services:

  netdata:
    image: netdata/netdata:v2.5.0
    container_name: netdata
    restart: unless-stopped
    cap_add:
      - SYS_PTRACE
      - SYS_ADMIN
    security_opt:
      - apparmor:unconfined
    networks:
      - "{{ web_proxy_network }}"
    volumes:
      - "{{ config_dir }}:/etc/netdata"
      - "{{ (data_dir, 'lib') | path_join }}:/var/lib/netdata"
      - "{{ (data_dir, 'cache') | path_join }}:/var/cache/netdata"
      # Netdata system volumes 
      - "/:/host/root:ro,rslave"
      - "/etc/group:/host/etc/group:ro"
      - "/etc/localtime:/etc/localtime:ro"
      - "/etc/os-release:/host/etc/os-release:ro"
      - "/etc/passwd:/host/etc/passwd:ro"
      - "/proc:/host/proc:ro"
      - "/run/dbus:/run/dbus:ro"
      - "/sys:/host/sys:ro"
      - "/var/log:/host/var/log:ro"
      - "/var/run:/host/var/run:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    environment:
      PGID: "{{ netdata_docker_group_output.stdout | default(999) }}"
      NETDATA_EXTRA_DEB_PACKAGES: "fail2ban"

networks:
  {{ web_proxy_network }}:
    external: true