services:
  docker-socket-proxy:
    image: ${DOCKER_SOCKET_PROXY_IMAGE}
    container_name: ${DOCKER_SOCKET_PROXY_NAME}
    restart: unless-stopped
    networks:
      - tsysdevstack-supportstack-demo-network
    environment:
      CONTAINERS: ${DOCKER_SOCKET_PROXY_CONTAINERS}
      IMAGES: ${DOCKER_SOCKET_PROXY_IMAGES}
      NETWORKS: ${DOCKER_SOCKET_PROXY_NETWORKS}
      VOLUMES: ${DOCKER_SOCKET_PROXY_VOLUMES}
      BUILD: ${DOCKER_SOCKET_PROXY_BUILD}
      MANIFEST: ${DOCKER_SOCKET_PROXY_MANIFEST}
      PLUGINS: ${DOCKER_SOCKET_PROXY_PLUGINS}
      VERSION: ${DOCKER_SOCKET_PROXY_VERSION}
    volumes:
      - ${DOCKER_SOCKET_PROXY_SOCKET_PATH}:${DOCKER_SOCKET_PROXY_SOCKET_PATH}
    mem_limit: ${DOCKER_SOCKET_PROXY_MEM_LIMIT}
    mem_reservation: ${DOCKER_SOCKET_PROXY_MEM_LIMIT}
    deploy:
      resources:
        limits:
          cpus: '${DOCKER_SOCKET_PROXY_CPU_LIMIT}'
          memory: ${DOCKER_SOCKET_PROXY_MEM_LIMIT}
        reservations:
          cpus: '${DOCKER_SOCKET_PROXY_CPU_LIMIT}'
          memory: ${DOCKER_SOCKET_PROXY_MEM_LIMIT}
    healthcheck:
      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://localhost/"]
      interval: ${HEALTH_CHECK_INTERVAL}
      timeout: ${HEALTH_CHECK_TIMEOUT}
      start_period: ${HEALTH_CHECK_START_PERIOD}
      retries: ${HEALTH_CHECK_RETRIES}
    # Homepage integration labels for automatic discovery
    labels:
      homepage.group: "Support Stack"
      homepage.name: "Docker Socket Proxy"
      homepage.icon: "docker.png"
      homepage.href: "http://${BIND_ADDRESS}:${HOMEPAGE_PORT}"
      homepage.description: "Docker socket proxy for secure access"
      homepage.type: "docker"
    # NOTE: Docker-socket-proxy must run as root to configure HAProxy
    # user: "${TSYSDEVSTACK_UID}:${TSYSDEVSTACK_DOCKER_GID}"  # Read-only access to Docker socket

networks:
  tsysdevstack-supportstack-demo-network:
    external: true
    name: ${TSYSDEVSTACK_NETWORK_NAME}