Commit `ca965052b21c`

Vincent Demeester <vincent@sbr.pm>

2026-03-02 04:52:51

fix(kerkouane): exclude ntfy from caddy-auth fail2ban filter

Added ignoreregex for ntfy.sbr.pm to prevent ntfy clients (phone app, ntfy-subscriber) from triggering auth bans on 401/403 responses. Also added Ooredoo Tunisia IP range to ignoreIP for travel.

main

1 parent 0b3c6a8

Changed files (1)

systems

kerkouane

extra.nix

@@ -124,6 +124,7 @@ in
       "::1"
       "10.100.0.0/24" # WireGuard VPN
       "176.172.78.0/24" # Home (Bouygues FTTH)
+      "196.176.0.0/16" # Tunisia (Ooredoo)
     ];
 
     jails = {
@@ -168,7 +169,7 @@ in
     "fail2ban/filter.d/caddy-auth.conf".text = ''
       [Definition]
       failregex = ^.*"remote_ip":"<HOST>".*"status":(401|403),.*$
-      ignoreregex =
+      ignoreregex = ^.*"host":"ntfy\.sbr\.pm".*$
       datepattern = "ts":{EPOCH}
     '';

Commit ca965052b21c

Commit `ca965052b21c`