---
- name: 'Grab docker group id.'
  ansible.builtin.shell:
    cmd: |
      set -o pipefail
      grep docker /etc/group | cut -d ':' -f 3
    executable: /bin/bash
  register: netdata_docker_group_output
  changed_when: netdata_docker_group_output.rc != 0

- name: 'Create NetData container from {{ netdata_image }}'
  community.docker.docker_container:
    name: netdata
    image: '{{ netdata_image }}'
    image_name_mismatch: 'recreate'
    restart_policy: 'always'
    published_ports:
      - '127.0.0.1:{{ netdata_exposed_port }}:19999'
    volumes:
      - '/:/host/root:ro,rslave'
      - '/etc/group:/host/etc/group:ro'
      - '/etc/localtime:/etc/localtime:ro'
      - '/etc/os-release:/host/etc/os-release:ro'
      - '/etc/passwd:/host/etc/passwd:ro'
      - '/proc:/host/proc:ro'
      - '/run/dbus:/run/dbus:ro'
      - '/sys:/host/sys:ro'
      - '/var/log:/host/var/log:ro'
      - '/var/run/docker.sock:/var/run/docker.sock:ro'
    capabilities:
      - 'SYS_PTRACE'
      - 'SYS_ADMIN'
    security_opts:
      - 'apparmor:unconfined'
    env:
      PGID: '{{ netdata_docker_group_output.stdout | default(999) }}'