r/ouranos
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
8c95173705a74e270473074e0e0607a84746c301
ouranos/ansible/inventory/group_vars/all/vault.yml.example
Robert Helewka 8c95173705 feat(alloy): add journal relabeling and kottos integration on puck 
Introduce structured journal relabel rules on puck to tag Pallas-managed
units with {service, project, component} labels matching the Mnemosyne
and Daedalus schema. Add kottos release variable and vault secrets
example entries for the new Pallas FastAgent runtime.

Remove the defunct mnemosyne syslog listener now that Mnemosyne ships
JSON logs via the docker-socket pipeline.
2026-05-11 13:54:14 -04:00

124 lines
4.2 KiB
Plaintext
Raw Blame History

# Ansible Vault Secrets File
# Copy to vault.yml and encrypt with: ansible-vault encrypt vault.yml
#
# All secrets should be prefixed with vault_ and encrypted.
# Service variables in vars.yml or host_vars reference these with:
# service_password: "{{ vault_service_password }}"
# PostgreSQL
vault_postgres_password: changeme
# Service Database Passwords
vault_arke_db_password: changeme
vault_casdoor_db_password: changeme
vault_periplus_db_password: changeme
vault_mcp_switchboard_db_password: changeme
vault_openwebui_db_password: changeme
vault_spelunker_db_password: changeme
# Neo4j
vault_neo4j_auth_password: changeme
vault_mnemosyne_neo4j_auth_password: changeme
# RabbitMQ
vault_rabbitmq_password: changeme
vault_kairos_rabbitmq_password: changeme
vault_spelunker_rabbitmq_password: changeme
vault_mcp_switchboard_rabbitmq_password: changeme
# Caliban
# Note: VNC passwords are limited to 8 characters maximum
vault_caliban_x11vnc_password: caliban
# Casdoor
vault_casdoor_auth_state: changeme
vault_casdoor_radius_secret: changeme
vault_casdoor_s3_endpoint: changeme
vault_casdoor_s3_access_key: changeme
vault_casdoor_s3_secret_key: changeme
vault_casdoor_s3_bucket: changeme
vault_casdoor_app_client_secret: changeme
vault_casdoor_admin_password: changeme
vault_casdoor_hostmaster_password: changeme
# Gitea
vault_gitea_db_password: changeme
vault_gitea_secret_key: changeme
vault_gitea_lfs_jwt_secret: changeme
vault_gitea_metrics_token: changeme
vault_gitea_oauth_client_id: changeme
vault_gitea_oauth_client_secret: changeme
# OpenWebUI
vault_openwebui_secret_key: changeme
vault_openwebui_openai_api_key: changeme
vault_openwebui_anthropic_api_key: changeme
vault_openwebui_groq_api_key: changeme
vault_openwebui_mistral_api_key: changeme
vault_openwebui_oauth_client_id: changeme
vault_openwebui_oauth_client_secret: changeme
# MCP Switchboard
vault_mcp_switchboard_secret_key: changeme
# SearXNG
vault_searxng_secret_key: changeme
# PgAdmin
vault_pgadmin_email: admin@example.com
vault_pgadmin_password: changeme
# Grafana
vault_grafana_admin_name: Admin
vault_grafana_admin_login: admin
vault_grafana_admin_password: changeme
vault_grafana_viewer_name: Viewer
vault_grafana_viewer_login: viewer
vault_grafana_viewer_password: changeme
# Pushover (Alertmanager notifications)
vault_pushover_user_key: changeme
vault_pushover_api_token: changeme
# GitHub MCP
vault_github_personal_access_token: changeme
# MCP Authentication Tokens
vault_angelia_mcp_auth: changeme
vault_athena_mcp_auth: changeme
vault_kairos_mcp_auth: changeme
# Athena
vault_athena_secret_key: changeme
vault_athena_db_password: changeme
vault_athena_oauth_client_id: changeme
vault_athena_oauth_client_secret: changeme
# Arke NTTh API Tokens
vault_ntth_token_1_app_secret: changeme
vault_ntth_token_2_app_secret: changeme
vault_ntth_token_3_app_secret: changeme
vault_ntth_token_4_app_secret: changeme
# Kottos (Pallas FastAgent runtime on puck)
# vault_kottos_openai_api_key — API key for the OpenAI-compatible LLM
# endpoint (nyx Qwen in Ouranos, varies
# per environment). Set to any string
# if the endpoint doesn't validate.
# vault_kottos_github_pat — GitHub personal access token passed
# into the github MCP Docker container
# via GITHUB_PERSONAL_ACCESS_TOKEN env.
# vault_kottos_angelia_bearer — Bearer token for the Angelia MCP
# server (accepts the outgoing auth).
# vault_kottos_mnemosyne_jwt — Long-lived team JWT minted in the
# Daedalus admin UI → Settings →
# Pallas Instances → kottos row →
# "Reveal" or "Rotate". Mnemosyne
# validates this on every search_memory
# call and scopes results to the
# workspaces attached to this team.
vault_kottos_openai_api_key: changeme
vault_kottos_github_pat: changeme
vault_kottos_angelia_bearer: changeme
vault_kottos_mnemosyne_jwt: changeme
Reference in New Issue View Git Blame Copy Permalink