From 68428bc45145a244c73d892902be3246decdb3e4 Mon Sep 17 00:00:00 2001
From: Jonathan DeMasi <me@jthan.io>
Date: Mon, 26 Jan 2026 23:01:02 -0700
Subject: [PATCH] init syncthing host and docker role

---
 .../host_vars/rpi0.home.jthan.io/vars.yaml    |  6 ++
 ansible/inventories/production/hosts.ini      |  3 +
 ansible/monitoring.yaml                       |  2 +-
 .../roles/blackbox_exporter/tasks/main.yaml   | 92 +++++++++++++++++++
 ansible/roles/docker/tasks/main.yaml          | 21 +++++
 ansible/syncthing.yaml                        |  7 ++
 6 files changed, 130 insertions(+), 1 deletion(-)
 create mode 100644 ansible/roles/docker/tasks/main.yaml
 create mode 100644 ansible/syncthing.yaml

diff --git a/ansible/inventories/production/host_vars/rpi0.home.jthan.io/vars.yaml b/ansible/inventories/production/host_vars/rpi0.home.jthan.io/vars.yaml
index f8b1983..6113898 100644
--- a/ansible/inventories/production/host_vars/rpi0.home.jthan.io/vars.yaml
+++ b/ansible/inventories/production/host_vars/rpi0.home.jthan.io/vars.yaml
@@ -25,6 +25,9 @@ private_domains:
       - type: A
         name: "irc.home.jthan.io"
         value: 192.168.1.99
+      - type: A
+        name: "syncthing.home.jthan.io"
+        value: 192.168.1.15
       - type: AAAA
         name: "storage0.home.jthan.io"
         value: "2602:fb57:c20:b00:7a55:36ff:fe02:92c9"
@@ -43,6 +46,9 @@ private_domains:
       - type: AAAA
         name: "irc.home.jthan.io"
         value: "2602:fb57:c20:b00:be24:11ff:fee7:b4bc"
+      - type: AAAA
+        name: "syncthing.home.jthan.io"
+        value: "2602:fb57:c20:b00:be24:11ff:fee9:9c4b"
       - type: CNAME
         name: "ha.home.jthan.io"
         value: "proxy0.home.jthan.io"
diff --git a/ansible/inventories/production/hosts.ini b/ansible/inventories/production/hosts.ini
index 6091970..10ab7b1 100644
--- a/ansible/inventories/production/hosts.ini
+++ b/ansible/inventories/production/hosts.ini
@@ -18,3 +18,6 @@ ldap.home.jthan.io
 
 [irc]
 irc.home.jthan.io
+
+[syncthing]
+syncthing.home.jthan.io
diff --git a/ansible/monitoring.yaml b/ansible/monitoring.yaml
index 5e10912..9d1ce34 100644
--- a/ansible/monitoring.yaml
+++ b/ansible/monitoring.yaml
@@ -1,5 +1,5 @@
 ---
-# file: pangolin.yaml
+# file: monitoring.yaml
 - hosts: monitoring
   roles:
     - common
diff --git a/ansible/roles/blackbox_exporter/tasks/main.yaml b/ansible/roles/blackbox_exporter/tasks/main.yaml
index e69de29..b16de19 100644
--- a/ansible/roles/blackbox_exporter/tasks/main.yaml
+++ b/ansible/roles/blackbox_exporter/tasks/main.yaml
@@ -0,0 +1,92 @@
+- name: Download and verify the blackbox archive
+  get_url:
+    url: "https://github.com/blackbox/blackbox/releases/download/v{{ blackbox_version }}/blackbox-{{ blackbox_version }}.linux-amd64.tar.gz"
+    dest: "/tmp/blackbox-{{ blackbox_version }}.linux-amd64.tar.gz"
+    checksum: "sha256:{{ blackbox_sha256 }}"
+  register: download_result
+
+- name: Unarchive blackbox binary
+  unarchive:
+    src: "{{ download_result.dest }}"
+    dest: /tmp
+    remote_src: true # Indicates the source file is on the remote host
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Copy blackbox binary to /usr/local/bin
+  copy:
+    src: "/tmp/blackbox-{{ blackbox_version }}.linux-amd64/blackbox"
+    dest: "/usr/local/bin/blackbox-{{ blackbox_version }}"
+    owner: root
+    group: root
+    mode: '0755'
+    remote_src: yes
+
+- name: Create blackbox binary symlink
+  file:
+    src: "/usr/local/bin/blackbox-{{ blackbox_version }}"
+    dest: "/usr/local/bin/blackbox"
+    state: link
+    owner: root
+    group: root
+    mode: '0755' # Permissions for the target file
+    force: yes 
+
+- name: Create a blackbox group
+  group:
+    name: blackbox
+    state: present
+    gid: 1052
+
+- name: Create a blackbox user
+  user:
+    name: blackbox
+    uid: 1052
+    group: 1052
+    comment: "blackbox user"
+    shell: /bin/bash
+    state: present
+    create_home: no
+
+- name: Create blackbox data and config directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: blackbox
+    group: blackbox
+  loop:
+    - /var/lib/blackbox_exporter
+    - /etc/blackbox_exporter
+
+- name: Install blackbox config
+  template:
+    src: templates/blackbox.yml.j2
+    dest: /etc/blackbox/blackbox.yml
+    owner: blackbox
+    group: blackbox
+    mode: '0640'
+  notify: Restart blackbox
+
+- name: Install blackbox service
+  template:
+    src: templates/blackbox.service.j2
+    dest: /etc/systemd/system/blackbox.service
+    owner: root
+    group: root
+    mode: 0640
+  register: blackbox_service
+  notify: Restart blackbox
+
+- name: systemctl daemon-reload to pickup blackbox service changes
+  systemd_service:
+    daemon_reload: true
+  when: blackbox_service.changed
+  notify: Restart blackbox
+
+- name: Start and enable blackbox
+  service:
+    name: blackbox
+    state: started
+    enabled: true
diff --git a/ansible/roles/docker/tasks/main.yaml b/ansible/roles/docker/tasks/main.yaml
new file mode 100644
index 0000000..5e70a51
--- /dev/null
+++ b/ansible/roles/docker/tasks/main.yaml
@@ -0,0 +1,21 @@
+- name: Add docker-ce repo to dnf
+  command: dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+  args:
+    creates: /etc/yum.repos.d/docker-ce.repo
+
+- name: Install docker-ce and other related packages
+  package:
+    name:
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
+      - docker-buildx-plugin
+      - docker-compose-plugin
+    state: latest
+
+- name: Start and enable docker
+  service:
+    name: docker
+    state: started
+    enabled: true
+
diff --git a/ansible/syncthing.yaml b/ansible/syncthing.yaml
new file mode 100644
index 0000000..3b986b5
--- /dev/null
+++ b/ansible/syncthing.yaml
@@ -0,0 +1,7 @@
+---
+# file: syncthing.yaml
+- hosts: syncthing
+  roles:
+    - common
+    - ldap_client
+    - docker