commit dd3d11f87e9e560fba7a3a742e09fbfb7e213b6e
Author: aetos <aetoskia@gmail.com>
Date:   Tue Sep 23 12:13:45 2025 +0000

    Add docker-compose.yaml

diff --git a/docker-compose.yaml b/docker-compose.yaml
new file mode 100644
index 0000000..1ca6370
--- /dev/null
+++ b/docker-compose.yaml
@@ -0,0 +1,83 @@
+services:
+  # System Monitoring
+  netdata:
+    image: netdata/netdata:latest
+    container_name: netdata
+    ports:
+      - "7001:19999"
+    volumes:
+      - netdata_config:/etc/netdata
+      - netdata_lib:/var/lib/netdata  
+      - netdata_cache:/var/cache/netdata
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - /:/host/root:ro,rslave
+      - /etc/passwd:/host/etc/passwd:ro
+      - /etc/group:/host/etc/group:ro
+      - /etc/os-release:/host/etc/os-release:ro
+    cap_add:
+      - SYS_PTRACE
+      - SYS_ADMIN
+    security_opt:
+      - apparmor:unconfined
+    environment:
+      - NETDATA_CLAIM_TOKEN=${NETDATA_CLAIM_TOKEN:-}
+      - NETDATA_CLAIM_URL=https://app.netdata.cloud
+    networks:
+      - monitoring-net
+    restart: unless-stopped
+
+  # Container Management
+  portainer:
+    image: portainer/portainer-ce:latest
+    container_name: portainer
+    ports:
+      - "7002:9000"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - portainer_data:/data
+    networks:
+      - monitoring-net
+    restart: unless-stopped
+    security_opt:
+      - no-new-privileges:true
+
+  # Web-based SSH Terminal
+  webssh:
+    image: kuaifan/webssh:arm64
+    container_name: webssh
+    ports:
+      - "7003:5032"
+    environment:
+      - TZ=${TZ:-UTC}
+      # Restrict to internal network for security
+      - WEBSSH_ORIGIN_LIST=*
+      - WEBSSH_POLICY=reject
+    networks:
+      - monitoring-net
+    restart: unless-stopped
+
+  # Log Management (Optional but useful)
+  dozzle:
+    image: amir20/dozzle:latest
+    container_name: dozzle
+    ports:
+      - "7004:8080"
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    networks:
+      - monitoring-net
+    restart: unless-stopped
+    environment:
+      - DOZZLE_NO_ANALYTICS=true
+
+volumes:
+  portainer_data:
+  netdata_config:
+  netdata_lib:
+  netdata_cache:
+
+networks:
+  monitoring-net:
+    driver: bridge
\ No newline at end of file