# ------------------------------  
# -- Socket Proxy
# -- Updated 2024-June-04
# ------------------------------
name: socket-proxy # Project Name
services:
  socket-proxy:
    image: tecnativa/docker-socket-proxy:0.1.2
    container_name: socket-proxy
    restart: unless-stopped
    security_opt:
      - no-new-privileges=true
    networks:
      - socket_proxy
      #socket_proxy:
      #  ipv4_address: 172.16.224.254
    privileged: true  # true for VM.  false for unprivileged LXC container.
    #depends_on:
    #  - traefik
    ports:
      - "127.0.0.1:2375:2375"
    environment:
      - LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
      ## Variables match the URL prefix (i.e. AUTH blocks access to /auth/* parts of the API, etc.).
      ### 0 to revoke access.
      ### 1 to grant access.
      ## Granted by Default
      - EVENTS=1
      - PING=1
      - VERSION=1
      ## Revoked by Default
      ### Security critical
      - AUTH=0
      - SECRETS=0
      - POST=1          # Watchtower
      ### Not always needed
      - BUILD=0
      - COMMIT=0
      - CONFIGS=0
      - CONTAINERS=1    # Traefik, portainer, etc.
      - DISTRIBUTION=0
      - EXEC=0
      - IMAGES=1        # Portainer
      - INFO=1          # Portainer
      - NETWORKS=1      # Portainer
      - NODES=0
      - PLUGINS=0
      - SERVICES=1      # Portainer
      - SESSION=0
      - SWARM=0
      - SYSTEM=0
      - TASKS=1         # Portainer
      - VOLUMES=1       # Portainer
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"