From 6c48c71a4fdea9f49c4068ca848ac241aad1b86e Mon Sep 17 00:00:00 2001 From: Mikkel Georgsen Date: Wed, 14 Jan 2026 12:48:15 +0000 Subject: [PATCH] Add security measures: Fail2ban, NPM access lists - Fail2ban on Forgejo (5 retries, 24h ban) - NPM access list 'home_only' restricts admin UIs to 83.89.248.247 - Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk - Added home IP to documentation Co-Authored-By: Claude Opus 4.5 --- CLAUDE.md | 11 +++++++++++ homelab-documentation.md | 19 +++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/CLAUDE.md b/CLAUDE.md index a8baec0..3ccc2c1 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -89,6 +89,17 @@ ssh root@10.5.0.14 # Forgejo ssh mikkel@10.5.0.111 # dev container ``` +## Important IPs + +- **Home IP:** 83.89.248.247 (static, used for NPM access lists) +- **Public IP:** 65.108.14.165 (core.georgsen.dk) + +## Security + +- **NPM Access List "home_only" (ID 1):** Restricts access to home IP only + - Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk +- **Fail2ban:** Running on Forgejo (bans after 5 failed attempts for 24h) + ## User Preferences - Python and Batch for scripting diff --git a/homelab-documentation.md b/homelab-documentation.md index e396434..2636de5 100644 --- a/homelab-documentation.md +++ b/homelab-documentation.md @@ -480,6 +480,25 @@ Personal company website - **UI Style:** 256-color terminal retro aesthetic - **Development:** Ask clarifying questions, prefer understanding over workarounds - **Tools:** Claude Code for development projects +- **Home IP:** 83.89.248.247 (static) + +--- + +## Security + +### NPM Access Lists + +| ID | Name | IPs | Applied To | +|----|------|-----|------------| +| 1 | home_only | 83.89.248.247 | dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk | + +### Fail2ban + +**Forgejo (VMID 114):** +- Config: `/etc/fail2ban/jail.local` +- Max retries: 5 +- Ban time: 24 hours +- Log: `/var/lib/forgejo/log/forgejo.log` ---