r/ouranos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c1391e3dbc65543dc6eff73958335c1f76b9bda6
ouranos/ansible/inventory/host_vars/titania.incus.yml
Robert Helewka c1391e3dbc Add Athena configuration and secrets to inventory and templates 
- Updated vault.yml.example to include Athena secrets: secret key, DB password, OAuth client ID, and client secret.
- Modified puck.incus.yml to add Athena service and configuration details, including user, group, directory, port, and domain.
- Updated titania.incus.yml to change OAuth client ID and secret variable names for consistency with Athena.
- Added Athena configuration to mcpo config template, including URL and authorization headers.
2026-03-18 19:38:47 +00:00

241 lines
6.8 KiB
YAML
Raw Blame History

---
# Titania Configuration - Proxy & SSO Services
# Services: alloy, certbot, docker, haproxy, postgresql_ssl, casdoor
services:
- alloy
- certbot
- docker
- haproxy
- postgresql_ssl
- casdoor
# PostgreSQL SSL Configuration (dedicated database for identity services)
postgresql_ssl_postgres_password: "{{ vault_postgresql_ssl_postgres_password }}"
postgresql_ssl_port: 5432
postgresql_ssl_cert_path: /etc/postgresql/17/main/ssl/server.crt
# Alloy
alloy_log_level: "warn"
casdoor_syslog_port: 51401
haproxy_syslog_port: 51404
# Certbot Configuration (Let's Encrypt DNS-01 with Namecheap)
certbot_user: certbot
certbot_group: certbot
certbot_directory: /srv/certbot
certbot_email: webmaster@helu.ca
certbot_cert_name: ouranos.helu.ca
prometheus_node_exporter_text_directory: /var/lib/prometheus/node-exporter
certbot_certificates:
- cert_name: wildcard.ouranos.helu.ca
domains: ["*.ouranos.helu.ca"]
# HAProxy Configuration
haproxy_user: haproxy
haproxy_group: haproxy
haproxy_uid: 800
haproxy_gid: 800
haproxy_directory: /srv/haproxy
haproxy_http_port: 8080
haproxy_https_port: 8443
haproxy_stats_port: 8404
haproxy_domain: "ouranos.helu.ca"
haproxy_cert_path: /etc/haproxy/certs/ouranos.pem
# HAProxy TCP Backend Definitions (mode tcp passthrough)
haproxy_tcp_backends:
- name: gitea_ssh
listen_port: 22022
backend_host: "rosalind.incus"
backend_port: 22022
# HAProxy Backend Definitions
haproxy_backends:
- subdomain: "" # Root domain (ouranos.helu.ca)
backend_host: "puck.incus"
backend_port: 22281
health_path: "/"
# timeout_server: "50s" # Optional override
- subdomain: "id" # Casdoor SSO (id.ouranos.helu.ca)
backend_host: "titania.incus"
backend_port: 22081
health_path: "/api/health"
redirect_root: "/login/heluca" # Redirect root to branded org login page
- subdomain: "openwebui"
backend_host: "oberon.incus"
backend_port: 22088
health_path: "/"
- subdomain: "anythingllm"
backend_host: "rosalind.incus"
backend_port: 22084
health_path: "/api/ping"
- subdomain: "arke"
backend_host: "sycorax.incus"
backend_port: 25540
health_path: "/health"
# SearXNG - routed through OAuth2-Proxy sidecar on Oberon
- subdomain: "searxng"
backend_host: "oberon.incus"
backend_port: 22073
health_path: "/ping"
- subdomain: "pgadmin"
backend_host: "prospero.incus"
backend_port: 443
health_path: "/misc/ping"
ssl_backend: true
- subdomain: "grafana"
backend_host: "prospero.incus"
backend_port: 443
health_path: "/api/health"
ssl_backend: true
- subdomain: "prometheus"
backend_host: "prospero.incus"
backend_port: 443
health_path: "/ping"
ssl_backend: true
- subdomain: "loki"
backend_host: "prospero.incus"
backend_port: 443
health_path: "/ready"
ssl_backend: true
- subdomain: "alertmanager"
backend_host: "prospero.incus"
backend_port: 443
health_path: "/-/healthy"
ssl_backend: true
- subdomain: "gitea"
backend_host: "rosalind.incus"
backend_port: 22082
health_path: "/api/healthz"
- subdomain: "daedalus"
