From 3eb6938b62f59efd96ddb070f518b3cb896ba3d0 Mon Sep 17 00:00:00 2001
From: Bastian de Byl <bastian@debyl.io>
Date: Thu, 12 Feb 2026 14:56:52 -0500
Subject: [PATCH] feat: switch FISTO to dolphin-mistral with dolphin-phi
 fallback

Benchmarked uncensored models for the gregtime FISTO bot. dolphin-mistral
produces the best uncensored creative content, dolphin-phi is faster fallback.
Added OLLAMA_NUM_PREDICT env var (300) and bumped image to 3.3.0.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 CLAUDE.md                                     | 19 ++++++++++++++++---
 Makefile                                      |  1 +
 ansible/roles/ollama/defaults/main.yml        |  6 ++++++
 .../podman/tasks/containers/home/gregtime.yml |  8 ++++++--
 ansible/roles/podman/tasks/main.yml           |  8 +++++++-
 5 files changed, 36 insertions(+), 6 deletions(-)
 create mode 100644 ansible/roles/ollama/defaults/main.yml

diff --git a/CLAUDE.md b/CLAUDE.md
index 13df40f..723851f 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -9,7 +9,7 @@ This is a home infrastructure deployment repository using Ansible for automated
 ## Development Commands
 
 ### Core Commands
-- `make` or `make lint` - Run linting (yamllint + ansible-lint) on all YAML files
+- `make` or `make lint` - Run yamllint on all YAML files. Output may only show "Running yamllint..." and "Done." with no errors listed — this means linting passed. Do NOT run yamllint or ansible-lint manually; `make lint` is the only lint step needed.
 - `make deploy` - Deploy all configurations to the home server
 - `make deploy TAGS=sometag` - Deploy only specific tagged tasks
 - `make deploy TARGET=specific-host` - Deploy to specific host instead of all
@@ -96,9 +96,22 @@ Tasks are tagged by service/component for selective deployment:
 
 ## Target Environment
 
-- Single target host: `home.bdebyl.net`
+- Single target host: `home.debyl.io`
 - OS: Fedora (ansible_user: fedora)
 - Container runtime: Podman
 - Web server: Caddy with automatic HTTPS and built-in security (replaced nginx + ModSecurity)
 - All services accessible via HTTPS with automatic certificate renewal
-- ~~CI/CD: Drone CI infrastructure completely decommissioned~~
\ No newline at end of file
+- ~~CI/CD: Drone CI infrastructure completely decommissioned~~
+
+### Remote SSH Commands for Service Users
+
+The `podman` user (and other service users) have `/bin/nologin` as their shell. To run commands as these users via SSH:
+
+- **One-off commands**: `sudo -H -u podman bash -c 'command here'`
+- **Interactive shell**: `sudo -H -u podman bash -c 'cd; bash'`
+- **systemctl --user** requires `XDG_RUNTIME_DIR`:
+  ```bash
+  sudo -H -u podman bash -c 'export XDG_RUNTIME_DIR=/run/user/$(id -u); systemctl --user <action> <service>'
+  ```
+
+Podman is a user-specific (rootless) container runtime, not a system service like Docker. The user context matters for all podman and systemctl --user operations. The default SSH user (`fedora`) has sudo access and can run commands directly.
\ No newline at end of file
diff --git a/Makefile b/Makefile
index 8d6598d..6a0c408 100644
--- a/Makefile
+++ b/Makefile
@@ -70,6 +70,7 @@ vault: ${ANSIBLE_VAULT} ${VAULT_FILE}
 lint: ${LINT_YAML} ${SKIP_FILE}
 	@printf "Running yamllint...\n"
 	-@${LINT_YAML} ${YAML_FILES}
+	@printf "Done.\n"
 
 # Git-crypt management
 git-crypt-backup:
diff --git a/ansible/roles/ollama/defaults/main.yml b/ansible/roles/ollama/defaults/main.yml
new file mode 100644
index 0000000..aa63dbc
--- /dev/null
+++ b/ansible/roles/ollama/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+ollama_models:
+  - dolphin-phi
+  - dolphin-mistral
+ollama_host: "127.0.0.1"
+ollama_port: 11434
diff --git a/ansible/roles/podman/tasks/containers/home/gregtime.yml b/ansible/roles/podman/tasks/containers/home/gregtime.yml
index aaf22f5..251e7d2 100644
--- a/ansible/roles/podman/tasks/containers/home/gregtime.yml
+++ b/ansible/roles/podman/tasks/containers/home/gregtime.yml
@@ -40,8 +40,12 @@
       - host
     env:
       TZ: America/New_York
-      # Gemini AI for @bot ask command
-      GEMINI_API_KEY: "{{ gemini_api_key }}"
+      # Ollama + SearXNG for FISTO AI responses
+      OLLAMA_HOST: "http://127.0.0.1:11434"
+      OLLAMA_MODEL: "dolphin-mistral"
+      OLLAMA_FALLBACK_MODEL: "dolphin-phi"
+      OLLAMA_NUM_PREDICT: "300"
+      SEARXNG_URL: "http://127.0.0.1:8080"
       # Zomboid RCON configuration for Discord restart command
       ZOMBOID_RCON_HOST: "127.0.0.1"
       ZOMBOID_RCON_PORT: "{{ zomboid_rcon_port }}"
diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml
index ad5dc2a..7fafd2b 100644
--- a/ansible/roles/podman/tasks/main.yml
+++ b/ansible/roles/podman/tasks/main.yml
@@ -96,12 +96,18 @@
     image: docker.io/graylog/graylog:7.0.1
   tags: debyltech, graylog
 
+- import_tasks: containers/home/searxng.yml
+  vars:
+    image: docker.io/searxng/searxng:latest
+  tags: searxng
+
 - import_tasks: containers/home/gregtime.yml
   vars:
-    image: localhost/greg-time-bot:3.0.2
+    image: localhost/greg-time-bot:3.3.0
   tags: gregtime
 
 - import_tasks: containers/home/zomboid.yml
   vars:
     image: docker.io/cm2network/steamcmd:root
   tags: zomboid
+