Added firewall rules, Fail2ban on both core and Forgejo,
and NPM update command for quick reference.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documented that NPM runs in Docker at /opt/npm and added
the docker compose commands for updating it.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Whitelist home IP (83.89.248.247) for all traffic
- Block DNS (53), spiceproxy (3128), Proxmox UI (8006, 8008) from internet
- Add Fail2ban for SSH on PVE host
- Home IP whitelisted in Fail2ban
Access Proxmox from home IP directly or via Tailscale when remote.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix for CERT-Bund security notification about exposed rpcbind service.
Added iptables rules to drop port 111 on vmbr0 (public interface).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fail2ban on Forgejo (5 retries, 24h ban)
- NPM access list 'home_only' restricts admin UIs to 83.89.248.247
- Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk
- Added home IP to documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- pve/credentials: Proxmox API token
- dns/credentials: Technitium DNS credentials
- forgejo/credentials: Forgejo API token
- npm/npm-api.conf: NPM API credentials
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
