Add security measures: Fail2ban, NPM access lists

- Fail2ban on Forgejo (5 retries, 24h ban) - NPM access list 'home_only' restricts admin UIs to 83.89.248.247 - Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk - Added home IP to documentation Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-14 12:48:15 +00:00 · 2026-01-14 12:48:15 +00:00 · 6c48c71a4f
commit 6c48c71a4f
parent 530ef7c6b9
2 changed files with 30 additions and 0 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -89,6 +89,17 @@ ssh root@10.5.0.14     # Forgejo
 ssh mikkel@10.5.0.111  # dev container
 ```

+## Important IPs
+
+- **Home IP:** 83.89.248.247 (static, used for NPM access lists)
+- **Public IP:** 65.108.14.165 (core.georgsen.dk)
+
+## Security
+
+- **NPM Access List "home_only" (ID 1):** Restricts access to home IP only
+  - Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk
+- **Fail2ban:** Running on Forgejo (bans after 5 failed attempts for 24h)
+
 ## User Preferences

 - Python and Batch for scripting
--- a/homelab-documentation.md
+++ b/homelab-documentation.md
@ -480,6 +480,25 @@ Personal company website
 - **UI Style:** 256-color terminal retro aesthetic
 - **Development:** Ask clarifying questions, prefer understanding over workarounds
 - **Tools:** Claude Code for development projects
+- **Home IP:** 83.89.248.247 (static)
+
+---
+
+## Security
+
+### NPM Access Lists
+
+| ID | Name | IPs | Applied To |
+|----|------|-----|------------|
+| 1 | home_only | 83.89.248.247 | dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk |
+
+### Fail2ban
+
+**Forgejo (VMID 114):**
+- Config: `/etc/fail2ban/jail.local`
+- Max retries: 5
+- Ban time: 24 hours
+- Log: `/var/lib/forgejo/log/forgejo.log`

 ---