diff --git a/ansible/amber.yml b/ansible/amber.yml
index 19e843e..42b4f69 100644
--- a/ansible/amber.yml
+++ b/ansible/amber.yml
@@ -40,21 +40,8 @@
       tags:
         - webserver
 
-    - name: 'Create NetData container.'
-      docker_container:
+    - import_role:
         name: netdata
-        image: 'netdata/netdata:v1.15.0'
-        restart_policy: 'always'
-        published_ports:
-          - '19999:19999'
-        volumes:
-          - '/proc:/host/proc:ro'
-          - '/sys:/host/sys:ro'
-          - '/var/run/docker.sock:/var/run/docker.sock:ro'
-        capabilities:
-          - 'SYS_PTRACE'
-        security_opts:
-          - 'apparmor:unconfined'
       tags:
         - monitoring
 
diff --git a/ansible/roles/netdata/tasks/main.yml b/ansible/roles/netdata/tasks/main.yml
new file mode 100644
index 0000000..37c679a
--- /dev/null
+++ b/ansible/roles/netdata/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+- name: 'Grab docker group id.'
+  shell: grep docker /etc/group | cut -d ':' -f 3
+  register: docker_group
+
+- name: 'Create NetData container.'
+  docker_container:
+    name: netdata
+    image: 'netdata/netdata:v1.15.0'
+    restart_policy: 'always'
+    published_ports:
+      - '127.0.0.1:19999:19999'
+    volumes:
+      - '/proc:/host/proc:ro'
+      - '/sys:/host/sys:ro'
+      - '/var/run/docker.sock:/var/run/docker.sock:ro'
+    capabilities:
+      - 'SYS_PTRACE'
+    security_opts:
+      - 'apparmor:unconfined'
+    env:
+      PGID: '{{ docker_group.stdout }}'
diff --git a/ansible/templates/Caddyfile.j2 b/ansible/templates/Caddyfile.j2
index e69de29..da77bf7 100644
--- a/ansible/templates/Caddyfile.j2
+++ b/ansible/templates/Caddyfile.j2
@@ -0,0 +1,6 @@
+# NetData proxy
+:29999 {
+    proxy / 127.0.0.1:19999 {
+        transparent
+    }
+}