Isolating containers from internet access to enhance security.

1 files changed, 22 insertions, 3 deletions

diff --git a/docker-compose.yml b/docker-compose.yml
index 65638a9..f750995 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -17,6 +17,8 @@ services:
       retries: 5
       start_period: 20s
       timeout: 10s
+    networks:
+      - nointernet
 
   openedai-speech:
     build:
@@ -40,12 +42,16 @@ services:
       retries: 5
       start_period: 10s
       timeout: 10s
+    networks:
+      - nointernet
 
-  llm_provision:
+  ollama_provision:
     build:
-      dockerfile: src/llm_provision/Dockerfile
+      dockerfile: src/ollama_provision/Dockerfile
     environment:
       - MODELS=qwen2.5:latest,qwen2.5-coder:32b,nomic-embed-text:latest,gemma2:latest,mistral:latest,deepseek-r1:7b
+    volumes:
+      - ollama:/root/.ollama
     restart: no
     depends_on:
       ollama:
@@ -53,6 +59,8 @@ services:
         restart: true
     links:
       - ollama
+    networks:
+      - internet
 
   aichat:
     build:
@@ -69,11 +77,14 @@ services:
       interval: 30s
       timeout: 15s
       retries: 3
+    networks:
+      - nointernet
 
   nginx:
     image: nginx
     volumes:
       - ./src/nginx/nginx.conf:/etc/nginx/templates/nginx.conf.template
+      - ./src/nginx/htpasswd:/etc/nginx/.htpasswd
     environment:
       - NGINX_ENVSUBST_OUTPUT_DIR=/etc/nginx
       - API_KEY=${LLM_API_KEY}
@@ -90,9 +101,17 @@ services:
       - "8000:8000"
       - "8001:8001"
     restart: unless-stopped
+    networks:
+      - internet
+      - nointernet
 
 volumes:
   ollama:
   voices:
   speech-config:
-  hf-hub-cache:
+
+networks:
+  internet:
+    internal: false
+  nointernet:
+    internal: true