services:
  codex:
    build: 
      context: .
      args:
        UID: ${UID}
        GID: ${GID}
    container_name: codex
    stdin_open: true
    tty: true
    user: "${UID}:${GID}"
    volumes:
      - ./workspace:/home/dev/workspace
      - codex_config:/home/dev/.config
      - codex_home:/home/dev/.codex
    tmpfs:
      - /tmp
    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges:true
    network_mode: bridge
    command: sleep infinity
volumes:
  codex_config:
  codex_home: