services:
  mission-control:
    build: .
    container_name: mission-control
    ports:
      - "${MC_PORT:-3000}:${PORT:-3000}"
    environment:
      - PORT=${PORT:-3000}
    env_file:
      - path: .env
        required: false
    volumes:
      - mc-data:/app/.data
    read_only: true
    tmpfs:
      - /tmp
      - /app/.next/cache
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE
    security_opt:
      - no-new-privileges:true
    deploy:
      resources:
        limits:
          memory: 512M
          cpus: '1.0'
          pids: 256
    networks:
      - mc-net
    restart: unless-stopped

volumes:
  mc-data:

networks:
  mc-net:
    driver: bridge