Thanks for the PR, looks good to me!

I just had a small nitpick: should we be exposing the DB port by default in the compose file?

I've refactored code related to db port just so it is only ever exposed to other services and not the host. is that what you meant?

With that, if anyone were to remote connect to mongo: then they'd have to modify docker-compose.yml. Same for people running more than 1 instance of mongo at the same host.

It does add more security to it, indeed. It's less convenient, though.

I'd say exposing by default is better, since anyone self-hosting is supposed to have inbound firewall rules anyway.