All jellyfin traffic should actually go through caddy.
This port being open caused a lot of confusion for me.
As I was getting traffic from typo'd domain names,
such as `jellfin.gardling.com`, which made NO SENSE!
But since it was going directly via port 8096, it
skipped caddy entirely so the traffic went through.
- Add explicit iptables banaction in security.nix for test compatibility
- Force IPv4 in all curl requests to prevent IPv4/IPv6 mismatch issues
- Fix caddy test: use basic_auth directive (not basicauth)
- Override service ports in tests to match direct connections (not via Caddy)
- Vaultwarden: override ROCKET_ADDRESS and ROCKET_LOG for external access
- Immich: increase VM memory to 4GB for stability
- Jellyfin: create placeholder log file and reload fail2ban after startup
- Add tests.nix entries for all 6 fail2ban tests
All tests now pass: ssh, caddy, gitea, vaultwarden, immich, jellyfin
