services:
  supporting-services-socket-proxy:
    image: lscr.io/linuxserver/socket-proxy:3.2.19-r0-ls82
    container_name: supporting-services-socket-proxy
    restart: unless-stopped
    privileged: true
    read_only: true
    tmpfs:
      - /run
    volumes:
      # Add host docker
      - /var/run/docker.sock:/var/run/docker.sock:z:ro
    environment:
      - INFO=1

  telegraf:
    image: telegraf
    container_name: telegraf
    restart: unless-stopped
    hostname: ${HOSTNAME}
    volumes:
      - ${PWD}/telegraf.conf:/etc/telegraf/telegraf.conf:ro
      # Add host fs
      - /:/hostfs:ro
      # Add host net specifically
      - /proc/net:/hostfs/proc/net
    environment:
      - HOST_MOUNT_PREFIX=/hostfs
      - HOST_PROC=/hostfs/proc

  certbot:
    image: git.mrmeeb.stream/mrmeeb/certbot-cron:latest
    container_name: certbot
    restart: unless-stopped
    ports:
      - 80:80
    volumes:
      - ${DROOT}/certbot:/config
      - ${HOME}/.step/certs/root_ca.crt:/config/custom_ca/mrmeeb.pem
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=Europe/London
      - APPRISE_URL=${CERTBOT_DISCORD_WEBHOOK}
      - NOTIFY_ON_FAILURE=true
      - EMAIL=admin@mrmeeb.stream
      - CERT_COUNT=1
      - DOMAINS=${HOSTNAME_FULL},${HOSTNAME}
      - PLUGIN=standalone
      - CUSTOM_CA=mrmeeb.pem
      - CUSTOM_CA_SERVER=https://ca.internal/acme/acme/directory