services:
  broccolini-settings:
    build: .
    container_name: broccolini-settings
    restart: unless-stopped
    env_file: ../.env
    environment:
      # Node must bind all-interfaces inside the container so Docker's DNAT
      # from the host-side Tailscale publish below can reach it. The Tailscale
      # restriction is enforced by the `ports:` binding, not by Node.
      SETTINGS_BIND_HOST: "0.0.0.0"
    ports:
      - "100.114.205.53:12752:12752"
    networks:
      - broccoli-net

networks:
  broccoli-net:
    name: broccoli-net
    external: true