---
- name: "Install Netdata monitoring service"
  hosts: all

  vars_files:
    - vars/ports.yml
    - vars/vars.yml

  vars:
    netdata_version: 'v2.4.0'
    netdata_image: 'netdata/netdata:{{ netdata_version }}'
    netdata_exposed_port: '{{ netdata_port }}'

  tasks:
    - name: 'Grab docker group id.'
      ansible.builtin.shell:
        cmd: |
          set -o pipefail
          grep docker /etc/group | cut -d ':' -f 3
        executable: /bin/bash
      register: netdata_docker_group_output
      changed_when: netdata_docker_group_output.rc != 0

    - name: 'Create NetData container from {{ netdata_image }}'
      community.docker.docker_container:
        name: netdata
        image: '{{ netdata_image }}'
        image_name_mismatch: 'recreate'
        restart_policy: 'unless-stopped'
        published_ports:
          - '127.0.0.1:{{ netdata_exposed_port }}:19999'
        volumes:
          - '/:/host/root:ro,rslave'
          - '/etc/group:/host/etc/group:ro'
          - '/etc/localtime:/etc/localtime:ro'
          - '/etc/os-release:/host/etc/os-release:ro'
          - '/etc/passwd:/host/etc/passwd:ro'
          - '/proc:/host/proc:ro'
          - '/run/dbus:/run/dbus:ro'
          - '/sys:/host/sys:ro'
          - '/var/log:/host/var/log:ro'
          - '/var/run/docker.sock:/var/run/docker.sock:ro'
        capabilities:
          - 'SYS_PTRACE'
          - 'SYS_ADMIN'
        security_opts:
          - 'apparmor:unconfined'
        env:
          PGID: '{{ netdata_docker_group_output.stdout | default(999) }}'