fix(openclaw): remove --network=host, use bridge network #4

Merged

ashie merged 3 commits from franz-kafka/nixos-vps:fix/openclaw-network-isolation into main

2026-03-19 20:19:50 +00:00

Author	SHA1	Message	Date
ashie	b7ccb0a07e	Merge branch 'main' into fix/openclaw-network-isolation	2026-03-19 20:19:05 +00:00
ashie	96a86db323	Merge branch 'main' into fix/openclaw-network-isolation	2026-03-19 20:17:50 +00:00
Franz Kafka	9092d6ec58	fix(openclaw): remove --network=host, use bridge network - Drops --network=host from OpenClaw container - Container now runs on Podman's default bridge network - Gateway port already mapped via ports config (127.0.0.1:18789:8080) - Container retains outbound internet access for Discord API, model providers, etc. - Cannot reach other host services (Forgejo, Vaultwarden, etc.) — principle of least privilege Note: If OpenClaw needs to reach local services in the future, add explicit extraOptions like --network=bridge or create a shared Podman network.	2026-03-19 15:09:05 +00:00

Author

SHA1

Message

Date

ashie

b7ccb0a07e

Merge branch 'main' into fix/openclaw-network-isolation

2026-03-19 20:19:05 +00:00

ashie

96a86db323

Merge branch 'main' into fix/openclaw-network-isolation

2026-03-19 20:17:50 +00:00

Franz Kafka

9092d6ec58

fix(openclaw): remove --network=host, use bridge network

- Drops --network=host from OpenClaw container
- Container now runs on Podman's default bridge network
- Gateway port already mapped via ports config (127.0.0.1:18789:8080)
- Container retains outbound internet access for Discord API, model providers, etc.
- Cannot reach other host services (Forgejo, Vaultwarden, etc.) — principle of least privilege

Note: If OpenClaw needs to reach local services in the future, add explicit
extraOptions like --network=bridge or create a shared Podman network.

2026-03-19 15:09:05 +00:00