From f7c1caa678aea7bca449749938c0066f93ea7a3f Mon Sep 17 00:00:00 2001
From: Jonathan DeMasi <me@jthan.io>
Date: Thu, 15 Jan 2026 22:59:18 -0700
Subject: [PATCH] Add monitoring host with prometheus role

---
 .../monitoring.home.jthan.io/vars.yaml        |  2 +
 ansible/inventories/production/hosts.ini      |  3 +
 ansible/monitoring.yaml                       |  6 ++
 .../roles/blackbox_exporter/tasks/main.yaml   |  0
 ansible/roles/grafana/tasks/main.yaml         |  0
 ansible/roles/node_exporter/tasks/main.yaml   |  0
 ansible/roles/prometheus/handlers/main.yaml   |  4 +
 ansible/roles/prometheus/tasks/main.yaml      | 73 +++++++++++++++++++
 .../tasks/templates/prometheus.service.j2     | 15 ++++
 .../tasks/templates/prometheus.yml.j2         | 18 +++++
 ansible/site.yaml                             |  1 +
 11 files changed, 122 insertions(+)
 create mode 100644 ansible/inventories/production/host_vars/monitoring.home.jthan.io/vars.yaml
 create mode 100644 ansible/monitoring.yaml
 create mode 100644 ansible/roles/blackbox_exporter/tasks/main.yaml
 create mode 100644 ansible/roles/grafana/tasks/main.yaml
 create mode 100644 ansible/roles/node_exporter/tasks/main.yaml
 create mode 100644 ansible/roles/prometheus/handlers/main.yaml
 create mode 100644 ansible/roles/prometheus/tasks/main.yaml
 create mode 100644 ansible/roles/prometheus/tasks/templates/prometheus.service.j2
 create mode 100644 ansible/roles/prometheus/tasks/templates/prometheus.yml.j2

diff --git a/ansible/inventories/production/host_vars/monitoring.home.jthan.io/vars.yaml b/ansible/inventories/production/host_vars/monitoring.home.jthan.io/vars.yaml
new file mode 100644
index 0000000..6715789
--- /dev/null
+++ b/ansible/inventories/production/host_vars/monitoring.home.jthan.io/vars.yaml
@@ -0,0 +1,2 @@
+prometheus_version: 3.9.1
+prometheus_sha256: 86a6999dd6aacbd994acde93c77cfa314d4be1c8e7b7c58f444355c77b32c584
diff --git a/ansible/inventories/production/hosts.ini b/ansible/inventories/production/hosts.ini
index e3acd94..4d27867 100644
--- a/ansible/inventories/production/hosts.ini
+++ b/ansible/inventories/production/hosts.ini
@@ -9,3 +9,6 @@ pangolin.jthan.io
 
