---
- name: "Install Netdata monitoring service"
  hosts: all

  vars_files:
    - vars/ports.yml
    - vars/vars.yml

  vars:
    netdata_version: "v2.4.0"
    netdata_image: "netdata/netdata:{{ netdata_version }}"
    netdata_exposed_port: "{{ netdata_port }}"

  tasks:
    - name: "Grab docker group id."
      ansible.builtin.shell:
        cmd: |
          set -o pipefail
          grep docker /etc/group | cut -d ':' -f 3
        executable: /bin/bash
      register: netdata_docker_group_output
      changed_when: netdata_docker_group_output.rc != 0

    - name: "Create NetData container from {{ netdata_image }}"
      community.docker.docker_container:
        name: netdata
        image: "{{ netdata_image }}"
        image_name_mismatch: "recreate"
        restart_policy: "unless-stopped"
        published_ports:
          - "127.0.0.1:{{ netdata_exposed_port }}:19999"
        volumes:
          - "/:/host/root:ro,rslave"
          - "/etc/group:/host/etc/group:ro"
          - "/etc/localtime:/etc/localtime:ro"
          - "/etc/os-release:/host/etc/os-release:ro"
          - "/etc/passwd:/host/etc/passwd:ro"
          - "/proc:/host/proc:ro"
          - "/run/dbus:/run/dbus:ro"
          - "/sys:/host/sys:ro"
          - "/var/log:/host/var/log:ro"
          - "/var/run/docker.sock:/var/run/docker.sock:ro"
        capabilities:
          - "SYS_PTRACE"
          - "SYS_ADMIN"
        security_opts:
          - "apparmor:unconfined"
        env:
          PGID: "{{ netdata_docker_group_output.stdout | default(999) }}"