feat(ai): introduce dedicated AI roles and wiring; clean up legacy AI stack

• Add svc-ai category under roles and load it in constructor stage • Create new 'svc-ai-ollama' role (vars, tasks, compose, meta, README) and dedicated network • Refactor former AI stack into separate app roles: web-app-flowise and web-app-openwebui • Add web-app-minio role; adjust config (no central DB), meta (fa-database, run_after), compose networks include, volume key • Provide user-focused READMEs for Flowise, OpenWebUI, MinIO, Ollama • Networks: add subnets for web-app-openwebui, web-app-flowise, web-app-minio; rename web-app-ai → svc-ai-ollama • Ports: rename ai_* keys to web-app-openwebui / web-app-flowise; keep minio_api/minio_console • Add group_vars/all/17_ai.yml (OLLAMA_BASE_LOCAL_URL, OLLAMA_LOCAL_ENABLED) • Replace hardcoded include paths with path_join in multiple roles (svc-db-postgres, sys-service, sys-stk-front-proxy, sys-stk-full-stateful, sys-svc-webserver, web-svc-cdn, web-app-keycloak) • Remove obsolete web-app-ai templates/vars/env; split Flowise into its own role • Minor config cleanups (CSP flags to {}, central_database=false) https://chatgpt.com/share/68d15cb8-cf18-800f-b853-78962f751f81
2025-09-24 11:06:24 +02:00 · 2025-09-22 18:39:40 +02:00
parent aeab7e7358
commit 5d1210d651
44 changed files with 530 additions and 204 deletions
--- a/roles/web-app-minio/README.md
+++ b/roles/web-app-minio/README.md
@@ -0,0 +1,25 @@
+
+---
+
+# MinIO
+
+## Description
+
+**MinIO** is an S3-compatible object storage service for files, media, backups, and AI artifacts—self-hosted for performance and control.
+
+## Overview
+
+Applications that speak “S3” (Pixelfed, Mastodon, Nextcloud, Flowise, etc.) store and retrieve objects from MinIO buckets using familiar SDKs and CLIs. Admins manage buckets, users, and access policies through a browser console while keeping everything on-prem.
+
+## Features
+
+* S3-compatible API for broad app compatibility
+* Buckets, users, access keys, and fine-grained policies
+* Optional versioning, lifecycle rules, and object lock
+* Presigned URLs for secure, time-limited uploads/downloads
+* Ideal for AI stacks: datasets, embeddings, and artifacts
+
+## Further Resources
+
+* MinIO — [https://www.min.io](https://www.min.io)
+* AWS S3 (API background) — [https://aws.amazon.com/s3](https://aws.amazon.com/s3)
--- a/roles/web-app-minio/config/main.yml
+++ b/roles/web-app-minio/config/main.yml
@@ -2,7 +2,7 @@ features:
  matomo:           true
  css:              true
  desktop:          true
-  central_database: true
+  central_database: false
  logout:           true
  javascript:       false
 server:
@@ -12,7 +12,7 @@ server:
      api:      "api.s3.{{ PRIMARY_DOMAIN }}"
    aliases: []
  csp:
-    flags: []
+    flags: {}
      #script-src-elem:
      #  unsafe-inline:  true
      #script-src:
--- a/roles/web-app-minio/meta/main.yml
+++ b/roles/web-app-minio/meta/main.yml
@@ -0,0 +1,29 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Installs MinIO — an S3-compatible object storage service for media, backups, and AI artifacts."
+  license: "Infinito.Nexus NonCommercial License"
+  license_url: "https://s.infinito.nexus/license"
+  company: | 
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  galaxy_tags:
+    - s3
+    - object-storage
+    - storage
+    - buckets
+    - minio
+    - self-hosted
+    - privacy
+    - backup
+    - devops
+  repository: "https://s.infinito.nexus/code"
+  issue_tracker_url: "https://s.infinito.nexus/issues"
+  documentation: "https://s.infinito.nexus/code/"
+  logo:
+    class: "fa-solid fa-database"
+  run_after:
+    - web-app-keycloak
+    - web-app-matomo
+dependencies: []
--- a/roles/web-app-minio/tasks/main.yml
+++ b/roles/web-app-minio/tasks/main.yml
@@ -1,4 +1,13 @@
 ---
+- name: "Install Ollama Dependency"
+  include_role:
+    name: svc-ai-ollama
+  vars:
+    flush_handlers: true
+  when:    
+    - run_once_svc_ai_ollama is not defined
+    - OLLAMA_LOCAL_ENABLED | bool
+
 - name: "load docker and db for {{ application_id }}"
  include_role:
    name: sys-stk-back-stateless
--- a/roles/web-app-minio/templates/docker-compose.yml.j2
+++ b/roles/web-app-minio/templates/docker-compose.yml.j2
@@ -12,6 +12,8 @@
      - data:/data
 {% include 'roles/docker-container/templates/networks.yml.j2' %}

+{% include 'roles/docker-compose/templates/networks.yml.j2' %}
+
 {% include 'roles/docker-compose/templates/volumes.yml.j2' %}
  data:
    name: {{ MINIO_VOLUME }}
--- a/roles/web-app-minio/vars/main.yml
+++ b/roles/web-app-minio/vars/main.yml
@@ -10,7 +10,7 @@ docker_compose_file_creation_enabled: true
 MINIO_VERSION:                  "{{ applications | get_app_conf(application_id, 'docker.services.minio.version') }}"
 MINIO_IMAGE:                    "{{ applications | get_app_conf(application_id, 'docker.services.minio.image') }}"
 MINIO_CONTAINER:                "{{ applications | get_app_conf(application_id, 'docker.services.minio.name') }}"
-MINIO_VOLUME:                   "{{ applications | get_app_conf(application_id, 'docker.volumes.minio') }}"
+MINIO_VOLUME:                   "{{ applications | get_app_conf(application_id, 'docker.volumes.data') }}"

 ## Api
 MINIO_API_DOMAIN:               "{{ applications | get_app_conf(application_id, 'server.domains.canonical.api') }}"