services:
  web:
    build: 
      context: .
      dockerfile: Dockerfile
    ports:
      - "127.0.0.1:8000:8000"
    volumes:
      - ./posters:/app/posters
      - ./db:/app/db
      - /tmp
    tmpfs:
      - /tmp
      - /run
      - /var/log
    environment:
      - FLASK_SECRET_KEY=${FLASK_SECRET_KEY}
      - FLASK_OMDB_KEY=${FLASK_OMDB_KEY}
      - FLASK_ADMIN_PASSWORD=${FLASK_ADMIN_PASSWORD}
      - FLASK_DATABASE=/app/db/movielist.sqlite
      - FLASK_IMAGE_WIDTH=200
    env_file:
      - .env
    user: 952:952
    read_only: true
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8000"]
      interval: 1m30s
      timeout: 30s
      retries: 3
      start_period: 60s
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    deploy:
      resources:
        limits:
          cpus: '0.50'
          memory: 512M

volumes:
  posters:
  db: