface_mcp_token }}"
neo4j_mcp_url: http://circe.helu.ca:22034/mcp
nike_mcp_url: http://puck.incus:22031/mcp
korax_mcp_url: http://korax.helu.ca:22021/mcp
rommie_mcp_url: https://rommie.ouranos.helu.ca/mcp
freecad_mcp_url: https://freecad-mcp.ouranos.helu.ca/mcp
# Monitoring and Logging (internal endpoints on Prospero)
loki_url: http://prospero.incus:3100/loki/api/v1/push
prometheus_remote_write_url: http://prospero.incus:9090/api/v1/write
syslog_format: "rfc3164"
# Docker configuration
docker_gpg_key_url: https://download.docker.com/linux/debian/gpg
docker_gpg_key_path: /etc/apt/keyrings/docker.asc
docker_gpg_key_checksum: sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570
# RabbitMQ provisioning config
rabbitmq_vhosts:
- name: kairos
- name: mnemosyne
- name: spelunker
rabbitmq_users:
- name: kairos
password: "{{ kairos_rabbitmq_password }}"
tags: []
- name: mnemosyne
password: "{{ vault_mnemosyne_rabbitmq_password }}"
tags: []
- name: spelunker
password: "{{ spelunker_rabbitmq_password }}"
tags: []
rabbitmq_permissions:
- vhost: kairos
user: kairos
configure_priv: .*
read_priv: .*
write_priv: .*
- vhost: mnemosyne
user: mnemosyne
configure_priv: .*
read_priv: .*
write_priv: .*
- vhost: spelunker
user: spelunker
configure_priv: .*
read_priv: .*
write_priv: .*
# SMTP (smtp4dev on Oberon)
smtp_host: oberon.incus
smtp_port: 22025
smtp_from: noreply@ouranos.helu.ca
smtp_from_name: "Ouranos"
# Release directory paths
github_dir: ~/gh
repo_dir: ~/git
rel_dir: ~/rel
# Vault Variable Mappings
kairos_rabbitmq_password: "{{ vault_kairos_rabbitmq_password }}"
spelunker_rabbitmq_password: "{{ vault_spelunker_rabbitmq_password }}"
caliban_x11vnc_password: "{{ vault_caliban_x11vnc_password }}"
grafana_service_account_token: "{{ vault_grafana_service_account_token }}"
# Home Assistant
hass_metrics_token: "{{ vault_hass_metrics_token }}"
# Namecheap DNS API (for certbot DNS-01 validation)
namecheap_username: "{{ vault_namecheap_username }}"
namecheap_api_key: "{{ vault_namecheap_api_key }}"
# OAuth2-Proxy Vault Mappings (used for SearXNG auth)
# Note: These must be set in vault.yml after configuring Casdoor application
# vault_oauth2_proxy_client_id: "<from-casdoor-application>"
# vault_oauth2_proxy_client_secret: "<generate with: python3 -c 'import secrets; print(secrets.token_urlsafe(32))'>"
# vault_oauth2_proxy_cookie_secret: "<generate with: python3 -c 'import secrets; print(secrets.token_urlsafe(32))'>"
Reference in New Issue View Git Blame Copy Permalink