---

- name: setup netdata docker container for system monitoring
  community.docker.docker_container:
    name: netdata
    image: netdata/netdata:{{ services.netdata.version }}
    restart_policy: unless-stopped
    hostname: hevonen.servers.{{ base_domain }}
    capabilities:
      - SYS_PTRACE
    security_opts:
      - apparmor:unconfined
    volumes:
      - /proc:/host/proc:ro
      - /sys:/host/sys:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
      - name: external_services
    env:
      VIRTUAL_HOST: '{{ services.netdata.domain }}'
      LETSENCRYPT_HOST: '{{ services.netdata.domain }}'
      LETSENCRYPT_EMAIL: '{{ letsencrypt_email }}'
      PGID: '999'
    labels:
      com.centurylinklabs.watchtower.enable: 'true'