From 36a16cc1dd3a5e6b31d530ad14c8717cae907ff9 Mon Sep 17 00:00:00 2001 From: Ohad Livne Date: Thu, 9 Apr 2026 21:58:53 +0300 Subject: [PATCH] Only expose access ports on the localhost network --- .config/containers/systemd/ollama.container | 2 +- .config/containers/systemd/plantuml.container | 2 +- .config/containers/systemd/transmission.container | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.config/containers/systemd/ollama.container b/.config/containers/systemd/ollama.container index 051de23..a3a4402 100644 --- a/.config/containers/systemd/ollama.container +++ b/.config/containers/systemd/ollama.container @@ -11,7 +11,7 @@ Image=docker.io/ollama/ollama:latest Network=ollama.network NoNewPrivileges=true PodmanArgs=--transient-store -PublishPort=11434:11434 +PublishPort=127.0.0.1:11434:11434 ReadOnly=true Volume=%h/.local/share/ollama:/root/.ollama:ro,z # keep-sorted end diff --git a/.config/containers/systemd/plantuml.container b/.config/containers/systemd/plantuml.container index 0648c34..7a1b266 100644 --- a/.config/containers/systemd/plantuml.container +++ b/.config/containers/systemd/plantuml.container @@ -10,7 +10,7 @@ Image=docker.io/plantuml/plantuml-server:jetty Network=private NoNewPrivileges=true PodmanArgs=--transient-store -PublishPort=8080:8080 +PublishPort=127.0.0.1:8080:8080 ReadOnly=true # keep-sorted end diff --git a/.config/containers/systemd/transmission.container b/.config/containers/systemd/transmission.container index 6d83357..210cd62 100644 --- a/.config/containers/systemd/transmission.container +++ b/.config/containers/systemd/transmission.container @@ -10,9 +10,9 @@ Environment=PUID=1000 Image=lscr.io/linuxserver/transmission:latest Network=private PodmanArgs=--transient-store +PublishPort=127.0.0.1:9091:9091 PublishPort=51413:51413 PublishPort=51413:51413/udp -PublishPort=9091:9091 ReadOnly=true UserNS=keep-id Volume=%h/.config/transmission:/config:Z