fix(ops): contain 188 ollama gateway exposure

scripts/ops/ollama188-localhost-containment.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+# 188 Ollama 緊急封口。
+# 不需要 root：把目前對外開放的 ollama serve 換成只綁 127.0.0.1:11434 的同使用者進程。
+# 這是臨時手段；永久修法仍必須用 root 修改 systemd override。
+
+set -euo pipefail
+
+LEGACY_SSH="${LEGACY_SSH:-ollama@192.168.0.188}"
+
+ssh -o BatchMode=yes -o ConnectTimeout=5 "$LEGACY_SSH" 'cat > ~/awoooi-ops/ollama-localhost-containment.sh <<'"'"'REMOTE_SH'"'"'
+#!/usr/bin/env bash
+set -euo pipefail
+
+LOG="$HOME/awoooi-ops/ollama-localhost-containment.log"
+SERVE_LOG="$HOME/awoooi-ops/ollama-localhost-serve.log"
+
+{
+  echo "=== containment start $(date) ==="
+  echo "before:"
+  ss -lntp | grep 11434 || true
+
+  for i in $(seq 1 20); do
+    pkill -u ollama -f "/usr/local/bin/ollama serve" 2>/dev/null || true
+    sleep 0.2
+    nohup env \
+      PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" \
+      OLLAMA_HOST="127.0.0.1:11434" \
+      OLLAMA_KEEP_ALIVE="30m" \
+      OLLAMA_MAX_LOADED_MODELS="2" \
+      OLLAMA_NUM_THREAD="14" \
+      OLLAMA_NUM_PARALLEL="4" \
+      OLLAMA_FLASH_ATTENTION="1" \
+      OLLAMA_RUNNERS_DIR="/tmp/ollama_runners" \
+      /usr/local/bin/ollama serve >> "$SERVE_LOG" 2>&1 &
+    sleep 1
+    if ss -lntp | grep -q "127.0.0.1:11434"; then
+      echo "contained on attempt $i"
+      break
+    fi
+  done
+
+  echo "after:"
+  ss -lntp | grep 11434 || true
+  echo "local test:"
+  curl -sS --max-time 3 http://127.0.0.1:11434/api/tags >/dev/null && echo LOCAL_OK || echo LOCAL_FAIL
+  echo "=== containment end $(date) ==="
+} | tee -a "$LOG"
+REMOTE_SH
+chmod +x ~/awoooi-ops/ollama-localhost-containment.sh
+~/awoooi-ops/ollama-localhost-containment.sh'
+
+echo "=== 驗證 LAN 入口 ==="
+if curl -sS --max-time 3 http://192.168.0.188:11434/api/tags >/dev/null 2>&1; then
+  echo "FAIL: 192.168.0.188:11434 仍可從 LAN 連線"
+  exit 1
+fi
+
+echo "PASS: 192.168.0.188:11434 已拒絕 LAN 連線"

scripts/ops/ollama188-retirement-gate.sh

@@ -34,7 +34,8 @@ check_repo_runtime_refs() {
   output="$(
     cd "$ROOT_DIR" && rg -n "$pattern" \
       apps/api/src apps/api/scripts scripts k8s ops \
-      -g '!scripts/ops/ollama188-retirement-gate.sh' 2>/dev/null || true
+      -g '!scripts/ops/ollama188-retirement-gate.sh' \
+      -g '!scripts/ops/ollama188-localhost-containment.sh' 2>/dev/null || true
   )"
 
   if [[ -n "$output" ]]; then
@@ -80,6 +81,28 @@ check_prometheus_config() {
   fi
 }
 
+check_legacy_port_exposure() {
+  info "檢查 188 Ollama 是否仍對 LAN/gateway 開放"
+  local listen_output
+  if ! listen_output="$(ssh -o BatchMode=yes -o ConnectTimeout=5 "$LEGACY_SSH" \
+    "ss -lntp | grep ':11434' || true" 2>/dev/null)"; then
+    warn "無法讀取 188 listen 狀態"
+    return
+  fi
+
+  printf '%s\n' "$listen_output"
+  if printf '%s\n' "$listen_output" | grep -Eq '(\*:11434|0\.0\.0\.0:11434|\[::\]:11434)'; then
+    fail "188 Ollama 仍綁定 all interfaces，可能被 gateway/NAT 打入"
+    return
+  fi
+
+  if curl -sS --max-time 3 http://192.168.0.188:11434/api/tags >/dev/null 2>&1; then
+    fail "本機仍可從 LAN 直連 192.168.0.188:11434"
+  else
+    pass "LAN 入口已關閉；若需本機使用，應只留 127.0.0.1:11434"
+  fi
+}
+
 check_legacy_inference_posts() {
   info "檢查 188 Ollama 最近是否仍有推理 POST（POST_SINCE=${POST_SINCE}）"
   local output
@@ -117,6 +140,7 @@ check_dev_health_noise() {
 check_repo_runtime_refs
 check_k8s_env
 check_prometheus_config
+check_legacy_port_exposure
 check_legacy_inference_posts
 check_dev_health_noise