d1ac7c6965
Disable Modbus Suricata rules that fail to parse
...
Modbus protocol detection is disabled in the NixOS build; the 5 Modbus
SIDs (2250005-2250009) cause the config test to fail and crash-loop the
service. Disable them alongside the existing DNP3 exclusions.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-06 20:51:22 +01:00
b91b0ef234
Add Suricata IDS to FredOS-Mediaserver
...
Passive network monitoring via af-packet on eno1. Rulesets auto-updated
from ET/Open, abuse.ch, and other community sources via suricata-update.
Runs alongside fail2ban; IPS/blocking mode can be enabled later.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-06 20:36:45 +01:00
Claude
78bb64d9f2
fail2ban: fix bantime-increment option name (multipliers not multiplier)
...
https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
2026-04-06 08:35:15 +00:00
Claude
6b432f3bc2
Remove CrowdSec — replaced by fail2ban
...
https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
2026-04-06 08:28:08 +00:00
Claude
4935d42e48
fail2ban: add jails for Sonarr, Radarr, Prowlarr, Bazarr, qBittorrent
...
All services with openFirewall = true are now covered. The *arr suite
shares a single filter since they use the same logging codebase.
https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
2026-04-06 08:24:18 +00:00
Claude
16363dc887
fail2ban: add jails for SSH, nginx proxy manager, and Jellyfin
...
Replaces bare enable flag with a dedicated service module covering:
- SSH brute force via journald
- Nginx Proxy Manager auth failures via Docker log files
- Jellyfin auth failures via journald
Includes incremental ban times (up to 1 week) and LAN ignore rules.
https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
2026-04-06 08:21:23 +00:00
Claude
f5bb08d7dd
crowdsec: switch to Docker container with native firewall bouncer
...
Replaces the incomplete nixpkgs NixOS module with the official
CrowdSec Docker image for the LAPI, while keeping the firewall
bouncer as a native systemd service. API key is read from
/var/lib/secrets/crowdsec-bouncer-key at start time so it
never enters the Nix store.
https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
2026-04-06 07:05:59 +00:00
Claude
f493d09c50
Add CrowdSec setup readme for Docker-based deployment
...
Documents API key generation, storage, bouncer registration,
and useful cscli commands.
https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
2026-04-06 07:00:50 +00:00
8b85956f7c
Fix CrowdSec race: order crowdsec after tmpfiles-resetup
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 23:17:35 +01:00
9958198209
Fix CrowdSec: enable LAPI server and expose config.yaml for bouncer registration
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 23:12:45 +01:00
2b090f1a35
Fix CrowdSec bouncer api_url to resolve null coercion error
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 23:05:57 +01:00
509c4cc47d
Add CrowdSec IPS with firewall bouncer on FredOS-Mediaserver
...
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 22:59:37 +01:00
7085465350
Delete services/omnisearch.nix
2026-04-05 11:21:08 +01:00
93ea194da4
Reorganise hardware vs host config, tidy settings and services
2026-04-01 21:16:59 +01:00
7e61f03dae
2026-03-28 13:36:50 +00:00
6c3fe3bb46
2026-03-28 13:36:22 +00:00
2625a4676c
2026-03-28 13:15:23 +00:00
570871787f
2026-03-28 13:14:22 +00:00
e3bc048e42
2026-03-28 12:09:08 +00:00
cedc64ab9b
2026-03-28 12:06:38 +00:00
0a93ee59a3
2026-03-28 12:04:15 +00:00
35d6de113d
Update omnisearch.nix
2026-03-26 10:26:18 +00:00
ab0d8dd6d4
Update omnisearch.nix
2026-03-26 10:25:23 +00:00
e415c01ca4
Update omnisearch.nix
2026-03-26 10:06:38 +00:00
303b319013
Update omnisearch.nix
2026-03-26 10:05:59 +00:00
d9d9b60b46
Update omnisearch.nix
2026-03-26 10:04:08 +00:00
221007060c
Create omnisearch.nix
2026-03-26 10:03:15 +00:00
22642929ae
Update server-permissions.nix
2026-02-20 21:45:42 +00:00
3c33931b15
Update qbittorrent-nox.nix
2026-02-20 21:45:15 +00:00
9ea2f264e9
Update sonarr.nix
2026-02-20 21:43:19 +00:00
d99ae37a1d
Create server-permissions.nix
2026-02-20 21:42:34 +00:00
fddda8f06b
Update cloudflare-ddns.nix
2026-02-15 09:06:23 +02:00
0808cfbfca
Update cloudflare-ddns.nix
2026-02-15 09:05:56 +02:00
4281e2aa3f
Create cloudflare-ddns.md
2026-02-15 06:24:20 +00:00
529e77ead6
Create cloudflare-ddns.nix
2026-02-15 06:22:17 +00:00
a8adeb6174
Create bazarr.nix
2026-02-01 13:03:40 +00:00
9b7567419b
Update qbittorrent-nox.nix
2026-01-26 19:41:28 +00:00
b42f6ecbae
Update game-servers.nix
2026-01-25 16:38:45 +00:00
45d447d2d0
Update game-servers.nix
2026-01-25 16:27:28 +00:00
65cd7b3c2a
Update game-servers.nix
2026-01-25 16:19:42 +00:00
526648b952
Update game-servers.nix
2026-01-25 15:53:44 +00:00
7183ccb02c
Update game-servers.nix
2026-01-25 12:49:15 +00:00
cbdb68aed9
Update game-servers.nix
2026-01-25 12:47:51 +00:00
4f6b728638
Update game-servers.nix
2026-01-25 12:42:14 +00:00
d5f4c24388
Update game-servers.nix
2026-01-25 12:39:20 +00:00
75eecd3381
Update game-servers.nix
2026-01-25 12:35:18 +00:00
b63c7f8a2a
Update game-servers.nix
2026-01-25 12:33:21 +00:00
4cd0e58bd6
Update game-servers.nix
2026-01-25 12:32:27 +00:00
3eeb7dd9ba
Update game-servers.nix
2026-01-25 12:31:02 +00:00
042dda1575
Update sonarr.nix
2026-01-25 11:07:53 +00:00
