services:
  backend:
    build:
      context: .
      dockerfile: Dockerfile.tunnel
    restart: unless-stopped
    extra_hosts:
      - "host.docker.internal:host-gateway"
    volumes:
      - //var/run/docker.sock:/var/run/docker.sock
    # No need to expose ports - traffic comes through the tunnel
    # ports:
    #   - "127.0.0.1:8080:8080"
    environment:
      - PORT=8080
      - CONCURRENT_EXECUTIONS=5
      - QUEUE_CAPACITY=100
      - DEFAULT_TIMEOUT=30
      - SANDBOX_NETWORK_DISABLED=true
      - SANDBOX_PIDS_LIMIT=50
      # Define cloudflared environment variables
      - TUNNEL_ORIGIN_CERT=/etc/cloudflared/cert.pem
      - NO_AUTOUPDATE=true
    # Isolated network to prevent conflicts with host cloudflared
    networks:
      - monaco-backend-network

networks:
  monaco-backend-network:
    driver: bridge