From e787b6ea1b7cecdc913e3888a02a2d139c2ce1ca Mon Sep 17 00:00:00 2001
From: Henry Dollman <hank@henrygd.me>
Date: Tue, 23 Jul 2024 15:21:03 -0400
Subject: [PATCH] update docker compose to make docker sock read only

---
 agent/docker-compose.yml               | 2 +-
 hub/site/src/components/add-system.tsx | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/agent/docker-compose.yml b/agent/docker-compose.yml
index 96aa024..687b8f9 100644
--- a/agent/docker-compose.yml
+++ b/agent/docker-compose.yml
@@ -5,7 +5,7 @@ services:
     restart: unless-stopped
     network_mode: host
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/run/docker.sock:/var/run/docker.sock:ro
     environment:
       PORT: 45876
       KEY: 'ssh-ed25519 YOUR_PUBLIC_KEY'
diff --git a/hub/site/src/components/add-system.tsx b/hub/site/src/components/add-system.tsx
index f7ac109..de27f6c 100644
--- a/hub/site/src/components/add-system.tsx
+++ b/hub/site/src/components/add-system.tsx
@@ -32,7 +32,7 @@ export function AddSystemButton() {
     restart: unless-stopped
     network_mode: host
     volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
+      - /var/run/docker.sock:/var/run/docker.sock:ro
     environment:
       PORT: ${port}
       KEY: "${publicKey}"