backend_host: "puck.incus"
backend_port: 23081
health_path: "/api/health"
timeout_server: 120s
- subdomain: "lobechat"
backend_host: "rosalind.incus"
backend_port: 22081
health_path: "/chat"
- subdomain: "nextcloud"
backend_host: "rosalind.incus"
backend_port: 22083
health_path: "/status.php"
- subdomain: "angelia"
backend_host: "puck.incus"
backend_port: 22281
health_path: "/"
- subdomain: "athena"
backend_host: "puck.incus"
backend_port: 22481
health_path: "/ready/"
- subdomain: "kairos"
backend_host: "puck.incus"
backend_port: 22581
health_path: "/ready/"
- subdomain: "icarlos"
backend_host: "puck.incus"
backend_port: 22681
health_path: "/ready/"
- subdomain: "mcp-switchboard"
backend_host: "puck.incus"
backend_port: 22781
health_path: "/ready/"
- subdomain: "spelunker"
backend_host: "puck.incus"
backend_port: 22881
health_path: "/ready/"
- subdomain: "peitho"
backend_host: "puck.incus"
backend_port: 22981
health_path: "/ready/"
- subdomain: "jupyterlab"
backend_host: "puck.incus"
backend_port: 22071 # OAuth2-Proxy port
health_path: "/ping"
timeout_server: 300s # WebSocket support
- subdomain: "hass"
backend_host: "oberon.incus"
backend_port: 8123
health_path: "/api/"
timeout_server: 300s # WebSocket support for HA frontend
- subdomain: "smtp4dev"
backend_host: "oberon.incus"
backend_port: 22085
health_path: "/"
# Casdoor Configuration
casdoor_user: casdoor
casdoor_group: casdoor
casdoor_directory: /srv/casdoor
# Web Configuration
casdoor_port: 22081
casdoor_runmode: dev
casdoor_copyrequestbody: true
casdoor_drivername: postgres
# Database Configuration
casdoor_db_port: 5432
casdoor_db_name: casdoor
casdoor_db_user: casdoor
casdoor_db_password: "{{ vault_casdoor_db_password }}"
casdoor_db_sslmode: disable
casdoor_showsql: false
# Redis and Storage
casdoor_redis_endpoint: ""
casdoor_default_storage_provider: ""
# Authentication
casdoor_auth_state: "{{ vault_casdoor_auth_state }}"
# Origin must include port for internal OIDC endpoints to work correctly
casdoor_origin: "https://id.ouranos.helu.ca"
casdoor_origin_frontend: "https://id.ouranos.helu.ca"
# Timeouts and Ports
casdoor_inactive_timeout_minutes: 60
casdoor_ldap_server_port: 0
casdoor_ldaps_cert_id: ""
casdoor_ldaps_server_port: 0
casdoor_radius_server_port: 1812
casdoor_radius_default_organization: "built-in"
casdoor_radius_secret: "{{ vault_casdoor_radius_secret }}"
# Oath2
angelia_oauth2_client_id: "{{ vault_angelia_oauth_client_id }}"
angelia_oauth2_client_secret: "{{ vault_angelia_oauth_client_secret }}"
athena_oauth2_client_id: "{{ vault_athena_oauth_client_id }}"
athena_oauth2_client_secret: "{{ vault_athena_oauth_client_secret }}"
daedalus_oauth2_client_id: "{{ vault_daedalus_oauth2_client_id }}"
daedalus_oauth2_client_secret: "{{ vault_daedalus_oauth2_client_secret }}"
gitea_oauth2_client_id: "{{ vault_gitea_oauth_client_id }}"
gitea_oauth2_client_secret: "{{ vault_gitea_oauth_client_secret }}"
jupyterlab_oauth2_client_id: "{{ vault_jupyterlab_oauth_client_id }}"
jupyterlab_oauth2_client_secret: "{{ vault_jupyterlab_oauth_client_secret }}"
kairos_oauth2_client_id: "{{ vault_athena_oauth_client_id }}"
kairos_oauth2_client_secret: "{{ vault_athena_oauth_client_secret }}"
openwebui_oauth2_client_id: "{{ vault_openwebui_oauth_client_id }}"
openwebui_oauth2_client_secret: "{{ vault_openwebui_oauth_client_secret }}"
searxng_oauth2_client_id: "{{ vault_searxng_oauth2_client_id }}"
searxng_oauth2_client_secret: "{{ vault_searxng_oauth2_client_secret }}"
spelunker_oauth2_client_id: "{{ vault_athena_oauth_client_id }}"
spelunker_oauth2_client_secret: "{{ vault_athena_oauth_client_secret }}"
Reference in New Issue View Git Blame Copy Permalink