Netdata: refactoring as docker compose app

playbook-netdata.yml

@@ -7,11 +7,39 @@
     - vars/vars.yml
 
   vars:
-    netdata_version: "v2.4.0"
-    netdata_image: "netdata/netdata:{{ netdata_version }}"
-    netdata_exposed_port: "{{ netdata_port }}"
+    app_name: "netdata"
+    app_user: "{{ app_name }}"
+    base_dir: "/home/{{ app_user }}"
+    config_dir: "{{ (base_dir, 'config') | path_join }}"
+    data_dir: "{{ (base_dir, 'data') | path_join }}"
 
   tasks:
+    - name: "Create user and environment"
+      ansible.builtin.import_role:
+        name: owner
+      vars:
+        owner_name: "{{ app_user }}"
+        owner_extra_groups: ["docker"]
+
+    - name: "Create internal application directories"
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: "directory"
+        owner: "{{ app_user }}"
+        group: "{{ app_user }}"
+        mode: "0770"
+      loop:
+        - "{{ config_dir }}"
+        - "{{ data_dir }}"
+
+    - name: "Copy netdata config file"
+      ansible.builtin.template:
+        src: "files/{{ app_name }}/netdata.conf.j2"
+        dest: "{{ config_dir }}/netdata.conf"
+        owner: "{{ app_user }}"
+        group: "{{ app_user }}"
+        mode: "0640"
+
     - name: "Grab docker group id."
       ansible.builtin.shell:
         cmd: |
@@ -21,31 +49,16 @@
       register: netdata_docker_group_output
       changed_when: netdata_docker_group_output.rc != 0
 
-    - name: "Create NetData container from {{ netdata_image }}"
-      community.docker.docker_container:
-        name: netdata
-        image: "{{ netdata_image }}"
-        image_name_mismatch: "recreate"
-        restart_policy: "unless-stopped"
-        published_ports:
-          - "127.0.0.1:{{ netdata_exposed_port }}:19999"
-        networks:
-          - name: "{{ web_proxy_network }}"
-        volumes:
-          - "/:/host/root:ro,rslave"
-          - "/etc/group:/host/etc/group:ro"
-          - "/etc/localtime:/etc/localtime:ro"
-          - "/etc/os-release:/host/etc/os-release:ro"
-          - "/etc/passwd:/host/etc/passwd:ro"
-          - "/proc:/host/proc:ro"
-          - "/run/dbus:/run/dbus:ro"
-          - "/sys:/host/sys:ro"
-          - "/var/log:/host/var/log:ro"
-          - "/var/run/docker.sock:/var/run/docker.sock:ro"
-        capabilities:
-          - "SYS_PTRACE"
-          - "SYS_ADMIN"
-        security_opts:
-          - "apparmor:unconfined"
-        env:
-          PGID: "{{ netdata_docker_group_output.stdout | default(999) }}"
+    - name: "Copy docker compose file"
+      ansible.builtin.template:
+        src: "./files/{{ app_name }}/docker-compose.yml.j2"
+        dest: "{{ base_dir }}/docker-compose.yml"
+        owner: "{{ app_user }}"
+        group: "{{ app_user }}"
+        mode: "0640"
+
+    - name: "Run application with docker compose"
+      community.docker.docker_compose_v2:
+        project_src: "{{ base_dir }}"
+        state: "present"
+        remove_orphans: true