homelab/nodes/watchtower/compose.yaml

name: node-tools
services:
  # 🔒 Local Security Layer for this Node
  docker-socket-proxy:
    image: tecnativa/docker-socket-proxy:latest
    container_name: docker-socket-proxy
    userns_mode: "host"
    user: "0:0"
    security_opt:
      - apparmor=unconfined
    privileged: true
    networks:
      - node-net
    ports:
      - "127.0.0.1:2375:2375"  # Expose on localhost for host-mode periphery
    group_add:
      - "988"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - CONTAINERS=1
      - NETWORKS=1
      - IMAGES=1
      - INFO=1
      - POST=1
      - ALLOW_START=1
      - ALLOW_STOP=1
      # Added for Stack Management
      - SERVICES=1       # Required for stack/service operations
      - TASKS=1          # Required for stack task management
      - VOLUMES=1        # Required if stacks use volumes
      - CONFIGS=1        # Required for Docker configs
      - SECRETS=1        # Required for Docker secrets

  # 🦎 Komodo Periphery
  periphery:
    image: ghcr.io/moghtech/komodo-periphery:2
    container_name: komodo-perihery-watchtower
    network_mode: host  # Use host networking to access external IPs
    depends_on:
      - docker-socket-proxy
    environment:
      - DOCKER_HOST=tcp://127.0.0.1:2375  # Access via localhost
      - PERIPHERY_CORE_ADDRESS=ws://10.0.0.151:9120
      - PERIPHERY_CONNECT_AS=Watchtower
      - PERIPHERY_ONBOARDING_KEY=O_VegHtPxiQKrzsAd8MqlrJEs2WLxZ_O
    volumes:
      - /proc:/proc
      - /mnt/appdata/komodo/watchtower/keys:/config/keys
      - /mnt/appdata/komodo/watchtower/work:/etc/komodo
      # ✅ Added for Stack Deployments
      - /mnt/appdata/komodo/watchtower/stacks:/etc/komodo/stacks
      # ✅ Added for Git-linked Stacks
      - /mnt/appdata/komodo/watchtower/repos:/etc/komodo/repos

  # 🔍 Traefik-KOP (Kubernetes Operator for Traefik Discovery)
  traefik-kop:
    image: ghcr.io/jittering/traefik-kop:0.19.4
    container_name: traefik-kop
    restart: unless-stopped
    depends_on:
      - docker-socket-proxy
    networks:
      - node-net
    environment:
      - DOCKER_HOST=tcp://docker-socket-proxy:2375
      - REDIS_ADDR=10.0.0.151:6379
      - BIND_IP=10.0.0.200
      - KOP_HOSTNAME=watchtower
      # Optional: Enable debug logging
      # - VERBOSE=true

# 📜 Dozzle Agent
#  dozzle:
#    image: amir20/dozzle:latest
#    depends_on:
#      - docker-socket-proxy
#    networks:
#      - node-net
#    environment:
#      - DOCKER_HOST=tcp://docker-socket-proxy:2375

networks:
  node-net:
    driver: bridge