- Add updates helper script docs and version checking guidance to CLAUDE.md
- Update container IPs from DHCP to static, add new containers (lisotex, debate-builder)
- Add DragonflyDB stack, NPM proxy entries, DNS records
- Add incident log (Hetzner MAC warning, BSI portmapper)
- Add new TODOs (RustDesk, dns-services helper, mh.datalos.dk)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Deployed Beszel hub in Dockge (10.5.0.10:8090)
- Installed agents on PVE host and PBS (with Synology mount monitoring)
- Created NPM proxy at dashboard.georgsen.dk
- Created ~/bin/beszel helper script for API management
- Added credentials for Beszel and Dockge
- Updated all documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created ~/bin/kuma for managing monitors via Socket.IO API
- Uses uptime-kuma-api Python library
- Added monitors: PBS, Forgejo, Technitium DNS
- Updated credentials with username/password for Socket.IO auth
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Added API key to uptime-kuma/credentials
- Created README.md with full API documentation
- Updated homelab-documentation.md and CLAUDE.md
- Added TODO to review monitors for missing services
REST API is limited (metrics, push monitors, badges).
Full monitor management requires Socket.IO/web UI.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created TODO.md with pending task to fix ping on all containers
- Added setcap command to standard container setup in documentation
- Added detailed explanation in CLAUDE.md for future reference
- Unprivileged containers need cap_net_raw on /bin/ping
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Documented that NPM runs in Docker at /opt/npm and added
the docker compose commands for updating it.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Whitelist home IP (83.89.248.247) for all traffic
- Block DNS (53), spiceproxy (3128), Proxmox UI (8006, 8008) from internet
- Add Fail2ban for SSH on PVE host
- Home IP whitelisted in Fail2ban
Access Proxmox from home IP directly or via Tailscale when remote.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fix for CERT-Bund security notification about exposed rpcbind service.
Added iptables rules to drop port 111 on vmbr0 (public interface).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fail2ban on Forgejo (5 retries, 24h ban)
- NPM access list 'home_only' restricts admin UIs to 83.89.248.247
- Applied to: dns.georgsen.dk, dockge.georgsen.dk, pbs.georgsen.dk
- Added home IP to documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
