- Created TODO.md with pending task to fix ping on all containers
- Added setcap command to standard container setup in documentation
- Added detailed explanation in CLAUDE.md for future reference
- Unprivileged containers need cap_net_raw on /bin/ping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documented that NPM runs in Docker at /opt/npm and added
the docker compose commands for updating it.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Whitelist home IP (83.89.248.247) for all traffic
- Block DNS (53), spiceproxy (3128), Proxmox UI (8006, 8008) from internet
- Add Fail2ban for SSH on PVE host
- Home IP whitelisted in Fail2ban
Access Proxmox from home IP directly or via Tailscale when remote.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix for CERT-Bund security notification about exposed rpcbind service.
Added iptables rules to drop port 111 on vmbr0 (public interface).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fail2ban on Forgejo (5 retries, 24h ban)
- NPM access list 'home_only' restricts admin UIs to 83.89.248.247
- Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk
- Added home IP to documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
