rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
954 commits 1 branch 0 tags 41 MiB
Commit graph

5 commits

Author SHA1 Message Date
ediblerope
a44c149955 fail2ban: drop legacy 192.168.0.0/16 from ignoreIP 
LAN is 10.0.0.0/24 since the router cutover; the 192.168 range was
a leftover from the eero-bridge era and no longer matches any host.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
 2026-04-24 20:41:53 +01:00
ediblerope
eadbc92126 Replace Docker containers with native NixOS modules for nginx, Authelia, and go2rtc 
- Native nginx with ACME wildcard cert (*.nordhammer.it) via Cloudflare DNS-01
- Native Authelia SSO with forward auth protecting homepage + camera
- Native go2rtc camera streaming (no more Docker)
- Auto-migration script for Authelia secrets and user database from Docker
- Homepage hrefs updated to use HTTPS domain names
- Fail2ban updated for native nginx log paths + new Authelia jail

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-07 15:47:56 +01:00
Claude
78bb64d9f2
fail2ban: fix bantime-increment option name (multipliers not multiplier) 
https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
 2026-04-06 08:35:15 +00:00
Claude
4935d42e48
fail2ban: add jails for Sonarr, Radarr, Prowlarr, Bazarr, qBittorrent 
All services with openFirewall = true are now covered. The *arr suite
shares a single filter since they use the same logging codebase.

https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
 2026-04-06 08:24:18 +00:00
Claude
16363dc887
fail2ban: add jails for SSH, nginx proxy manager, and Jellyfin 
Replaces bare enable flag with a dedicated service module covering:
- SSH brute force via journald
- Nginx Proxy Manager auth failures via Docker log files
- Jellyfin auth failures via journald
Includes incremental ban times (up to 1 week) and LAN ignore rules.

https://claude.ai/code/session_01PwAXuaoJx7qD5FhVLsn7Sn
 2026-04-06 08:21:23 +00:00