 [authentik]
 authentik.home.jthan.io ansible_host=192.168.1.8
+
+[monitoring]
+monitoring.home.jthan.io ansible_host=192.168.1.12
diff --git a/ansible/monitoring.yaml b/ansible/monitoring.yaml
new file mode 100644
index 0000000..cb4056c
--- /dev/null
+++ b/ansible/monitoring.yaml
@@ -0,0 +1,6 @@
+---
+# file: pangolin.yaml
+- hosts: monitoring
+  roles:
+    - common
+    - prometheus
diff --git a/ansible/roles/blackbox_exporter/tasks/main.yaml b/ansible/roles/blackbox_exporter/tasks/main.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/grafana/tasks/main.yaml b/ansible/roles/grafana/tasks/main.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/node_exporter/tasks/main.yaml b/ansible/roles/node_exporter/tasks/main.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/ansible/roles/prometheus/handlers/main.yaml b/ansible/roles/prometheus/handlers/main.yaml
new file mode 100644
index 0000000..2a1d8ac
--- /dev/null
+++ b/ansible/roles/prometheus/handlers/main.yaml
@@ -0,0 +1,4 @@
+- name: Restart prometheus
+  service:
+    name: prometheus
+    state: restarted
diff --git a/ansible/roles/prometheus/tasks/main.yaml b/ansible/roles/prometheus/tasks/main.yaml
new file mode 100644
index 0000000..847649d
--- /dev/null
+++ b/ansible/roles/prometheus/tasks/main.yaml
@@ -0,0 +1,73 @@
+- name: Download and verify the prometheus archive
+  get_url:
+    url: https://github.com/prometheus/prometheus/releases/download/v{{ prometheus_version }}/prometheus-{{ prometheus_version }}.linux-amd64.tar.gz
+    dest: /tmp/prometheus-{{ prometheus_version }}.linux-amd64.tar.gz
+    checksum: "sha256:{{ prometheus_sha256 }}"
+  register: download_result
+
+- name: Unarchive prometheus binary
+  unarchive:
+    src: {{ download_result.dest }}
+    dest: /usr/local/bin/prometheus
+    remote_src: true # Indicates the source file is on the remote host
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Create a prometheus group
+  group:
+    name: prometheus
+    state: present
+    gid: 1051
+
+- name: Create a prometheus user
+  user:
+    name: prometheus
+    uid: 1051
+    group: 1051
+    comment: "prometheus user"
+    shell: /bin/bash
+    state: present
+    create_home: no
+
+- name: Create prometheus data and config directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: 0750
+    owner: prometheus
+    group: prometheus
+  loop:
+    - /var/lib/prometheus
+    - /etc/prometheus
+
+- name: Install prometheus config
+  template:
+    src: templates/prometheus.yml.j2
+    dest: /etc/prometheus/prometheus.yml
+    owner: prometheus
+    group: prometheus
+    mode: '0640'
+  notify: Restart prometheus
+
+- name: Install prometheus service
+  template:
+    src: templates/prometheus.service.j2
+    dest: /etc/systemd/system/prometheus.service
+    owner: root
+    group: root
+    mode: 0640
+  register: prometheus_service
+  notify: Restart prometheus
+
+- name: systemctl daemon-reload to pickup prometheus service changes
+  systemd_service:
+    daemon_reload: true
+  when: prometheus_service.changed
+  notify: Restart prometheus
+
+- name: Start and enable prometheus
+  service:
+    name: prometheus
+    state: started
+    enabled: true
diff --git a/ansible/roles/prometheus/tasks/templates/prometheus.service.j2 b/ansible/roles/prometheus/tasks/templates/prometheus.service.j2
new file mode 100644
index 0000000..da3c69f
--- /dev/null
+++ b/ansible/roles/prometheus/tasks/templates/prometheus.service.j2
@@ -0,0 +1,15 @@
+[Unit]
+Description=Prometheus Server
+Documentation=https://prometheus.io
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+User=prometheus
+Group=prometheus
+Type=simple
+ExecStart=/usr/local/bin/prometheus --config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/var/lib/prometheus/
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/ansible/roles/prometheus/tasks/templates/prometheus.yml.j2 b/ansible/roles/prometheus/tasks/templates/prometheus.yml.j2
new file mode 100644
index 0000000..dff709e
--- /dev/null
+++ b/ansible/roles/prometheus/tasks/templates/prometheus.yml.j2
@@ -0,0 +1,18 @@
+global:
+  scrape_interval: 15s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
+  evaluation_interval: 15s # Evaluate rules every 15 seconds. The default is every 1 minute.
+
+alerting:
+  alertmanagers:
+    - static_configs:
+        - targets:
+          # - alertmanager:9093
+
+rule_files:
+  # - "first_rules.yml"
+  # - "second_rules.yml"
+
+scrape_configs:
+  - job_name: "prometheus"
+    static_configs:
+      - targets: ["localhost:9090"]
diff --git a/ansible/site.yaml b/ansible/site.yaml
index 7ace5b4..8740c78 100644
--- a/ansible/site.yaml
+++ b/ansible/site.yaml
@@ -4,4 +4,5 @@
 - import_playbook: gitea.yaml
 - import_playbook: dns.yaml
 - import_playbook: pangolin.yaml
+- import_playbook: monitoring.yaml
 #- import_playbook: authentik.yaml