docker-compose.yml

@@ -4144,9 +4144,24 @@ services:
       - ${DOCKER_VOLUME_STORAGE}/backups/navidrome:/backups
   netalertx:
     container_name: netalertx
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETUID
+      - SETGID
+      - NET_RAW
+      - NET_ADMIN
+      - NET_BIND_SERVICE
     environment:
       TZ: ${TZ}
       PORT: 20211
+      PUID: ${NETALERTX_UID:-20211} # Runtime UID after priming (Synology/no-copy-up safe)
+      PGID: ${NETALERTX_GID:-20211} # Runtime GID after priming (Synology/no-copy-up safe)
+      LISTEN_ADDR: ${LISTEN_ADDR:-0.0.0.0} # Listen for connections on all interfaces
+      GRAPHQL_PORT: ${GRAPHQL_PORT:-20212} # GraphQL API port
+      ALWAYS_FRESH_INSTALL: ${ALWAYS_FRESH_INSTALL:-false} # Set to true to reset your config and database on each container start
+      NETALERTX_DEBUG: ${NETALERTX_DEBUG:-0} # 0=kill all services and restart if any dies. 1 keeps running dead services.
     image: jokobsk/netalertx:latest@sha256:f47a8020ae61fd668e1580cd5014e1a34e8ffa80360b1652e6deb3a7347f0238
     labels:
       cloudflare.tunnel.enable: true
@@ -4172,16 +4187,11 @@ services:
     network_mode: host
     profiles: ["rinoa-apps"]
     restart: unless-stopped
+    tmpfs:
+      - "/tmp:mode=1700,uid=0,gid=0,rw,noexec,nosuid,nodev,async,noatime,nodiratime"
     volumes:
-      - ${DOCKER_VOLUME_CONFIG}/netalertx/config:/app/config
-      - ${DOCKER_VOLUME_CONFIG}/netalertx/db:/app/db
-      # (optional) useful for debugging if you have issues setting up the container
-      # - ${DOCKER_VOLUME_CONFIG}/netalertx/logs:/app/log
-      # (API: OPTION 1) use for performance
-      - type: tmpfs
-        target: /app/api
-      # (API: OPTION 2) use when debugging issues
-      # - ${DOCKER_VOLUME_CONFIG}/netalertx/api:/app/api
+      - ${DOCKER_VOLUME_CONFIG}/netalertx/config:/data
+      - /etc/localtime:/etc/localtime:ro
   nextcloud:
     container_name: nextcloud-aio-mastercontainer
     environment: