services:
  nettrak:
    container_name: NetTrak
    restart: unless-stopped
    image: git.keithsolomon.net/keith/nettrak:latest

    environment:
      - NETTRAK_DB_PATH=/data/nettrak.db
      # Set this to your local subnet. Example for common home network:
      - NETTRAK_SUBNET=192.168.2.0/24
      - NETTRAK_TOP_PORTS=100
      # Optional explicit port set/range. Example catches most app ports:
      - NETTRAK_PORT_SPEC=1-10000
      - NETTRAK_SCAN_WORKERS=12
      - NETTRAK_PORT_PROBE_TIMEOUT=0.4
      - NETTRAK_ENABLE_OS_DETECTION=0
      - NETTRAK_ENABLE_DOCKER_INSIGHTS=1
      # Set this if Docker published ports are bound to 0.0.0.0 and host IP cannot be inferred.
      - NETTRAK_DOCKER_HOST_IP=192.168.2.23

    # For best host discovery on Linux, use host mode.
    # If you do that, remove the `ports` section and ensure port 1337 is free.
    # NOTE: If you want/need to change the port, you have to rebuild the image to update the EXPOSE instruction (see docker-compose-build.yml).
    #network_mode: host

    # Helps nmap discover MAC addresses/OS details in containerized runs.
    cap_add:
      - NET_ADMIN
      - NET_RAW

    # ports:
      - "1337:1337"

    volumes:
      # Store the database on the host for persistence across container restarts and easy access.
      - ./data:/data
      # Optional: mount Docker socket to include container-published host ports in results.
      - /var/run/docker.sock:/var/run/docker.sock:ro