From 04d9cc5eed7bbe792ae5b92fd6824bb3eb5ce1fb Mon Sep 17 00:00:00 2001
From: Ohad Livne <libohad-dev@proton.me>
Date: Wed, 12 Nov 2025 21:00:27 +0200
Subject: [PATCH] Isolate the LLM server from the internet

---
 .config/containers/systemd/ollama.container | 1 +
 .config/containers/systemd/ollama.network   | 5 +++++
 2 files changed, 6 insertions(+)
 create mode 100644 .config/containers/systemd/ollama.network

diff --git a/.config/containers/systemd/ollama.container b/.config/containers/systemd/ollama.container
index fc91619..6ae7f6c 100644
--- a/.config/containers/systemd/ollama.container
+++ b/.config/containers/systemd/ollama.container
@@ -5,6 +5,7 @@ Description=A local LLM server
 # keep-sorted start
 ContainerName=ollama
 Image=docker.io/ollama/ollama:latest
+Network=ollama.network
 PublishPort=11434:11434
 Volume=%h/.local/share/ollama:/root/.ollama:ro,z
 # keep-sorted end
diff --git a/.config/containers/systemd/ollama.network b/.config/containers/systemd/ollama.network
new file mode 100644
index 0000000..5f8c30b
--- /dev/null
+++ b/.config/containers/systemd/ollama.network
@@ -0,0 +1,5 @@
+[Unit]
+Description=Isolated network for my local LLM server
+
+[Network]
+Internal=true