# Copyright: (c) 2025, Luca Bilke <luca@bil.ke>
# MIT License (see LICENSE)

from __future__ import annotations

from typing import TYPE_CHECKING, Any

if TYPE_CHECKING:
    from ansible_collections.snailed.ez_docker.plugins.module_utils.models import State


DOCUMENTATION = """
docker_socket_proxy:
    description:
        - Configuration for docker_socket_proxy service.
    type: list
    elements: dict
    suboptions:
        read_only:
            description:
                - If true, only allow read access to the docker socket.
            type: bool
            required: true
"""

EXTRA_ARGS = {
    "read_only": {"type": "bool", "required": True},
}


def helper(_state: State, params: dict[str, Any]) -> dict[str, Any]:
    read_only = params["read_only"]

    volumes = [
        {
            "type": "bind",
            "source": "/var/run/docker.sock",
            "target": "/var/run/docker.sock",
            "read_only": read_only,
        },
    ]

    return {"volumes": volumes, "networks": {"internal": {}}}