132 lines
4.2 KiB
YAML
132 lines
4.2 KiB
YAML
# Account Taxonomy
|
|
# keeper_user - Ansible/Terraform management account (sudo). Use {{ keeper_user }} in playbooks.
|
|
# watcher_user - Non-sudo observation account.
|
|
# principal_user - AI agent / human operator account (host-specific, defined in host_vars).
|
|
# NOTE: ansible.cfg retains 'remote_user = ponos' as the Ansible SSH built-in keyword.
|
|
# Never use {{ remote_user }} or {{ ansible_user }} as Jinja2 variables in playbooks.
|
|
keeper_user: ponos
|
|
keeper_uid: 519
|
|
keeper_group: ponos
|
|
keeper_home: /srv/ponos
|
|
watcher_user: poros
|
|
watcher_uid: 520
|
|
deployment_environment: "ouranos"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
|
|
# Incus configuration (matches terraform.tfvars)
|
|
incus_project_name: ouranos
|
|
incus_storage_pool: default
|
|
|
|
# Gitea Runner
|
|
act_runner_version: "0.2.13"
|
|
gitea_runner_instance_url: "https://gitea.ouranos.helu.ca"
|
|
|
|
# Release versions for staging playbooks
|
|
agent_s_rel: main
|
|
anythingllm_rel: master
|
|
athena_rel: main
|
|
athena_mcp_rel: main
|
|
argos_rel: main
|
|
arke_rel: main
|
|
angelia_rel: main
|
|
kairos_rel: master
|
|
kairos_mcp_rel: master
|
|
spelunker_rel: master
|
|
mcp_switchboard_rel: main
|
|
kernos_rel: main
|
|
rommie_rel: main
|
|
# PyPI release version (no 'v' prefix) - https://pypi.org/project/open-webui/
|
|
freecad_mcp_version: 0.6.1
|
|
openwebui_rel: 0.8.3
|
|
pulseaudio_module_xrdp_rel: devel
|
|
searxng_oauth2_proxy_version: 7.6.0
|
|
|
|
# MCP URLs
|
|
argos_mcp_url: http://miranda.incus:25534/mcp
|
|
angelia_mcp_url: https://ouranos.helu.ca/mcp/
|
|
angelia_mcp_auth: "{{ vault_angelia_mcp_auth }}"
|
|
caliban_mcp_url: http://caliban.incus:22021/mcp
|
|
gitea_mcp_url: http://miranda.incus:25535/mcp
|
|
gitea_mcp_access_token: "{{ vault_gitea_mcp_access_token }}"
|
|
github_personal_access_token: "{{ vault_github_personal_access_token }}"
|
|
grafana_mcp_url: http://miranda.incus:25533/mcp
|
|
huggingface_mcp_token: "{{ vault_huggingface_mcp_token }}"
|
|
neo4j_mcp_url: http://circe.helu.ca:22034/mcp
|
|
nike_mcp_url: http://puck.incus:22031/mcp
|
|
korax_mcp_url: http://korax.helu.ca:22021/mcp
|
|
rommie_mcp_url: https://rommie.ouranos.helu.ca/mcp
|
|
freecad_mcp_url: http://caliban.incus:22032/mcp
|
|
|
|
# Monitoring and Logging (internal endpoints on Prospero)
|
|
loki_url: http://prospero.incus:3100/loki/api/v1/push
|
|
prometheus_remote_write_url: http://prospero.incus:9090/api/v1/write
|
|
syslog_format: "rfc3164"
|
|
# Docker configuration
|
|
docker_gpg_key_url: https://download.docker.com/linux/debian/gpg
|
|
docker_gpg_key_path: /etc/apt/keyrings/docker.asc
|
|
docker_gpg_key_checksum: sha256:1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570
|
|
|
|
# RabbitMQ provisioning config
|
|
rabbitmq_vhosts:
|
|
- name: kairos
|
|
- name: mnemosyne
|
|
- name: spelunker
|
|
|
|
rabbitmq_users:
|
|
- name: kairos
|
|
password: "{{ kairos_rabbitmq_password }}"
|
|
tags: []
|
|
- name: mnemosyne
|
|
password: "{{ vault_mnemosyne_rabbitmq_password }}"
|
|
tags: []
|
|
- name: spelunker
|
|
password: "{{ spelunker_rabbitmq_password }}"
|
|
tags: []
|
|
|
|
rabbitmq_permissions:
|
|
- vhost: kairos
|
|
user: kairos
|
|
configure_priv: .*
|
|
read_priv: .*
|
|
write_priv: .*
|
|
- vhost: mnemosyne
|
|
user: mnemosyne
|
|
configure_priv: .*
|
|
read_priv: .*
|
|
write_priv: .*
|
|
- vhost: spelunker
|
|
user: spelunker
|
|
configure_priv: .*
|
|
read_priv: .*
|
|
write_priv: .*
|
|
|
|
# SMTP (smtp4dev on Oberon)
|
|
smtp_host: oberon.incus
|
|
smtp_port: 22025
|
|
smtp_from: noreply@ouranos.helu.ca
|
|
smtp_from_name: "Ouranos"
|
|
|
|
# Release directory paths
|
|
github_dir: ~/gh
|
|
repo_dir: ~/git
|
|
rel_dir: ~/rel
|
|
|
|
# Vault Variable Mappings
|
|
kairos_rabbitmq_password: "{{ vault_kairos_rabbitmq_password }}"
|
|
spelunker_rabbitmq_password: "{{ vault_spelunker_rabbitmq_password }}"
|
|
caliban_x11vnc_password: "{{ vault_caliban_x11vnc_password }}"
|
|
grafana_service_account_token: "{{ vault_grafana_service_account_token }}"
|
|
|
|
# Home Assistant
|
|
hass_metrics_token: "{{ vault_hass_metrics_token }}"
|
|
|
|
# Namecheap DNS API (for certbot DNS-01 validation)
|
|
namecheap_username: "{{ vault_namecheap_username }}"
|
|
namecheap_api_key: "{{ vault_namecheap_api_key }}"
|
|
|
|
# OAuth2-Proxy Vault Mappings (used for SearXNG auth)
|
|
# Note: These must be set in vault.yml after configuring Casdoor application
|
|
# vault_oauth2_proxy_client_id: "<from-casdoor-application>"
|
|
# vault_oauth2_proxy_client_secret: "<generate with: python3 -c 'import secrets; print(secrets.token_urlsafe(32))'>"
|
|
# vault_oauth2_proxy_cookie_secret: "<generate with: python3 -c 'import secrets; print(secrets.token_urlsafe(32))'>"
|