name: redis-dev
services:
  redis-dev:
    image: redis:7.2-alpine
    container_name: redis-dev
    restart: unless-stopped
    # SECURITY (R4/I7): drop privileges and disable destructive admin commands.
    security_opt:
      - no-new-privileges:true
    environment:
      REDIS_PASSWORD: ${REDIS_PASSWORD}
    command:
      - redis-server
      - --requirepass
      - ${REDIS_PASSWORD}
      - --appendonly
      - "yes"
      - --appendfsync
      - everysec
      - --rename-command
      - FLUSHALL
      - ""
      - --rename-command
      - FLUSHDB
      - ""
      - --rename-command
      - KEYS
      - ""
      - --rename-command
      - DEBUG
      - ""
    volumes:
      - ./data:/data
    healthcheck:
      test: ["CMD-SHELL", "redis-cli -a \"$$REDIS_PASSWORD\" PING | grep -q PONG"]
      interval: 10s
      timeout: 3s
      retries: 5
    networks:
      - dev_edge

networks:
  dev_edge:
    external: true