# DeerFlow hardening overlay.
#
# This override turns the upstream `deer-flow` bridge network into a
# stably-named Linux bridge (`br-deerflow`) so that the host-level
# egress firewall (deerflow-firewall.service) can reference it without
# guessing Docker's auto-generated `br-<hash>` name.
#
# Use it together with the upstream compose file:
#
#     cd deerflow-factory
#     docker compose \
#         -f deer-flow/docker/docker-compose.yaml \
#         -f docker/docker-compose.override.yaml \
#         up -d
#
# After the network is created (or recreated), the firewall rules
# installed by deerflow-firewall.service automatically take effect on
# the new bridge — no further action required.
#
# If you ever rename or delete the bridge, restart the firewall unit:
#     systemctl restart deerflow-firewall.service

networks:
  deer-flow:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: br-deerflow