Netdata as playbook

playbook-netdata.yml

@@ -6,12 +6,44 @@
     - vars/ports.yml
     - vars/vars.yml
 
+  vars:
+    netdata_version: 'v2.4.0'
+    netdata_image: 'netdata/netdata:{{ netdata_version }}'
+    netdata_exposed_port: '{{ netdata_port }}'
+
   tasks:
-    - name: "Install Netdata from role"
-      ansible.builtin.import_role:
+    - name: 'Grab docker group id.'
+      ansible.builtin.shell:
+        cmd: |
+          set -o pipefail
+          grep docker /etc/group | cut -d ':' -f 3
+        executable: /bin/bash
+      register: netdata_docker_group_output
+      changed_when: netdata_docker_group_output.rc != 0
+
+    - name: 'Create NetData container from {{ netdata_image }}'
+      community.docker.docker_container:
         name: netdata
-      vars:
-        netdata_version: "v2.4.0"
-        netdata_exposed_port: "{{ netdata_port }}"
-      tags:
-        - monitoring
+        image: '{{ netdata_image }}'
+        image_name_mismatch: 'recreate'
+        restart_policy: 'unless-stopped'
+        published_ports:
+          - '127.0.0.1:{{ netdata_exposed_port }}:19999'
+        volumes:
+          - '/:/host/root:ro,rslave'
+          - '/etc/group:/host/etc/group:ro'
+          - '/etc/localtime:/etc/localtime:ro'
+          - '/etc/os-release:/host/etc/os-release:ro'
+          - '/etc/passwd:/host/etc/passwd:ro'
+          - '/proc:/host/proc:ro'
+          - '/run/dbus:/run/dbus:ro'
+          - '/sys:/host/sys:ro'
+          - '/var/log:/host/var/log:ro'
+          - '/var/run/docker.sock:/var/run/docker.sock:ro'
+        capabilities:
+          - 'SYS_PTRACE'
+          - 'SYS_ADMIN'
+        security_opts:
+          - 'apparmor:unconfined'
+        env:
+          PGID: '{{ netdata_docker_group_output.stdout | default(999) }}'