veza/infra/ansible/roles/blackbox_exporter/tasks/main.yml

# blackbox_exporter role — installs the Prometheus blackbox exporter
# from the official tarball, drops the systemd unit, renders the probe
# config. Idempotent.
---
- name: Ensure /opt/blackbox_exporter exists
  ansible.builtin.file:
    path: /opt/blackbox_exporter
    state: directory
    owner: root
    group: root
    mode: "0755"
  tags: [blackbox, install]

- name: Check installed blackbox_exporter version
  ansible.builtin.stat:
    path: "/opt/blackbox_exporter/blackbox_exporter-{{ blackbox_version }}"
  register: blackbox_installed
  tags: [blackbox, install]

- name: Download blackbox_exporter tarball
  ansible.builtin.get_url:
    url: "https://github.com/prometheus/blackbox_exporter/releases/download/v{{ blackbox_version }}/blackbox_exporter-{{ blackbox_version }}.linux-{{ blackbox_arch }}.tar.gz"
    dest: "/tmp/blackbox_exporter-{{ blackbox_version }}.tar.gz"
    mode: "0644"
  when: not blackbox_installed.stat.exists
  tags: [blackbox, install]

- name: Extract blackbox_exporter into versioned slot
  ansible.builtin.unarchive:
    src: "/tmp/blackbox_exporter-{{ blackbox_version }}.tar.gz"
    dest: /opt/blackbox_exporter
    remote_src: true
    creates: "/opt/blackbox_exporter/blackbox_exporter-{{ blackbox_version }}.linux-{{ blackbox_arch }}"
  when: not blackbox_installed.stat.exists
  tags: [blackbox, install]

- name: Symlink /usr/local/bin/blackbox_exporter → versioned binary
  ansible.builtin.file:
    src: "/opt/blackbox_exporter/blackbox_exporter-{{ blackbox_version }}.linux-{{ blackbox_arch }}/blackbox_exporter"
    dest: /usr/local/bin/blackbox_exporter
    state: link
    force: true
  notify: Restart blackbox_exporter
  tags: [blackbox, install]

- name: Create blackbox system user
  ansible.builtin.user:
    name: blackbox
    system: true
    shell: /usr/sbin/nologin
    create_home: false
  tags: [blackbox, install]

- name: Ensure /etc/blackbox_exporter exists
  ansible.builtin.file:
    path: /etc/blackbox_exporter
    state: directory
    owner: root
    group: blackbox
    mode: "0750"
  tags: [blackbox, config]

- name: Render blackbox.yml
  ansible.builtin.template:
    src: blackbox.yml.j2
    dest: /etc/blackbox_exporter/blackbox.yml
    owner: root
    group: blackbox
    mode: "0640"
  notify: Restart blackbox_exporter
  tags: [blackbox, config]

- name: Render systemd unit
  ansible.builtin.template:
    src: blackbox_exporter.service.j2
    dest: /etc/systemd/system/blackbox_exporter.service
    owner: root
    group: root
    mode: "0644"
  notify: Restart blackbox_exporter
  tags: [blackbox, service]

- name: Enable + start blackbox_exporter
  ansible.builtin.systemd:
    name: blackbox_exporter
    state: started
    enabled: true
    daemon_reload: true
  tags: [blackbox, service]