diff --git a/apps/hydra/linkding/srv.yaml b/apps/hydra/linkding/srv.yaml
index 005eb82..df12736 100644
--- a/apps/hydra/linkding/srv.yaml
+++ b/apps/hydra/linkding/srv.yaml
@@ -7,9 +7,11 @@ metadata:
   namespace: linkding
 spec:
   ports:
-  - port: 9090
+  - nodePort: 9090
+    port: 9090
     targetPort: 0
   selector:
     app: linking
+  type: NodePort
 status:
   loadBalancer: {}
diff --git a/pkg/linkding/linkding.go b/pkg/linkding/linkding.go
index 51a1fc3..6e0bf5c 100644
--- a/pkg/linkding/linkding.go
+++ b/pkg/linkding/linkding.go
@@ -16,6 +16,8 @@ var pvc core.PersistentVolumeClaim
 func init() {
 	meta = kube.NewMetadata("linking", Namespace)
 	srv = meta.Service(root.Linkding.Port)
+	srv.Spec.Type = core.ServiceTypeNodePort
+	srv.Spec.Ports[0].NodePort = root.Linkding.Port
 	pvc = meta.PVC()
 }
 
@@ -33,17 +35,15 @@ func deployment() apps.Deployment {
 	storage := kube.NewVolumeFrom(kube.VolumeSourcePVC, "data", pvc.Name)
 	pod_spec := core.PodSpec{
 		SecurityContext: &core.PodSecurityContext{
-			RunAsUser:  new(int64(33)), // www-data user ID
-			RunAsGroup: new(int64(33)),
-			FSGroup:    new(int64(33)),
+			RunAsUser:  &root.Linkding.SecurityContextID,
+			RunAsGroup: &root.Linkding.SecurityContextID,
+			FSGroup:    &root.Linkding.SecurityContextID,
 		},
 		Containers: []core.Container{
 			{
-				Name:  root.Linkding.Name,
-				Image: root.Linkding.Image,
-				SecurityContext: &core.SecurityContext{
-					AllowPrivilegeEscalation: new(false),
-				},
+				Name:            root.Linkding.Name,
+				Image:           root.Linkding.Image,
+				SecurityContext: root.ContainerSecurityContext,
 				Ports: []core.ContainerPort{{
 					ContainerPort: root.Linkding.Port,
 				}},
diff --git a/pkg/root/root.go b/pkg/root/root.go
index 3260003..8959ae2 100644
--- a/pkg/root/root.go
+++ b/pkg/root/root.go
@@ -1,5 +1,9 @@
 package root
 
+import (
+	core "k8s.io/api/core/v1"
+)
+
 const (
 	HYDRA_CLUSTER  = "hydra"
 	HYDRA_HOSTNAME = "hydra-0" // VPN Host
@@ -11,3 +15,9 @@ const (
 	FLUX_APPS_HYDRA_PATH    = "./apps/" + HYDRA_CLUSTER
 	FLUX_CLUSTER_HYDRA_PATH = "./clusters/" + HYDRA_CLUSTER
 )
+
+var (
+	ContainerSecurityContext = &core.SecurityContext{
+		AllowPrivilegeEscalation: new(false),
+	}
+)
diff --git a/pkg/root/services.go b/pkg/root/services.go
index fcdcef5..70c7976 100644
--- a/pkg/root/services.go
+++ b/pkg/root/services.go
@@ -1,13 +1,15 @@
 package root
 
 type Service struct {
-	Name  string
-	Image string
-	Port  int32
+	Name              string
+	Image             string
+	Port              int32
+	SecurityContextID int64
 }
 
 var Linkding = Service{
-	Name:  "linkding",
-	Image: "sissbruecker/linkding:1.31.0",
-	Port:  9090,
+	Name:              "linkding",
+	Image:             "sissbruecker/linkding:1.31.0",
+	Port:              9090,
+	SecurityContextID: 33, // www-data user, group and FS ID
 }