add docker socket proxy with no permissions

2026-05-30 21:23:42 +00:00
parent ecea8c3df1
commit c0a0768257
1 changed files with 14 additions and 5 deletions
@@ -1,22 +1,31 @@
 services:
+  supporting-services-socket-proxy:
+    image: lscr.io/linuxserver/socket-proxy:3.2.19-r0-ls82
+    container_name: supporting-services-socket-proxy
+    restart: unless-stopped
+    privileged: true
+    read_only: true
+    tmpfs:
+      - /run
+    volumes:
+      # Add host docker
+      - /var/run/docker.sock:/var/run/docker.sock:z:ro
+
  telegraf:
    image: telegraf
    container_name: telegraf
    restart: unless-stopped
-    privileged: true
-    user: telegraf:${PGID} # make telegraf run with docker group (985) to access docker socket
-    hostname: ${HOSTNAME} # picks up the hostname of komodo-periphery
+    hostname: ${HOSTNAME}
    volumes:
      - ${PWD}/telegraf.conf:/etc/telegraf/telegraf.conf:ro
      # Add host fs
      - /:/hostfs:ro
      # Add host net specifically
      - /proc/net:/hostfs/proc/net
-      # Add host docker
-      - /var/run/docker.sock:/var/run/docker.sock:z
    environment:
      - HOST_MOUNT_PREFIX=/hostfs
      - HOST_PROC=/hostfs/proc
+      - DOCKER_HOST=tcp://supporting-services-socket-proxy:2375

  certbot:
    image: git.mrmeeb.stream/mrmeeb/certbot-cron:latest