Add security measures: Fail2ban, NPM access lists

- Fail2ban on Forgejo (5 retries, 24h ban)
- NPM access list 'home_only' restricts admin UIs to 83.89.248.247
- Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk
- Added home IP to documentation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

CLAUDE.md

@@ -89,6 +89,17 @@ ssh root@10.5.0.14     # Forgejo
 ssh mikkel@10.5.0.111  # dev container
 ```
 
+## Important IPs
+
+- **Home IP:** 83.89.248.247 (static, used for NPM access lists)
+- **Public IP:** 65.108.14.165 (core.georgsen.dk)
+
+## Security
+
+- **NPM Access List "home_only" (ID 1):** Restricts access to home IP only
+  - Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk
+- **Fail2ban:** Running on Forgejo (bans after 5 failed attempts for 24h)
+
 ## User Preferences
 
 - Python and Batch for scripting

homelab-documentation.md

@@ -480,6 +480,25 @@ Personal company website
 - **UI Style:** 256-color terminal retro aesthetic
 - **Development:** Ask clarifying questions, prefer understanding over workarounds
 - **Tools:** Claude Code for development projects
+- **Home IP:** 83.89.248.247 (static)
+
+---
+
+## Security
+
+### NPM Access Lists
+
+| ID | Name | IPs | Applied To |
+|----|------|-----|------------|
+| 1 | home_only | 83.89.248.247 | dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk |
+
+### Fail2ban
+
+**Forgejo (VMID 114):**
+- Config: `/etc/fail2ban/jail.local`
+- Max retries: 5
+- Ban time: 24 hours
+- Log: `/var/lib/forgejo/log/forgejo.log`
 
 ---