services:
  attackmap:
    build: .
    image: honeypot-es-attackmap:latest
    container_name: honeypot-attackmap
    restart: unless-stopped
    ports:
      - "${WEB_PORT:-8080}:8080"
    environment:
      # URL to remote T-Pot Elasticsearch
      # Option 1: Direct (if ES is reachable from this host)
      #   ELASTICSEARCH_URL=http://your-tpot-host:64298
      # Option 2: Via SSH tunnel (run tunnel separately, see README)
      #   ELASTICSEARCH_URL=http://host.docker.internal:64298
      - ELASTICSEARCH_URL=${ELASTICSEARCH_URL:-http://localhost:9200}
      - REDIS_HOST=localhost
      - WEB_PORT=8080
      - TPOT_ATTACKMAP_TEXT=${TPOT_ATTACKMAP_TEXT:-ENABLED}
    extra_hosts:
      # Allows container to reach the Docker host (for SSH tunnel scenario)
      - "host.docker.internal:host-gateway"
    healthcheck:
      test: ["CMD", "python3", "-c", "import urllib.request; urllib.request.urlopen('http://localhost:8080')"]
      interval: 30s
      timeout: 10s
      start_period: 30s
      retries: 3