nixos/services
ediblerope 7a96927221 crowdsec: whitelist LAN + loopback to prevent self-bans
Adds a stage s02-enrich parser whitelist so events originating from
10.0.0.0/24 (and 127.0.0.1/::1) are dropped before scoring. Without it,
Authelia 401s from a stale browser tab on a LAN client can trip
http-bf / ssh-bf scenarios and the firewall bouncer cuts the LAN host
off from the server — happened today with the gaming desktop.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-06 13:05:14 +01:00
..
adguard.nix adguard: explicitly enable LAN rewrites (schema change on stable) 2026-04-29 18:56:11 +01:00
arr-interconnect.nix sabnzbd: tighten host_whitelist for *arr local calls + group consistency 2026-05-04 19:25:07 +01:00
authelia.nix Update services/authelia.nix 2026-05-04 01:46:41 -07:00
bazarr.nix Force UMask=0002 on Radarr, Sonarr, Bazarr 2026-04-16 20:22:37 +01:00
cloudflare-ddns.md Update docs: add new services to readme, remove obsolete go2rtc-readme 2026-04-07 20:42:19 +01:00
cloudflare-ddns.nix Update cloudflare-ddns.nix 2026-02-15 09:06:23 +02:00
crowdsec.nix crowdsec: whitelist LAN + loopback to prevent self-bans 2026-05-06 13:05:14 +01:00
forgejo-runner.nix runner: resolve action refs against github.com by default 2026-05-01 18:45:35 +01:00
game-servers.nix 7dtd-coop: START_MODE=1 (Start), not 2 (Update+STOP) 2026-04-25 19:51:32 +01:00
go2rtc.nix Fix go2rtc: use RuntimeDirectory instead of mkdir /run/go2rtc 2026-04-07 20:51:22 +01:00
homepage.nix flake: split mediaserver onto nixos-25.11, keep desktops on unstable 2026-04-29 13:26:07 +01:00
jellyfin.nix Force Jellyfin UMask=0002 to override new nixpkgs default 2026-04-16 20:20:01 +01:00
nginx.nix Update services/nginx.nix 2026-05-04 02:30:28 -07:00
profilarr.nix profilarr: use Docker Hub image (santiagosayshey), not GHCR 2026-04-30 20:05:30 +01:00
prowlarr.nix Update prowlarr.nix 2026-01-22 10:49:01 +00:00
qbittorrent-nox.nix qbit: fix CSRF-loop behind Authelia + self-heal data-dir ownership 2026-04-24 20:04:04 +01:00
radarr.nix Force UMask=0002 on Radarr, Sonarr, Bazarr 2026-04-16 20:22:37 +01:00
router.nix router: also accept docker user-defined bridges (br-*) 2026-05-01 19:10:29 +01:00
sabnzbd.nix sabnzbd: tighten host_whitelist for *arr local calls + group consistency 2026-05-04 19:25:07 +01:00
server-permissions.nix Reorganise hardware vs host config, tidy settings and services 2026-04-01 21:16:59 +01:00
sonarr.nix Force UMask=0002 on Radarr, Sonarr, Bazarr 2026-04-16 20:22:37 +01:00