services:
  sb-ruleset-sync:
    build:
      context: .
      dockerfile: ./docker/Dockerfile
    container_name: sb-ruleset-sync
    restart: unless-stopped

    # Mount volumes:
    # - The local `rules` directory is mounted into the container, so downloaded
    #   files persist between container restarts.
    # - The `template.json` is mounted as read-only for security.
    volumes:
      - ./template.json:/config/template.json:ro
      - ./rules:/rules

    environment:
      - TZ=Europe/Moscow
      # Optional: Set the user and group ID for the 'app' user inside the container.
      # Match this to your host user (`id -u` and `id -g`) to avoid file permission
      # issues on the mounted `./rules` volume.
      - PUID=1000
      - PGID=1000

    # A healthcheck to ensure the cron daemon is running.
    healthcheck:
      test: ["CMD", "pgrep", "crond"]
      interval: 1m
      timeout: 10s
      retries: 3
      start_period: 10s