From c0a07682578d015b3a3c8ab61c93bd970d1f175e Mon Sep 17 00:00:00 2001
From: MrMeeb <mrmeeb@noreply.git.mrmeeb.stream>
Date: Sat, 30 May 2026 21:23:42 +0000
Subject: [PATCH] add docker socket proxy with no permissions

---
 docker-compose.yaml | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/docker-compose.yaml b/docker-compose.yaml
index c69048d..c12d398 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,22 +1,31 @@
 services:
+  supporting-services-socket-proxy:
+    image: lscr.io/linuxserver/socket-proxy:3.2.19-r0-ls82
+    container_name: supporting-services-socket-proxy
+    restart: unless-stopped
+    privileged: true
+    read_only: true
+    tmpfs:
+      - /run
+    volumes:
+      # Add host docker
+      - /var/run/docker.sock:/var/run/docker.sock:z:ro
+
   telegraf:
     image: telegraf
     container_name: telegraf
     restart: unless-stopped
-    privileged: true
-    user: telegraf:${PGID} # make telegraf run with docker group (985) to access docker socket
-    hostname: ${HOSTNAME} # picks up the hostname of komodo-periphery
+    hostname: ${HOSTNAME}
     volumes:
       - ${PWD}/telegraf.conf:/etc/telegraf/telegraf.conf:ro
       # Add host fs
       - /:/hostfs:ro
       # Add host net specifically
       - /proc/net:/hostfs/proc/net
-      # Add host docker
-      - /var/run/docker.sock:/var/run/docker.sock:z
     environment:
       - HOST_MOUNT_PREFIX=/hostfs
       - HOST_PROC=/hostfs/proc
+      - DOCKER_HOST=tcp://supporting-services-socket-proxy:2375
 
   certbot:
     image: git.mrmeeb.stream/mrmeeb/certbot-cron:latest