From 9ee480b95967ee0306c1c1ff03c6c713f30eabdc Mon Sep 17 00:00:00 2001
From: Ohad Livne <libohad-dev@proton.me>
Date: Wed, 24 Dec 2025 20:13:30 +0200
Subject: [PATCH] Use a read-only root filesystem in service containers

---
 .config/containers/systemd/ollama.container       | 1 +
 .config/containers/systemd/transmission.container | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.config/containers/systemd/ollama.container b/.config/containers/systemd/ollama.container
index 653e159..fd73a5a 100644
--- a/.config/containers/systemd/ollama.container
+++ b/.config/containers/systemd/ollama.container
@@ -7,6 +7,7 @@ ContainerName=ollama
 Image=docker.io/ollama/ollama:latest
 Network=ollama.network
 PublishPort=11434:11434
+ReadOnly=true
 Volume=%h/.local/share/ollama:/root/.ollama:ro,z
 # keep-sorted end
 
diff --git a/.config/containers/systemd/transmission.container b/.config/containers/systemd/transmission.container
index 0c139f3..7e167c5 100644
--- a/.config/containers/systemd/transmission.container
+++ b/.config/containers/systemd/transmission.container
@@ -11,6 +11,7 @@ Network=private
 PublishPort=51413:51413
 PublishPort=51413:51413/udp
 PublishPort=9091:9091
+ReadOnly=true
 UserNS=keep-id
 Volume=%h/.config/transmission:/config:Z
 Volume=%h/Downloads/transmission/watch:/watch:ro,Z