diff --git a/ansible/netdata.yml b/ansible/netdata.yml
new file mode 100644
index 0000000..29a463f
--- /dev/null
+++ b/ansible/netdata.yml
@@ -0,0 +1,17 @@
+---
+- name: 'Install Netdata monitoring service'
+  hosts: all
+
+  vars_files:
+    - vars/ports.yml
+    - vars/vars.yml
+
+  tasks:
+    - name: 'Install Netdata from role'
+      ansible.builtin.import_role:
+        name: netdata
+      vars:
+        netdata_version: 'v2.1.0'
+        netdata_exposed_port: '{{ netdata_port }}'
+      tags:
+        - monitoring
diff --git a/ansible/roles/netdata/tasks/main.yml b/ansible/roles/netdata/tasks/main.yml
index ca771a7..a709aac 100644
--- a/ansible/roles/netdata/tasks/main.yml
+++ b/ansible/roles/netdata/tasks/main.yml
@@ -1,22 +1,36 @@
 ---
 - name: 'Grab docker group id.'
-  shell: grep docker /etc/group | cut -d ':' -f 3
-  register: docker_group
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      grep docker /etc/group | cut -d ':' -f 3
+    executable: /bin/bash
+  register: netdata_docker_group_output
+  changed_when: netdata_docker_group_output.rc != 0
 
 - name: 'Create NetData container from {{ netdata_image }}'
   community.docker.docker_container:
     name: netdata
     image: '{{ netdata_image }}'
+    image_name_mismatch: 'recreate'
     restart_policy: 'always'
     published_ports:
       - '127.0.0.1:{{ netdata_exposed_port }}:19999'
     volumes:
+      - '/:/host/root:ro,rslave'
+      - '/etc/group:/host/etc/group:ro'
+      - '/etc/localtime:/etc/localtime:ro'
+      - '/etc/os-release:/host/etc/os-release:ro'
+      - '/etc/passwd:/host/etc/passwd:ro'
       - '/proc:/host/proc:ro'
+      - '/run/dbus:/run/dbus:ro'
       - '/sys:/host/sys:ro'
+      - '/var/log:/host/var/log:ro'
       - '/var/run/docker.sock:/var/run/docker.sock:ro'
     capabilities:
       - 'SYS_PTRACE'
+      - 'SYS_ADMIN'
     security_opts:
       - 'apparmor:unconfined'
     env:
-      PGID: '{{ docker_group.stdout | default(999) }}'
+      PGID: '{{ netdata_docker_group_output.stdout | default(999) }}'
diff --git a/ansible/vars/ports.yml b/ansible/vars/ports.yml
new file mode 100644
index 0000000..664d88f
--- /dev/null
+++ b/ansible/vars/ports.yml
@@ -0,0 +1,12 @@
+---
+base_port: 41080
+notes_port: "{{ base_port + 1 }}"
+dayoff_port: "{{ base_port + 2 }}"
+homepage_port: "{{ base_port + 3 }}"
+netdata_port: "{{ base_port + 4 }}"
+wiki_port: "{{ base_port + 5 }}"
+nomie_port: "{{ base_port + 6 }}"
+nomie_db_port: "{{ base_port + 7 }}"
+gitea_port: "{{ base_port + 8 }}"
+keycloak_port: "{{ base_port + 9 }}"
+outline_port: "{{ base_port + 10 }}"