services:
  bastion:
    build:
      context: ..
      dockerfile: stack/Dockerfile
    network_mode: host
    restart: unless-stopped
    env_file: .env
    volumes:
      - bastion-state:/data/state
      - bastion-tftp:/data/tftp
      - bastion-http:/data/http
      - ${SSH_KEY_PATH:-~/.ssh}:/root/.ssh:ro
    cap_add:
      - NET_ADMIN
      - NET_RAW

volumes:
  bastion-state:
  bastion-tftp:
  bastion-http: