Fix sifaka_exporters role for Synology environment

- Use full docker path (/volume1/@appstore/ContainerManager/usr/bin/docker)
- Match existing container name (prom-node-exporter-1)
- Remove unnecessary node_exporter flags (--pid=host, volume mounts)
- Add become: true for all docker tasks (requires sudo on Synology)
- Run smartctl_exporter as --user=root (image drops to nobody internally)
- Explicitly specify /dev/sata* devices (Synology uses non-standard paths)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

ansible/roles/sifaka_exporters/defaults/main.yml

@@ -1,5 +1,15 @@
 ---
 # Docker images for Prometheus exporters on sifaka NAS
 # Ports are defined in group_vars/all.yml (shared with caddy role)
+sifaka_exporters_docker: /volume1/@appstore/ContainerManager/usr/bin/docker
 sifaka_exporters_node_exporter_image: "prom/node-exporter:latest"
+sifaka_exporters_node_exporter_name: "prom-node-exporter-1"
 sifaka_exporters_smartctl_exporter_image: "prometheuscommunity/smartctl-exporter:latest"
+sifaka_exporters_smartctl_exporter_name: "smartctl-exporter"
+
+# Synology uses /dev/sata* instead of /dev/sd* — smartctl can't auto-detect them
+sifaka_exporters_smartctl_devices:
+  - /dev/sata1
+  - /dev/sata2
+  - /dev/sata3
+  - /dev/sata4

ansible/roles/sifaka_exporters/handlers/main.yml

@@ -1,10 +1,12 @@
 ---
 - name: Restart node_exporter
-  ansible.builtin.command: docker restart node_exporter
+  ansible.builtin.command: "{{ sifaka_exporters_docker }} restart {{ sifaka_exporters_node_exporter_name }}"
+  become: true
   listen: Restart node_exporter
   changed_when: true
 
 - name: Restart smartctl_exporter
-  ansible.builtin.command: docker restart smartctl_exporter
+  ansible.builtin.command: "{{ sifaka_exporters_docker }} restart {{ sifaka_exporters_smartctl_exporter_name }}"
+  become: true
   listen: Restart smartctl_exporter
   changed_when: true

ansible/roles/sifaka_exporters/tasks/main.yml

@@ -1,22 +1,26 @@
 ---
 # Manage Prometheus exporter containers on sifaka NAS
 # Uses command module to avoid requiring docker Python SDK on Synology
+# Requires passwordless sudo for docker — see docs/reference/storage/sifaka.md
 
 # --- node_exporter ---
 
 - name: Pull node_exporter image
-  ansible.builtin.command: docker pull {{ sifaka_exporters_node_exporter_image }}
+  ansible.builtin.command: "{{ sifaka_exporters_docker }} pull {{ sifaka_exporters_node_exporter_image }}"
+  become: true
   register: sifaka_exporters_node_pull
   changed_when: "'Downloaded newer image' in sifaka_exporters_node_pull.stdout"
 
 - name: Check if node_exporter container exists
-  ansible.builtin.command: docker inspect node_exporter --format {% raw %}'{{.Config.Image}}'{% endraw %}
+  ansible.builtin.command: "{{ sifaka_exporters_docker }} inspect {{ sifaka_exporters_node_exporter_name }} --format {% raw %}'{{.Config.Image}}'{% endraw %}"
+  become: true
   register: sifaka_exporters_node_inspect
   changed_when: false
   failed_when: false
 
 - name: Remove node_exporter container if image changed
-  ansible.builtin.command: docker rm -f node_exporter
+  ansible.builtin.command: "{{ sifaka_exporters_docker }} rm -f {{ sifaka_exporters_node_exporter_name }}"
+  become: true
   when:
     - sifaka_exporters_node_inspect.rc == 0
     - sifaka_exporters_node_inspect.stdout != sifaka_exporters_node_exporter_image
@@ -25,17 +29,14 @@
 - name: Start node_exporter container
   ansible.builtin.command:
     argv:
-      - docker
+      - "{{ sifaka_exporters_docker }}"
       - run
       - -d
-      - --name=node_exporter
+      - "--name={{ sifaka_exporters_node_exporter_name }}"
       - --restart=always
       - --net=host
-      - --pid=host
-      - -v
-      - /:/host:ro,rslave
       - "{{ sifaka_exporters_node_exporter_image }}"
-      - --path.rootfs=/host
+  become: true
   register: sifaka_exporters_node_start
   when: >
     sifaka_exporters_node_inspect.rc != 0 or
@@ -45,35 +46,44 @@
 # --- smartctl_exporter ---
 
 - name: Pull smartctl_exporter image
-  ansible.builtin.command: docker pull {{ sifaka_exporters_smartctl_exporter_image }}
+  ansible.builtin.command: "{{ sifaka_exporters_docker }} pull {{ sifaka_exporters_smartctl_exporter_image }}"
+  become: true
   register: sifaka_exporters_smartctl_pull
   changed_when: "'Downloaded newer image' in sifaka_exporters_smartctl_pull.stdout"
 
 - name: Check if smartctl_exporter container exists
-  ansible.builtin.command: docker inspect smartctl_exporter --format {% raw %}'{{.Config.Image}}'{% endraw %}
+  ansible.builtin.command: "{{ sifaka_exporters_docker }} inspect {{ sifaka_exporters_smartctl_exporter_name }} --format {% raw %}'{{.Config.Image}}'{% endraw %}"
+  become: true
   register: sifaka_exporters_smartctl_inspect
   changed_when: false
   failed_when: false
 
 - name: Remove smartctl_exporter container if image changed
-  ansible.builtin.command: docker rm -f smartctl_exporter
+  ansible.builtin.command: "{{ sifaka_exporters_docker }} rm -f {{ sifaka_exporters_smartctl_exporter_name }}"
+  become: true
   when:
     - sifaka_exporters_smartctl_inspect.rc == 0
     - sifaka_exporters_smartctl_inspect.stdout != sifaka_exporters_smartctl_exporter_image
   changed_when: true
 
+- name: Build smartctl_exporter device arguments
+  ansible.builtin.set_fact:
+    sifaka_exporters_smartctl_device_args: >-
+      {{ sifaka_exporters_smartctl_devices | map('regex_replace', '^(.*)$', '--smartctl.device=\1') | list }}
+
 - name: Start smartctl_exporter container
   ansible.builtin.command:
-    argv:
-      - docker
-      - run
-      - -d
-      - --name=smartctl_exporter
-      - --restart=always
-      - --privileged
-      - -p
-      - "{{ sifaka_smartctl_exporter_port }}:{{ sifaka_smartctl_exporter_port }}"
-      - "{{ sifaka_exporters_smartctl_exporter_image }}"
+    argv: >-
+      {{ [
+        sifaka_exporters_docker, 'run', '-d',
+        '--name=' + sifaka_exporters_smartctl_exporter_name,
+        '--restart=always',
+        '--privileged',
+        '--user=root',
+        '-p', sifaka_smartctl_exporter_port | string + ':' + sifaka_smartctl_exporter_port | string,
+        sifaka_exporters_smartctl_exporter_image
+      ] + sifaka_exporters_smartctl_device_args }}
+  become: true
   register: sifaka_exporters_smartctl_start
   when: >
     sifaka_exporters_smartctl_inspect.rc != 0 or