services:
  netalertx:
    # Writable container configuration with tmpfs mounts for performance testing
    network_mode: ${NETALERTX_NETWORK_MODE:-host}
    build:
      context: ../../../
      dockerfile: Dockerfile
    image: netalertx-test
    container_name: netalertx-test-writable
    read_only: false
    cap_drop:
      - ALL
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - NET_BIND_SERVICE

    volumes:
      - type: volume
        source: netalertx_data
        target: /data
        read_only: false

      - type: bind
        source: /etc/localtime
        target: /etc/localtime
        read_only: true

    # tmpfs mount aligns with simplified runtime layout
    tmpfs:
      - "/tmp:uid=20211,gid=20211,mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"

    environment:
      LISTEN_ADDR: ${LISTEN_ADDR:-0.0.0.0}
      PORT: ${PORT:-20211}
      APP_CONF_OVERRIDE: ${GRAPHQL_PORT:-20212}
      ALWAYS_FRESH_INSTALL: ${ALWAYS_FRESH_INSTALL:-false}
      NETALERTX_DEBUG: ${NETALERTX_DEBUG:-0}

    mem_limit: 2048m
    mem_reservation: 1024m
    cpu_shares: 512
    pids_limit: 512
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

    restart: unless-stopped

volumes:
  netalertx_data: