services:
  codex:
    build: .
    container_name: codex
    working_dir: /workspace
    stdin_open: true
    tty: true

    volumes:
      - ./workspace:/workspace
      - codex_config:/root/.config

    environment:
      - HOME=/home/dev

    tmpfs:
      - /tmp

    cap_drop:
      - ALL

    security_opt:
      - no-new-privileges:true

    network_mode: host

    command: sleep infinity

volumes:
  codex_config: