---
- name: 'Grab docker group id.'
  shell: grep docker /etc/group | cut -d ':' -f 3
  register: docker_group

- name: 'Create NetData container from {{ netdata_image }}'
  docker_container:
    name: netdata
    image: '{{ netdata_image }}'
    restart_policy: 'always'
    published_ports:
      - '127.0.0.1:{{ netdata_exposed_port }}:19999'
    volumes:
      - '/proc:/host/proc:ro'
      - '/sys:/host/sys:ro'
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
    capabilities:
      - 'SYS_PTRACE'
    security_opts:
      - 'apparmor:unconfined'
    env:
      PGID: '{{ docker_group.stdout|default(999) }}'