[Feature]: MySQL and Redis bound to all interfaces; use internal Docker networking only

[traxeon]

Feature Category

Security

Problem Statement

MySQL and Redis are exposed on all host interfaces with no authentication or access restrictions, making them directly accessible to any device on the network.

Proposed Solution

Remove the ports mappings from both MySQL and Redis entirely and restrict them to an internal Docker network accessible only to containers that need them.

Consider these changes:

services:
  mysql:
    networks:
      - nomad-internal
    # remove port mapping

  redis:
    networks:
      - nomad-internal
    # remove port mapping

networks:
  nomad-internal:
    driver: bridge
    internal: true

Alternative Solutions

No response

Use Case

As a user deploying Project N.O.M.A.D., I want MySQL and Redis restricted to an internal Docker network so that my database and cache are not exposed to other devices on my network.

Who would benefit from this feature?

All Users

How important is this feature to you?

High - Would significantly improve my experience

Implementation Ideas (Optional)

No response

Examples or References

No response

Would you be willing to help implement this?

Maybe - with guidance

Additional Context

No response

Pre-submission Checklist

• I have searched for existing feature requests that might be similar
• This feature aligns with N.O.M.A.D.'s mission of offline-first knowledge and education
• I understand that feature requests are not guaranteed to be implemented

[chriscrosstalk]

Good catch — MySQL and Redis don't need to be exposed to the host network since the admin container connects via Docker's internal networking. Fix is up in PR #288.

[cosmistack-bot]

🎉 This issue has been resolved in version 1.30.0-rc.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

[cosmistack-bot]

🎉 This issue has been resolved in version 1.30.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