---
- name: Start Netdata
  block:
    - name: Get docker group id
      ansible.builtin.group:
        name: docker
      register: docker_group

    - name: Netdata Docker Container
      community.docker.docker_container:
        container_default_behavior: no_defaults
        name: "{{ netdata_container_name }}"
        image: "{{ netdata_image_name }}:{{ netdata_image_version }}"
        hostname: "{{ ansible_nas_hostname }}.{{ ansible_nas_domain }}"
        state: started
        pull: true
        ports:
          - "{{ netdata_port }}:19999"
        volumes:
          - "/proc:/host/proc:ro"
          - "/sys:/host/sys:ro"
          - "/var/run/docker.sock:/var/run/docker.sock:ro"
        env:
          PGID: "{{ docker_group.gid }}"
        capabilities:
          - SYS_PTRACE
        security_opts:
          - apparmor:unconfined
        restart_policy: unless-stopped
        memory: "{{ netdata_memory }}"
        labels:
          traefik.enable: "{{ netdata_available_externally | string }}"
          traefik.http.routers.netdata.rule: "Host(`{{ netdata_hostname }}.{{ ansible_nas_domain }}`)"
          traefik.http.routers.netdata.tls.certresolver: "letsencrypt"
          traefik.http.routers.netdata.tls.domains[0].main: "{{ ansible_nas_domain }}"
          traefik.http.routers.netdata.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
          traefik.http.services.netdata.loadbalancer.server.port: "19999"
  when: netdata_enabled is true

- name: Stop Netdata
  block:
    - name: Stop Netdata
      community.docker.docker_container:
        name: "{{ netdata_container_name }}"
        state: absent
  when: netdata_enabled is false