To be specific, I'd like to use Podman containers (running maybe Debian 12) for this, and: - lock them down to not accept any incoming traffic and only allow traffic to a small set of necessary domains - prevent unauthorized access to mounted secret files, sensitive env variables, etc - monitor traffic to minimize the chance of exfiltration of any sensitive information or code - prevent any attempt to remove these protections
I've looked creating a build for this myself, but it gets more complex the more I think about it. Messing around with firewall rules, container permissions, file access, proxy servers/software, etc. starts to become hairy real quickly.
Is there a guide or pre-built images for this?