# Security Mesh stack — NATS + Go-normalizer (Zeek/Suricata JSON → Postgres).
# Start vanuit homelab-command: docker compose -f docker-compose.mesh.yml --env-file .env.mesh up -d
# Stop bestaande NATS op poort 4222 of wijzig poorten hieronder.

services:
  nats:
    image: nats:2.10-alpine
    command: ["-js", "-m", "8222"]
    ports:
      - "${NATS_CLIENT_PORT:-4222}:4222"
      - "${NATS_HTTP_PORT:-8222}:8222"
    restart: unless-stopped

  mesh-normalizer:
    image: mesh-normalizer:local
    build:
      context: ./mesh-ingest
      dockerfile: Dockerfile
    environment:
      NATS_URL: nats://nats:4222
      MESH_DEFAULT_TENANT_ID: ${MESH_DEFAULT_TENANT_ID:-00000000-0000-4000-8000-000000000001}
      PG_HOST: ${PG_HOST:-172.17.0.1}
      PG_PORT: ${PG_PORT:-5433}
      PG_USER: ${PG_USER:-mo}
      PG_PASSWORD: ${PG_PASSWORD:-}
      PG_DATABASE: ${PG_DATABASE:-homelab}
    depends_on:
      - nats
    restart: unless-stopped
    extra_hosts:
      - "host.docker.internal:host-gateway"