# Expected outcome: Priming fails without CAP_CHOWN when caps are fully dropped
# - Container should exit fatally during priming
# - Logs must explain CAP_CHOWN requirement and link to troubleshooting docs
services:
  netalertx:
    network_mode: host
    build:
      context: ../../../
      dockerfile: Dockerfile
    image: netalertx-test
    container_name: netalertx-test-mount-cap_chown_missing
    cap_drop:
      - CHOWN
    cap_add:
      - SETUID
      - SETGID
      - NET_RAW
      - NET_ADMIN
    # Intentionally drop CHOWN to prove failure path while leaving defaults intact
    environment:
      LISTEN_ADDR: 0.0.0.0
      PORT: 9999
      APP_CONF_OVERRIDE: 20212
      ALWAYS_FRESH_INSTALL: true
      NETALERTX_DEBUG: 0
      PUID: 20211
      PGID: 20211

    volumes:
      - type: volume
        source: test_netalertx_data
        target: /data
        read_only: false
    tmpfs:
      - "/tmp:mode=1700,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
volumes:
  test_netalertx_data: