Documentation Restructure

reference/foundations/documentation-restructure-migration-map.csv

@@ -0,0 +1,198 @@
+"current_path","proposed_path","doc_type","confidence","reason"
+"Blog/Index.md","blog/index.md","index","high","index-page"
+"Blog/Posts/01-22-2025 Windows Power Profiles Causing Notable CPU Performance Loss.md","blog/posts/01-22-2025-windows-power-profiles-causing-notable-cpu-performance-loss.md","blog","high","blog-root"
+"Blog/Posts/05-16-2025 Learning to Leverage Gitea Runners.md","blog/posts/05-16-2025-learning-to-leverage-gitea-runners.md","blog","high","blog-root"
+"Blog/Posts/12-15-2024 Implementing the Blog Plugin.md","blog/posts/12-15-2024-implementing-the-blog-plugin.md","blog","high","blog-root"
+"Blog/Posts/12-15-2024 OpenStack Frustrations.md","blog/posts/12-15-2024-openstack-frustrations.md","blog","high","blog-root"
+"index.md","index.md","index","high","index-page"
+"Infrastructure/Hardware/Cluster Node 01/Disk Arrays.md","reference/infrastructure/hardware/cluster-node-01/disk-arrays.md","reference","high","infrastructure-reference"
+"Infrastructure/Hardware/Cluster Node 02/Disk Arrays.md","reference/infrastructure/hardware/cluster-node-02/disk-arrays.md","reference","high","infrastructure-reference"
+"Infrastructure/Hardware/Cluster Node 03/Disk Arrays.md","reference/infrastructure/hardware/cluster-node-03/disk-arrays.md","reference","high","infrastructure-reference"
+"Infrastructure/Hardware/Index.md","reference/infrastructure/hardware/index.md","index","high","index-page"
+"Infrastructure/Hardware/Storage Node 01 Truenas Core/Disk Arrays.md","reference/infrastructure/hardware/storage-node-01-truenas-core/disk-arrays.md","reference","high","infrastructure-reference"
+"Infrastructure/Hardware/Storage Node 01 Truenas Core/Replacing a Drive.md","reference/infrastructure/hardware/storage-node-01-truenas-core/replacing-a-drive.md","reference","high","infrastructure-reference"
+"Infrastructure/Hardware/Storage Node 02 Truenas Scale/Disk Arrays.md","reference/infrastructure/hardware/storage-node-02-truenas-scale/disk-arrays.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/Controllers/UniFi Controller.md","reference/infrastructure/networking/controllers/unifi-controller.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/Controllers/UniFi Network Server Controller.md","reference/infrastructure/networking/controllers/unifi-network-server-controller.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/Docker Networking/Creating a Macvlan Sub Interface for Docker.md","reference/infrastructure/networking/docker-networking/creating-a-macvlan-sub-interface-for-docker.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/Docker Networking/Docker Networking.md","reference/infrastructure/networking/docker-networking/docker-networking.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/Firewall and Routing/Sophos/Configure LAN Bridging.md","reference/infrastructure/networking/firewall-and-routing/sophos/configure-lan-bridging.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/Firewall and Routing/Sophos/VPN/Site to Site VPNs/IPSEC/Automatic Tunnel Resetting.md","reference/infrastructure/networking/firewall-and-routing/sophos/vpn/site-to-site-vpns/ipsec/automatic-tunnel-resetting.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/Firewall and Routing/Sophos/VPN/Site to Site VPNs/IPSEC/Tunnel Creation.md","reference/infrastructure/networking/firewall-and-routing/sophos/vpn/site-to-site-vpns/ipsec/tunnel-creation.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/Firewall and Routing/Sophos/VPN/SSL VPN/Configuring Remote VPN RDP Access.md","reference/infrastructure/networking/firewall-and-routing/sophos/vpn/ssl-vpn/configuring-remote-vpn-rdp-access.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/Index.md","reference/infrastructure/networking/index.md","index","high","index-page"
+"Infrastructure/Networking/IP Tables/172.16.16.0 Sophos Network.md","reference/infrastructure/networking/ip-tables/172-16-16-0-sophos-network.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/IP Tables/192.168.5.0 Container Network.md","reference/infrastructure/networking/ip-tables/192-168-5-0-container-network.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/IP Tables/Homelab Server Inventory.md","reference/infrastructure/networking/ip-tables/homelab-server-inventory.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/Linux Networking/Modifying IP Address of Server.md","reference/infrastructure/networking/linux-networking/modifying-ip-address-of-server.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/Misc/Tuya Smart Lights.md","reference/infrastructure/networking/misc/tuya-smart-lights.md","reference","high","infrastructure-reference"
+"Infrastructure/Networking/VPN/Netbird.md","reference/infrastructure/networking/vpn/netbird.md","reference","high","infrastructure-reference"
+"Operations/Automation/Ansible/AWX/AWX Kerberos Implementation.md","workflows/operations/automation/ansible/awx/awx-kerberos-implementation.md","workflow","high","operations-root"
+"Operations/Automation/Ansible/AWX/Connect AWX to Gitea.md","workflows/operations/automation/ansible/awx/connect-awx-to-gitea.md","workflow","high","operations-root"
+"Operations/Automation/Ansible/AWX/Deployment/AWX in Minikube.md","deployments/automation/ansible/awx/deployment/awx-in-minikube.md","deployment","high","automation-deployment-folder"
+"Operations/Automation/Ansible/AWX/Deployment/AWX Operator.md","deployments/automation/ansible/awx/deployment/awx-operator.md","deployment","high","automation-deployment-folder"
+"Operations/Automation/Ansible/AWX/Deployment/Upgrading Issues past 2 10 0.md","deployments/automation/ansible/awx/deployment/upgrading-issues-past-2-10-0.md","deployment","high","automation-deployment-folder"
+"Operations/Automation/Ansible/Credentials/Custom Credential Types/WinRM.md","workflows/operations/automation/ansible/credentials/custom-credential-types/winrm.md","workflow","high","operations-root"
+"Operations/Automation/Ansible/Credentials/Overview.md","workflows/operations/automation/ansible/credentials/overview.md","workflow","high","operations-root"
+"Operations/Automation/Ansible/Enable WinRM on Windows Devices.md","workflows/operations/automation/ansible/enable-winrm-on-windows-devices.md","workflow","high","operations-root"
+"Operations/Automation/Ansible/Inventories/Overview.md","workflows/operations/automation/ansible/inventories/overview.md","workflow","high","operations-root"
+"Operations/Automation/Ansible/Playbooks/Playbooks.md","workflows/operations/automation/ansible/playbooks/playbooks.md","workflow","high","operations-root"
+"Operations/Automation/Ansible/Projects/Overview.md","workflows/operations/automation/ansible/projects/overview.md","workflow","high","operations-root"
+"Operations/Automation/Ansible/Templates/Overview.md","workflows/operations/automation/ansible/templates/overview.md","workflow","high","operations-root"
+"Operations/Automation/Index.md","deployments/automation/index.md","index","high","index-page"
+"Operations/Automation/Puppet/Deployment/Puppet Bolt.md","deployments/automation/puppet/deployment/puppet-bolt.md","deployment","high","automation-deployment-folder"
+"Operations/Automation/Puppet/Deployment/Puppet.md","deployments/automation/puppet/deployment/puppet.md","deployment","high","automation-deployment-folder"
+"Operations/Backups and DR/Veeam Backup Replication/Backup Agent Takeover.md","workflows/operations/backups-and-dr/veeam-backup-replication/backup-agent-takeover.md","workflow","high","operations-root"
+"Operations/Backups and DR/Veeam Backup Replication/Core Veeam Concepts.md","workflows/operations/backups-and-dr/veeam-backup-replication/core-veeam-concepts.md","workflow","high","operations-root"
+"Operations/Backups and DR/Veeam Backup Replication/Manually Pruning Backups.md","workflows/operations/backups-and-dr/veeam-backup-replication/manually-pruning-backups.md","workflow","high","operations-root"
+"Operations/Backups and DR/Veeam Backup Replication/Migrating VMs to ProxmoxVE.md","workflows/operations/backups-and-dr/veeam-backup-replication/migrating-vms-to-proxmoxve.md","workflow","high","operations-root"
+"Operations/Backups and DR/Veeam Backup Replication/Migrating VSPC Backup Repositories.md","workflows/operations/backups-and-dr/veeam-backup-replication/migrating-vspc-backup-repositories.md","workflow","high","operations-root"
+"Operations/Backups and DR/Veeam Backup Replication/Retention Best Practices.md","workflows/operations/backups-and-dr/veeam-backup-replication/retention-best-practices.md","workflow","high","operations-root"
+"Operations/Backups and DR/Veeam Backup Replication/Troubleshooting/Failed to Validate Certificates of Some Gateways.md","workflows/operations/backups-and-dr/veeam-backup-replication/troubleshooting/failed-to-validate-certificates-of-some-gateways.md","workflow","high","operations-root"
+"Operations/Foundations/Documentation Styling.md","reference/foundations/documentation-styling.md","reference","high","foundations-reference"
+"Operations/Foundations/Index.md","reference/foundations/index.md","index","high","index-page"
+"Operations/Foundations/Templates/Document Template.md","reference/foundations/templates/document-template.md","reference","high","foundations-reference"
+"Operations/Hardware Management/ILO/Generic iLO Advanced License Keys.md","workflows/operations/hardware-management/ilo/generic-ilo-advanced-license-keys.md","workflow","high","operations-root"
+"Operations/Index.md","workflows/index.md","index","high","index-page"
+"Operations/Linux/Expand ISCSI Based ZFS Filesystem.md","workflows/operations/linux/expand-iscsi-based-zfs-filesystem.md","workflow","high","operations-root"
+"Operations/Linux/Expanding Linux Filesystems.md","workflows/operations/linux/expanding-linux-filesystems.md","workflow","high","operations-root"
+"Operations/Linux/Fedora Workstation/Full Setup.md","workflows/operations/linux/fedora-workstation/full-setup.md","workflow","high","operations-root"
+"Operations/Linux/Fedora Workstation/Install DE into Fedora Server.md","workflows/operations/linux/fedora-workstation/install-de-into-fedora-server.md","workflow","high","operations-root"
+"Operations/Linux/Fedora Workstation/Install Flatpak Apps.md","workflows/operations/linux/fedora-workstation/install-flatpak-apps.md","workflow","high","operations-root"
+"Operations/Linux/Fedora Workstation/Upgrading Versions.md","workflows/operations/linux/fedora-workstation/upgrading-versions.md","workflow","high","operations-root"
+"Operations/Power and UPS/APC Cell Wiring Diagram.md","workflows/operations/power-and-ups/apc-cell-wiring-diagram.md","workflow","high","operations-root"
+"Operations/Power and UPS/Battery Backup Power Distribution.md","workflows/operations/power-and-ups/battery-backup-power-distribution.md","workflow","high","operations-root"
+"Operations/Reference/Bash/Configure SSH Key Authentication.md","scripts/bash/configure-ssh-key-authentication.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Bash/Fix Displaylink Issues on Linux.md","scripts/bash/fix-displaylink-issues-on-linux.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Bash/Git Repo Updater.md","scripts/bash/git-repo-updater.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Bash/Install QEMU Guest Agent.md","scripts/bash/install-qemu-guest-agent.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Bash/Install XRDP.md","scripts/bash/install-xrdp.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Bash/Mdadm Grow Array Size.md","scripts/bash/mdadm-grow-array-size.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Bash/Open Port Checker.md","scripts/bash/open-port-checker.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Bash/ProxmoxVE/Deeplab Rollback Script.md","scripts/bash/proxmoxve/deeplab-rollback-script.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Bash/Time Adjustment.md","scripts/bash/time-adjustment.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Bash/Transfer Docker Containers.md","scripts/bash/transfer-docker-containers.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Bash/Transfer Files with Netcat.md","scripts/bash/transfer-files-with-netcat.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Batch/Blue Iris/Server Watchdog.md","scripts/batch/blue-iris/server-watchdog.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Batch/Robocopy.md","scripts/batch/robocopy.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Index.md","scripts/index.md","index","high","index-page"
+"Operations/Reference/Powershell/Azure/Check Email Aliases.md","scripts/powershell/azure/check-email-aliases.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/Azure/Connect to Azure AD.md","scripts/powershell/azure/connect-to-azure-ad.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/Exchange Online/Connect to Exchange Online.md","scripts/powershell/exchange-online/connect-to-exchange-online.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/General Purpose/Directory Walker.md","scripts/powershell/general-purpose/directory-walker.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/General Purpose/DNS Hierarchy Correction.md","scripts/powershell/general-purpose/dns-hierarchy-correction.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/General Purpose/File Finder.md","scripts/powershell/general-purpose/file-finder.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/General Purpose/Fix Corrupted Windows Updates.md","scripts/powershell/general-purpose/fix-corrupted-windows-updates.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/General Purpose/Force Gpupdate Domain Wide.md","scripts/powershell/general-purpose/force-gpupdate-domain-wide.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/General Purpose/Inactive User Profile Data Cleanup.md","scripts/powershell/general-purpose/inactive-user-profile-data-cleanup.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/General Purpose/Rclone.md","scripts/powershell/general-purpose/rclone.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/General Purpose/Restart Service Domain Wide.md","scripts/powershell/general-purpose/restart-service-domain-wide.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/General Purpose/Windows 11 Upgrade via UNC Path.md","scripts/powershell/general-purpose/windows-11-upgrade-via-unc-path.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/Hyper V/Collapse Differencing Disk Chains.md","scripts/powershell/hyper-v/collapse-differencing-disk-chains.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/Hyper V/Delete Locked VHDX File.md","scripts/powershell/hyper-v/delete-locked-vhdx-file.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/Hyper V/Failover Cluster/Force Reboot Remote Cluster Node.md","scripts/powershell/hyper-v/failover-cluster/force-reboot-remote-cluster-node.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/Hyper V/Failover Cluster/Replication Bumper.md","scripts/powershell/hyper-v/failover-cluster/replication-bumper.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/Minecraft Server/Update Script.md","scripts/powershell/minecraft-server/update-script.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/Nextcloud/Upload Data to Nextcloud Share.md","scripts/powershell/nextcloud/upload-data-to-nextcloud-share.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/Reporting/Get Password Expiration.md","scripts/powershell/reporting/get-password-expiration.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/Reporting/Inactive Computers.md","scripts/powershell/reporting/inactive-computers.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/Reporting/Inactive Users.md","scripts/powershell/reporting/inactive-users.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/SMB/Detailed Permission Report All Shares.md","scripts/powershell/smb/detailed-permission-report-all-shares.md","scripts","high","script-reference-pattern"
+"Operations/Reference/Powershell/SMB/Top Level Permission Report All Shares.md","scripts/powershell/smb/top-level-permission-report-all-shares.md","scripts","high","script-reference-pattern"
+"Operations/Windows/Change Windows Edition.md","workflows/operations/windows/change-windows-edition.md","workflow","high","operations-root"
+"Operations/Windows/Delete Windows Recovery Partition.md","workflows/operations/windows/delete-windows-recovery-partition.md","workflow","high","operations-root"
+"Operations/Windows/VSS/Delete Shadow Copies.md","workflows/operations/windows/vss/delete-shadow-copies.md","workflow","high","operations-root"
+"Operations/Windows/Windows 11/Creating a Local Account on Win11.md","workflows/operations/windows/windows-11/creating-a-local-account-on-win11.md","workflow","high","operations-root"
+"Operations/Windows/Windows Server/SSL Certificates/Convert SSL Certificates into PFX Files.md","workflows/operations/windows/windows-server/ssl-certificates/convert-ssl-certificates-into-pfx-files.md","workflow","high","operations-root"
+"Platforms/Containerization/Docker/Custom Containers/Container Development.md","deployments/platforms/containerization/docker/custom-containers/container-development.md","deployment","high","platform-service-root"
+"Platforms/Containerization/Docker/Custom Containers/Git Repo Updater.md","deployments/platforms/containerization/docker/custom-containers/git-repo-updater.md","deployment","high","platform-service-root"
+"Platforms/Containerization/Docker/Deploy Portainer.md","deployments/platforms/containerization/docker/deploy-portainer.md","deployment","high","platform-service-root"
+"Platforms/Containerization/Kubernetes/Deployment/K8s.md","deployments/platforms/containerization/kubernetes/deployment/k8s.md","deployment","high","platform-service-root"
+"Platforms/Containerization/Kubernetes/Deployment/Rancher RKE2.md","deployments/platforms/containerization/kubernetes/deployment/rancher-rke2.md","deployment","high","platform-service-root"
+"Platforms/Containerization/Kubernetes/Migrating Docker Compose YML to K8s.md","workflows/platforms/containerization/kubernetes/migrating-docker-compose-yml-to-k8s.md","workflow","medium","platform-operations-keyword"
+"Platforms/Index.md","deployments/platforms/index.md","index","high","index-page"
+"Platforms/Virtualization/Hyper V/Failover Cluster/Deploy Failover Cluster Node.md","deployments/platforms/virtualization/hyper-v/failover-cluster/deploy-failover-cluster-node.md","deployment","high","platform-service-root"
+"Platforms/Virtualization/Hyper V/Failover Cluster/Rebuild Failover Cluster Replication.md","workflows/platforms/virtualization/hyper-v/failover-cluster/rebuild-failover-cluster-replication.md","workflow","medium","platform-operations-keyword"
+"Platforms/Virtualization/Hyper V/Forcefully Stop GuestVM.md","workflows/platforms/virtualization/hyper-v/forcefully-stop-guestvm.md","workflow","medium","platform-operations-keyword"
+"Platforms/Virtualization/Hyper V/Kerberos Enabled VM Migration.md","workflows/platforms/virtualization/hyper-v/kerberos-enabled-vm-migration.md","workflow","medium","platform-operations-keyword"
+"Platforms/Virtualization/OpenStack/Ansible OpenStack.md","deployments/platforms/virtualization/openstack/ansible-openstack.md","deployment","high","platform-service-root"
+"Platforms/Virtualization/OpenStack/Canonical OpenStack.md","deployments/platforms/virtualization/openstack/canonical-openstack.md","deployment","high","platform-service-root"
+"Platforms/Virtualization/Proxmox/Cloud Init Templates/Ubuntu Server.md","deployments/platforms/virtualization/proxmox/cloud-init-templates/ubuntu-server.md","deployment","high","platform-service-root"
+"Platforms/Virtualization/Proxmox/Common Tasks.md","workflows/platforms/virtualization/proxmox/common-tasks.md","workflow","medium","platform-operations-keyword"
+"Platforms/Virtualization/Proxmox/Configuring ISCSI Based Cluster Storage.md","deployments/platforms/virtualization/proxmox/configuring-iscsi-based-cluster-storage.md","deployment","high","platform-service-root"
+"Platforms/Virtualization/Proxmox/Operations/Manually Activate Volume Group.md","workflows/platforms/virtualization/proxmox/operations/manually-activate-volume-group.md","workflow","high","platform-operations-folder"
+"Platforms/Virtualization/Proxmox/Operations/Upgrade PVE from 8 to 9.md","workflows/platforms/virtualization/proxmox/operations/upgrade-pve-from-8-to-9.md","workflow","high","platform-operations-folder"
+"Platforms/Virtualization/Proxmox/ProxmoxVE.md","deployments/platforms/virtualization/proxmox/proxmoxve.md","deployment","high","platform-service-root"
+"Platforms/Virtualization/Proxmox/ZFS Over ISCSI.md","deployments/platforms/virtualization/proxmox/zfs-over-iscsi.md","deployment","high","platform-service-root"
+"Platforms/Virtualization/Rancher Harvester/Harvester.md","deployments/platforms/virtualization/rancher-harvester/harvester.md","deployment","high","platform-service-root"
+"Services/Asset Management/Homebox.md","deployments/services/asset-management/homebox.md","deployment","high","platform-service-root"
+"Services/Asset Management/Snipe IT.md","deployments/services/asset-management/snipe-it.md","deployment","high","platform-service-root"
+"Services/Authentication/Active Directory/Certificate Services.md","deployments/services/authentication/active-directory/certificate-services.md","deployment","high","platform-service-root"
+"Services/Authentication/Active Directory/Group Policy/Desktop Shortcut to UNC Path.md","deployments/services/authentication/active-directory/group-policy/desktop-shortcut-to-unc-path.md","deployment","high","platform-service-root"
+"Services/Authentication/Active Directory/LDAP Settings.md","deployments/services/authentication/active-directory/ldap-settings.md","deployment","high","platform-service-root"
+"Services/Authentication/Active Directory/Restore Domain Trust.md","deployments/services/authentication/active-directory/restore-domain-trust.md","deployment","high","platform-service-root"
+"Services/Authentication/Authelia.md","deployments/services/authentication/authelia.md","deployment","high","platform-service-root"
+"Services/Authentication/Authentik.md","deployments/services/authentication/authentik.md","deployment","high","platform-service-root"
+"Services/Authentication/Keycloak/Deployment.md","deployments/services/authentication/keycloak/deployment.md","deployment","high","platform-service-root"
+"Services/Authentication/Keycloak/OAuth2/Deployment.md","deployments/services/authentication/keycloak/oauth2/deployment.md","deployment","high","platform-service-root"
+"Services/Authentication/Keycloak/OAuth2/Gitea OAuth2.md","deployments/services/authentication/keycloak/oauth2/gitea-oauth2.md","deployment","high","platform-service-root"
+"Services/Authentication/Keycloak/OAuth2/Portainer OAuth2.md","deployments/services/authentication/keycloak/oauth2/portainer-oauth2.md","deployment","high","platform-service-root"
+"Services/Authentication/Privacyidea.md","deployments/services/authentication/privacyidea.md","deployment","high","platform-service-root"
+"Services/Automation Tools/Activepieces.md","deployments/services/automation-tools/activepieces.md","deployment","high","platform-service-root"
+"Services/Automation Tools/Node Red.md","deployments/services/automation-tools/node-red.md","deployment","high","platform-service-root"
+"Services/Automation Tools/Semaphore UI.md","deployments/services/automation-tools/semaphore-ui.md","deployment","high","platform-service-root"
+"Services/Backup/Kopia.md","deployments/services/backup/kopia.md","deployment","high","platform-service-root"
+"Services/Communication/Niltalk.md","deployments/services/communication/niltalk.md","deployment","high","platform-service-root"
+"Services/Communication/Rocketchat/Autotask Regex Replacer.md","deployments/services/communication/rocketchat/autotask-regex-replacer.md","deployment","high","platform-service-root"
+"Services/Communication/Rocketchat/Deployment.md","deployments/services/communication/rocketchat/deployment.md","deployment","high","platform-service-root"
+"Services/cPanel/Creating Email Server.md","deployments/services/cpanel/creating-email-server.md","deployment","high","platform-service-root"
+"Services/Dashboards/Dashy.md","deployments/services/dashboards/dashy.md","deployment","high","platform-service-root"
+"Services/Dashboards/Homepage Docker.md","deployments/services/dashboards/homepage-docker.md","deployment","high","platform-service-root"
+"Services/DevOps/Gitea.md","deployments/services/devops/gitea.md","deployment","high","platform-service-root"
+"Services/DNS/AdGuard Home.md","deployments/services/dns/adguard-home.md","deployment","high","platform-service-root"
+"Services/DNS/Pi Hole.md","deployments/services/dns/pi-hole.md","deployment","high","platform-service-root"
+"Services/DNS/Windows Server/Best Practices.md","deployments/services/dns/windows-server/best-practices.md","deployment","high","platform-service-root"
+"Services/Documentation/Docusaurus.md","deployments/services/documentation/docusaurus.md","deployment","high","platform-service-root"
+"Services/Documentation/Material MkDocs.md","deployments/services/documentation/material-mkdocs.md","deployment","high","platform-service-root"
+"Services/Documentation/zensical.md","deployments/services/documentation/zensical.md","deployment","high","platform-service-root"
+"Services/Edge/Nginx.md","deployments/services/edge/nginx.md","deployment","high","platform-service-root"
+"Services/Edge/Traefik.md","deployments/services/edge/traefik.md","deployment","high","platform-service-root"
+"Services/Email/iRedMail/Deploy iRedMail.md","deployments/services/email/iredmail/deploy-iredmail.md","deployment","high","platform-service-root"
+"Services/Email/iRedMail/Query SMTP Outgoing Queue.md","deployments/services/email/iredmail/query-smtp-outgoing-queue.md","deployment","high","platform-service-root"
+"Services/Email/iRedMail/Quick Server Settings.md","deployments/services/email/iredmail/quick-server-settings.md","deployment","high","platform-service-root"
+"Services/Email/Mailcow.md","deployments/services/email/mailcow.md","deployment","high","platform-service-root"
+"Services/Email/Microsoft Exchange/Configuring ACME Letsencrypt Bot.md","deployments/services/email/microsoft-exchange/configuring-acme-letsencrypt-bot.md","deployment","high","platform-service-root"
+"Services/Email/Microsoft Exchange/Preparing for Cumulative Updates.md","deployments/services/email/microsoft-exchange/preparing-for-cumulative-updates.md","deployment","high","platform-service-root"
+"Services/Email/Microsoft Exchange/Scripts/DAG/Database Management.md","scripts/services/email/microsoft-exchange/dag/database-management.md","scripts","high","script-reference-pattern"
+"Services/Email/Microsoft Exchange/Scripts/Restart Exchange Services.md","scripts/services/email/microsoft-exchange/restart-exchange-services.md","scripts","high","script-reference-pattern"
+"Services/Email/Microsoft Exchange/Scripts/Set Mailbox Auto Reply.md","scripts/services/email/microsoft-exchange/set-mailbox-auto-reply.md","scripts","high","script-reference-pattern"
+"Services/File Services/Windows Server/DFS Namespaces with Replication.md","deployments/services/file-services/windows-server/dfs-namespaces-with-replication.md","deployment","high","platform-service-root"
+"Services/Gaming/Ark Survival Ascended.md","deployments/services/gaming/ark-survival-ascended.md","deployment","high","platform-service-root"
+"Services/Gaming/Pterodactyl.md","deployments/services/gaming/pterodactyl.md","deployment","high","platform-service-root"
+"Services/Gaming/Valheim.md","deployments/services/gaming/valheim.md","deployment","high","platform-service-root"
+"Services/Home and IOT/Frigate.md","deployments/services/home-and-iot/frigate.md","deployment","high","platform-service-root"
+"Services/Home and IOT/HomeAssistant.md","deployments/services/home-and-iot/homeassistant.md","deployment","high","platform-service-root"
+"Services/Index.md","deployments/services/index.md","index","high","index-page"
+"Services/Media and Gaming/Emulatorjs.md","deployments/services/media-and-gaming/emulatorjs.md","deployment","high","platform-service-root"
+"Services/Media and Gaming/Pyload.md","deployments/services/media-and-gaming/pyload.md","deployment","high","platform-service-root"
+"Services/Microsoft 365/Change MFA Settings.md","deployments/services/microsoft-365/change-mfa-settings.md","deployment","high","platform-service-root"
+"Services/Monitoring/Gatus.md","deployments/services/monitoring/gatus.md","deployment","high","platform-service-root"
+"Services/Monitoring/Speedtest Tracker.md","deployments/services/monitoring/speedtest-tracker.md","deployment","high","platform-service-root"
+"Services/Monitoring/UptimeKuma.md","deployments/services/monitoring/uptimekuma.md","deployment","high","platform-service-root"
+"Services/Notifications/Ntfy.md","deployments/services/notifications/ntfy.md","deployment","high","platform-service-root"
+"Services/Productivity/Collabora Code Server.md","deployments/services/productivity/collabora-code-server.md","deployment","high","platform-service-root"
+"Services/Productivity/Nextcloud AIO.md","deployments/services/productivity/nextcloud-aio.md","deployment","high","platform-service-root"
+"Services/Productivity/Nextcloud.md","deployments/services/productivity/nextcloud.md","deployment","high","platform-service-root"
+"Services/Productivity/OnlyOffice EE.md","deployments/services/productivity/onlyoffice-ee.md","deployment","high","platform-service-root"
+"Services/Productivity/Stirling PDF.md","deployments/services/productivity/stirling-pdf.md","deployment","high","platform-service-root"
+"Services/Productivity/Trilium.md","deployments/services/productivity/trilium.md","deployment","high","platform-service-root"
+"Services/Productivity/Wordpress.md","deployments/services/productivity/wordpress.md","deployment","high","platform-service-root"
+"Services/Remote Access/Apache Guacamole.md","deployments/services/remote-access/apache-guacamole.md","deployment","high","platform-service-root"
+"Services/Remote Access/Firefox.md","deployments/services/remote-access/firefox.md","deployment","high","platform-service-root"
+"Services/RMM/TacticalRMM.md","deployments/services/rmm/tacticalrmm.md","deployment","high","platform-service-root"
+"Services/Security and Utility/Changedetection.md","deployments/services/security-and-utility/changedetection.md","deployment","high","platform-service-root"
+"Services/Security and Utility/Cyberchef.md","deployments/services/security-and-utility/cyberchef.md","deployment","high","platform-service-root"
+"Services/Security and Utility/IT Tools.md","deployments/services/security-and-utility/it-tools.md","deployment","high","platform-service-root"
+"Services/Security and Utility/Password Pusher.md","deployments/services/security-and-utility/password-pusher.md","deployment","high","platform-service-root"
+"Services/Security and Utility/Searx.md","deployments/services/security-and-utility/searx.md","deployment","high","platform-service-root"
+"Services/Security and Utility/Vaultwarden.md","deployments/services/security-and-utility/vaultwarden.md","deployment","high","platform-service-root"

reference/foundations/documentation-restructure-proposal.md

@@ -0,0 +1,113 @@
+---
+tags:
+  - Documentation
+  - Foundations
+  - Restructure
+---
+
+# Documentation Restructure Proposal (v2)
+
+## Audit Snapshot (2026-02-26)
+- Total markdown files: `197`
+- Current root split:
+  - `Operations`: `77`
+  - `Services`: `71`
+  - `Infrastructure`: `22`
+  - `Platforms`: `21`
+  - `Blog`: `5`
+  - Root `index.md`: `1`
+- Broken relative markdown links found: `38`
+- Proposed type split:
+  - `deployments`: `85`
+  - `workflows`: `37`
+  - `scripts`: `39`
+  - `reference`: `22`
+  - `blog`: `4`
+  - `index`: `10`
+
+## Why Navigation Feels Hard
+1. The current structure mixes two different axes:
+   - By domain (`Platforms`, `Services`, `Infrastructure`)
+   - By purpose (`Operations`, `Reference`, `Deployment`, `Scripts`)
+2. Task-oriented docs are scattered:
+   - Example: deployment docs exist in `Platforms`, `Services`, and `Operations/Automation/.../Deployment`.
+3. Naming/link style drift is high:
+   - Many links use lowercase-kebab paths while files still use title case and spaces.
+   - This mismatch is a major contributor to broken links and poor discoverability.
+
+## Target IA (Content-Type First)
+```text
+index.md
+blog/
+  index.md
+  posts/
+
+deployments/
+  index.md
+  platforms/
+  services/
+  automation/
+
+workflows/
+  index.md
+  operations/
+  platforms/
+
+scripts/
+  index.md
+  bash/
+  powershell/
+  batch/
+  services/
+
+reference/
+  index.md
+  foundations/
+  infrastructure/
+```
+
+## Folder Mapping Rules
+1. `Operations/Reference/**` -> `scripts/**`
+2. `Services/**/Scripts/**` -> `scripts/services/**`
+3. `Operations/**` (except reference + deployment docs) -> `workflows/operations/**`
+4. Platform operations/day-2 docs -> `workflows/platforms/**`
+5. `Platforms/**` deployment/setup docs -> `deployments/platforms/**`
+6. `Services/**` deployment/setup docs -> `deployments/services/**`
+7. `Operations/Automation/**/Deployment/**` -> `deployments/automation/**`
+8. `Infrastructure/**` + `Operations/Foundations/**` -> `reference/**`
+9. Normalize all destination paths to lowercase-kebab-case.
+
+## Generated Migration Artifact
+- Full proposed path map: `reference/foundations/documentation-restructure-migration-map.csv`
+- Columns:
+  - `current_path`
+  - `proposed_path`
+  - `doc_type`
+  - `confidence`
+  - `reason`
+
+## Manual Review Queue (Medium Confidence)
+1. `Platforms/Containerization/Kubernetes/Migrating Docker Compose YML to K8s.md`
+2. `Platforms/Virtualization/Hyper V/Failover Cluster/Rebuild Failover Cluster Replication.md`
+3. `Platforms/Virtualization/Hyper V/Forcefully Stop GuestVM.md`
+4. `Platforms/Virtualization/Hyper V/Kerberos Enabled VM Migration.md`
+5. `Platforms/Virtualization/Proxmox/Common Tasks.md`
+
+## Phased Migration Sequence
+1. Phase 0: stabilize naming and links
+   - Lock naming convention: lowercase-kebab-case directories and files.
+   - Move only index pages first (`10` files) to establish new top nav.
+2. Phase 1: move scripts (`39` files)
+   - Lowest blast radius, immediate usability improvement.
+3. Phase 2: move workflows (`37` files)
+   - Consolidates day-2 operations and runbooks.
+4. Phase 3: move deployments (`85` files)
+   - Largest move set, do after scripts/workflows are stable.
+5. Phase 4: cleanup and verification
+   - Fix all internal links, remove old folders, and validate build output.
+
+## Guardrails For Future Docs
+1. Keep one primary intent per doc: `deployment`, `workflow`, `script`, or `reference`.
+2. Require an `index.md` in every first-level and second-level folder.
+3. Use stable cross-links with root-relative paths after migration.
+4. Avoid adding new docs to legacy roots once migration starts.

reference/foundations/documentation-styling.md

@@ -0,0 +1,202 @@
+---
+tags:
+  - Documentation
+  - Markdown
+  - Style Guide
+---
+
+## Purpose
+This document defines the **authoritative documentation style contract** used throughout the Bunny Lab homelab documentation.
+
+It is intended to be provided to:
+
+- AI assistants
+- Automation tools
+- Contributors
+
+The goal is to ensure all documentation is:
+
+- Technically precise
+- CLI-first
+- Easy to audit
+- Easy to reproduce
+
+---
+
+## General Writing Principles
+
+- Write for experienced operators, not beginners
+- Prefer **explicit commands** over descriptive prose
+- Avoid narrative filler
+- Assume the reader understands the underlying technologies
+
+---
+
+## Document Flow and Structure
+Documentation is written with the assumption that the reader:
+
+- Reads **top to bottom**
+- Executes actions within the **current section**
+- Does not require explicit step numbering
+
+Sections define **context and scope**.  
+Ordering is implicit and intentional.
+
+---
+
+## Core Sections (Recommended)
+Most documents should include, at minimum:
+
+- **Purpose** (why this doc exists)
+- **Assumptions** (platform, privileges, prerequisites)
+- **Procedure** (commands and configuration)
+
+Include these when applicable:
+
+- **Architectural Overview** (diagram or flow)
+- **Validation** (explicit checks with expected output)
+- **Troubleshooting** → **Symptoms** / **Resolution**
+
+---
+
+## Headings
+
+- `#` — Document title (one per document)
+- `##` — Major logical phases or topics
+- `###` — Subsections only when needed
+
+Headings replace the need for numbered steps.
+
+Avoid over-fragmentation.
+
+---
+
+## Admonitions
+Admonitions are **intentional and sparse**, not decorative.
+
+Use them to:
+
+- Highlight irreversible actions
+- Call out one-time decisions
+- Enforce safety boundaries
+
+Common forms:
+```markdown
+!!! warning "Important"
+!!! note
+!!! tip
+!!! success
+```
+
+Do **not** restate obvious information inside admonitions.
+
+---
+
+## Code Blocks (Critical)
+Code blocks are the **primary instructional vehicle**.
+
+### Rules
+
+- Always fenced
+- Always copy/paste-ready
+- Prefer fewer, larger blocks over many small ones
+- Use inline shell comments (`#`) to explain intent
+
+Example:
+```sh
+# Enable iSCSI service and persist across reboots
+service iscsitarget start
+sysrc iscsitarget_enable=YES
+```
+
+Avoid explanatory prose between every command.
+
+---
+
+## Shell Fencing
+
+- Use ```sh for shell commands
+- Use ``` for diagrams or pseudo-structure
+- Do not mix command output with commands unless explicitly labeled
+
+---
+
+## Inline Code
+Use backticks for:
+
+- Dataset names
+- Volume groups
+- Filenames
+- Command names
+- One-off parameters
+
+Example:
+`CLUSTER-STORAGE/iscsi-proxmox`
+
+---
+
+## Lists
+
+- Use bullet lists for inventories, criteria, and checks
+- Avoid numbered lists for procedures
+- Ordering is conveyed by section layout, not numbering
+
+---
+
+## Diagrams
+
+- ASCII diagrams only
+- Used to describe hierarchy or flow
+- Must reinforce understanding, not decorate
+
+---
+
+## Validation Sections
+Validation is **mandatory** for any procedure that affects:
+
+- Storage
+- Networking
+- Virtualization
+- Data integrity
+
+Validation lists should be explicit and testable.
+
+For lower-risk or informational documents, validation is optional.
+
+---
+
+## Tone and Voice
+
+- Neutral
+- Operational
+- Conservative
+- “Boring is correct”
+
+Avoid:
+
+- Marketing language
+- Storytelling
+- Over-explanation
+
+---
+
+## Anti-Patterns (Do Not Use)
+
+- Numbered procedural steps
+- GUI-only workflows when CLI exists
+- Excessive screenshots
+- One-command-per-codeblock sprawl
+- Implicit assumptions
+- Hidden prerequisites
+
+---
+
+## Summary
+Bunny Lab documentation prioritizes:
+
+- Determinism
+- Safety
+- Reproducibility
+- Auditability
+
+If a step cannot be reproduced from the documentation alone, it is incomplete.

reference/foundations/index.md

@@ -0,0 +1,47 @@
+---
+tags:
+  - Operations
+  - Index
+  - Documentation
+---
+
+# Foundations
+## Purpose
+Defines the baseline documentation standards, shared references, and structural conventions used everywhere else in this knowledgebase.
+
+## Includes
+- Documentation styling contract
+- Inventory and naming conventions
+- Shared templates and glossary references
+
+## New Document Template
+````markdown
+# <Document Title>
+## Purpose
+<one paragraph describing why this exists>
+
+!!! info "Assumptions"
+    - <OS / platform / privilege assumptions>
+    - <required tools or prerequisites>
+
+## Scope
+- <what is covered>
+- <what is explicitly out of scope>
+
+## Procedure
+```sh
+# Commands go here (grouped and annotated)
+```
+
+## Validation
+- <command + expected result>
+
+## Troubleshooting
+### Symptoms
+- <what you see>
+
+### Resolution
+```sh
+# Fix steps
+```
+````

reference/foundations/templates/document-template.md

@@ -0,0 +1,38 @@
+---
+tags:
+  - Documentation
+  - Templates
+  - Markdown
+---
+
+**Purpose**: PLACEHOLDER
+
+## Docker Configuration
+```yaml title="docker-compose.yml"
+PLACEHOLDER
+```
+
+```yaml title=".env"
+PLACEHOLDER
+```
+
+## Traefik Reverse Proxy Configuration
+If the container does not run on the same host as Traefik, you will need to manually add configuration to Traefik's dynamic config file, outlined below.
+```yaml
+http:
+  routers:
+    PLACEHOLDER:
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: myresolver
+      service: PLACEHOLDER
+      rule: Host(`PLACEHOLDER.bunny-lab.io`)
+
+  services:
+    PLACEHOLDER:
+      loadBalancer:
+        servers:
+          - url: http://PLACEHOLDER:80
+        passHostHeader: true
+```

reference/index.md

@@ -0,0 +1,15 @@
+---
+tags:
+  - Reference
+  - Index
+  - Documentation
+---
+
+# Reference
+## Purpose
+Stable supporting documentation used by deployments and workflows.
+
+## Includes
+- Documentation foundations and templates
+- Hardware inventory and storage layouts
+- Networking topology and infrastructure references

reference/infrastructure/hardware/cluster-node-01/disk-arrays.md

@@ -0,0 +1,17 @@
+---
+tags:
+  - Disk Arrays
+  - Storage
+  - Hardware
+---
+
+## Purpose
+This document is meant to help keep track disks and their associated serial numbers for replacement and recordkeeping purposes.
+
+!!! note "Disk Order Structure"
+    Disks are represented in 4 columns, with the drive positions / topology mirroring the table seen below.
+
+| **Column 01** | **Column 02** | **Column 03** | **Column 04** |
+| :--- | :--- | :--- | :--- |
+| 240GB<br>`SN: 50026B77850B2DA9` | 240GB<br>`SN: 50026B7784D34038` | 240GB<br>`SN: 50026B7784E8A771` | 240GB<br>`SN: 50026B7784E8CB49` |
+| 240GB<br>`SN: 50026B7784D3620D` | 240GB<br>`SN: 50026B7784D45C34` | 240GB<br>`SN: 50026B7784E8AC95` | 240GB<br>`SN: 50026B7784E8A983` |

reference/infrastructure/hardware/cluster-node-02/disk-arrays.md

@@ -0,0 +1,23 @@
+---
+tags:
+  - Disk Arrays
+  - Storage
+  - Hardware
+---
+
+## Purpose
+This document is meant to help keep track disks and their associated serial numbers for replacement and recordkeeping purposes.
+
+!!! note "Disk Order Structure"
+    Disks are represented in 3 columns, with the top-down view representing left-to-right.
+
+| **Column 01** | **Column 02** | **Column 03** |
+| :--- | :--- | :--- |
+| EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` | 600GB<br>`SN: 6XR31DHQ` |
+| EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` | 600GB<br>`SN: 6XR4fHA0` |
+| EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` | 600GB<br>`SN: 6XR31DJL` |
+| EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` | 600GB<br>`SN: 6XR33GBT` |
+| EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` | 600GB<br>`SN: 6XR31D8L` |
+| EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` | 600GB<br>`SN: 6XR33F2W` |
+| EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` | 600GB<br>`SN: 6XR32TFE` |
+| EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` |

reference/infrastructure/hardware/cluster-node-03/disk-arrays.md

@@ -0,0 +1,18 @@
+---
+tags:
+  - Disk Arrays
+  - Storage
+  - Hardware
+---
+
+## Purpose
+This document is meant to help keep track disks and their associated serial numbers for replacement and recordkeeping purposes.
+
+!!! note "Disk Order Structure"
+    Disks are represented in 4 columns, with the drive positions / topology mirroring the table seen below.
+
+| **Column 01** | **Column 02** | **Column 03** | **Column 04** |
+| :--- | :--- | :--- | :--- |
+| 8TB<br>`SN: X1P0A01NFDWF` | 8TB<br>`SN: WWZ1TJT2` | EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` |
+| 8TB<br>`SN: VRK6M6MK` | 8TB<br>`SN: Y1L0A0QQFDWF` | EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` |
+| 8TB<br>`SN: VRK6XEMK` | EMPTY<br>`SN: N/A` | EMPTY<br>`SN: N/A` | 1TB<br>`SN: 2417E8A9A7C1` |

reference/infrastructure/hardware/index.md

@@ -0,0 +1,38 @@
+---
+tags:
+  - Infrastructure
+  - Hardware
+  - Index
+  - Documentation
+---
+
+# Hardware
+## Purpose
+Physical assets, node inventories, storage layouts, and power topology for the lab.
+
+## Includes
+- Node build sheets and inventory
+- Disk arrays and drive replacement procedures
+- Power and UPS mapping
+
+## New Document Template
+````markdown
+# <Document Title>
+## Purpose
+<what this hardware doc exists to describe>
+
+!!! info "Assumptions"
+    - <hardware model / firmware / OS assumptions>
+    - <privilege assumptions>
+
+## Inventory
+- <serials, bays, disks, NICs, etc>
+
+## Procedure
+```sh
+# Commands (if applicable)
+```
+
+## Validation
+- <command + expected result>
+````

reference/infrastructure/hardware/storage-node-01-truenas-core/disk-arrays.md

@@ -0,0 +1,24 @@
+---
+tags:
+  - TrueNAS
+  - Disk Arrays
+  - Storage
+  - Hardware
+---
+
+## Purpose
+This document is meant to help keep track disks and their associated serial numbers for replacement and recordkeeping purposes.
+
+!!! note "Disk Order Structure"
+    Disks are represented in 4 columns, with the drive positions / topology mirroring the table seen below.
+
+!!! note "Boot Drive"
+    Boot drive is an external Samsung PSSD T7 portable SSD.  Serial Number: `S6U5NS0RC09159R`
+
+| **Column 01** | **Column 02** | **Column 03** | **Column 04** | **Column 05** |
+| :--- | :--- | :--- | :--- | :--- |
+| 960GB<br>`SN: 50026B778526FF9F` | 960GB<br>`SN: 50026B778527104D` | 960GB<br>`SN: 50026B778526FFAD` | 960GB<br>`SN: 50026B7785270727` | 960GB<br>`SN: 50026B778526FCD2` |
+| 960GB<br>`SN: 50026B7785270194` | 960GB<br>`SN: 50026B77853B0F4C` | 960GB<br>`SN: 50026B7785270EB4` | 960G<br>`SN: 50026B76870D497D` | 960GB<br>`SN: 50026B778526FCC8` |
+| 960GB<br>`SN: 50026B778526F8F2` | 960GB<br>`SN: 50026B778526F8EB` | 960GB<br>`SN: 50026B778526FCFC` | 960GB<br>`SN: 50026B76870D47DF` | 960GB<br>`SN: 50026B778526F8EC` |
+| 960GB<br>`SN: 50026B7785270E2A` | 960GB<br>`SN: 50026B7785270653` | 960GB<br>`SN: 50026B778526FF67` | 1050G<br>`SN: 163313AAA680` | 960GB<br>`SN: 50026B778526FF4A` |
+| 960GB<br>`SN: 50026B778526FFAA` | 960GB<br>`SN: 50026B778526FFC7` | 960GB<br>`SN: 50026B778526FF49` | 1TB<br>`SN: SI04T000311404D40` | EMPTY<br>`SN: N/A` |

reference/infrastructure/hardware/storage-node-01-truenas-core/replacing-a-drive.md

@@ -0,0 +1,46 @@
+---
+tags:
+  - TrueNAS
+  - Storage
+  - Hardware
+---
+
+## Purpose
+This document acts as a workflow to understand how to replace a drive on TrueNAS Core when it is hosted on an HPE Proliant server with HBA / IT Mode enabled.  This enables you to hot-swap drives without rebooting TrueNAS Core.
+
+### Offline the Disk
+- You will log into the TrueNAS Core [WebUI](http://192.168.3.3).
+- Navigate to "**Storage > Disks**"
+    - Look for the drive that is having issues / faults / unavailable and reference it's `da` number to reference later. (e.g. `da3`)
+    - Confirm the serial number of the drive and correlate that to the physical location in the [Disk Arrays](./disk-arrays.md) document, 
+- Navigate to "**Storage > Pools**"
+- Look for the gear icon to the right of the storage pool and click on it
+    - Click on "**Status**"
+        - Locate the failing / failed drive and click on the "**...**" elipsis menu button
+        - Proceed to "**Offline**" the disk.  This ensures that TrueNAS Core stops trying to use the disk.
+
+### Physical Disk Replacement
+At this point, we need to physically go to the server and pull out the failing drive and replace it.  
+
+- Take note of the new serial number on the replacement drive and update the [Disk Arrays](./disk-arrays.md) document accordingly.
+- Insert the replacement drive back into the TrueNAS Core server
+
+### Trigger Disk Re-Scan
+Now we need to tell TrueNAS / FreeBSD to re-scan all disks to locate the new one.
+
+- Within the TrueNAS Core WebUI, navigate to "**Shell**" and run the following command: `camcontrol rescan all`
+- Navigate (back) to "**Storage > Pools > Status**"
+    - Locate the failed drive via it's `da` number again, and click the "**...**" elipsis menu button
+    - Proceed to "**Replace**" the disk, and when given a dropdown menu, only the new replacement disk should appear with the same `da` number
+
+!!! success "Resilvering Started"
+    At this point, TrueNAS core will start taking parity data from the rest of the drives in the storage pool to reconstruct the replaced drive.  This may take an hour or two depending on the speed of the drives and used capacity within the pool itself.
+
+    It is recommended to run a SCRUB right after resilvering to ensure that all data is accurate and healthy.
+
+!!! info "Checking on Resilvering Process via CLI"
+    If you feel so inclined, you can check on the resilvering process by running the following command:
+    ```sh
+    zpool status | grep "to go"
+    ```
+

reference/infrastructure/hardware/storage-node-02-truenas-scale/disk-arrays.md

@@ -0,0 +1,17 @@
+---
+tags:
+  - TrueNAS
+  - Disk Arrays
+  - Storage
+  - Hardware
+---
+
+## Purpose
+This document is meant to help keep track disks and their associated serial numbers for replacement and recordkeeping purposes.
+
+!!! note "Disk Order Structure"
+    Disks are represented in 1 column, with the drive positions / topology mirroring the table seen below.
+
+| **Slot 01** | **Slot 02** | **Slot 03** | **Slot 04** | **Slot 05** |
+| :--- | :--- | :--- | :--- | :--- |
+| 4TB<br>`SN: Z305ZNZM` | 4TB<br>`SN: Z305SPL8` | 4TB<br>`SN: Z3051AF8` | 4TB<br>`SN: Z305ZNM1` | 4TB<br>`SN: Z305S03R` |

reference/infrastructure/networking/controllers/unifi-controller.md

@@ -0,0 +1,48 @@
+---
+tags:
+  - UniFi
+  - Networking
+  - Docker
+---
+
+**Purpose**: The UniFi® Controller is a wireless network management software solution from Ubiquiti Networks™. It allows you to manage multiple wireless networks using a web browser.
+
+```yaml title="docker-compose.yml"
+version: "2.1"
+services:
+  controller:
+    image: lscr.io/linuxserver/unifi-controller:latest
+    container_name: controller
+    environment:
+      - PUID=1000
+      - PGID=1000
+      #- MEM_LIMIT=1024 #optional
+      #- MEM_STARTUP=1024 #optional
+    volumes:
+      - /srv/containers/unifi-controller:/config
+    ports:
+      - 8443:8443
+      - 3478:3478/udp
+      - 10001:10001/udp
+      - 8080:8080
+      - 1900:1900/udp #optional
+      - 8843:8843 #optional
+      - 8880:8880 #optional
+      - 6789:6789 #optional
+      - 5514:5514/udp #optional
+    restart: always
+    networks:
+        docker_network:
+          ipv4_address: 192.168.5.140
+#          ipv4_address: 192.168.3.140
+networks:
+  default:
+    external:
+      name: docker_network
+  docker_network:
+    external: true
+```
+
+```yaml title=".env"
+Not Applicable
+```

reference/infrastructure/networking/controllers/unifi-network-server-controller.md

@@ -0,0 +1,45 @@
+---
+tags:
+  - UniFi
+  - Networking
+---
+
+**Purpose**:
+If you need to deploy Unifi Controller bare-metal into a virtual machine, you can do so with a few simple commands.  You can feel free to reference the [original documentation](https://help.ui.com/hc/en-us/articles/220066768-Updating-and-Installing-Self-Hosted-UniFi-Network-Servers-Linux) if additional clarity is needed.
+
+!!! note "Assumptions"
+    This document assumes that you are running Ubuntu Server (22.04 or higher).  The instructions are not designed to accomodate RHEL-based Linux distributions.
+
+!!! warning "INCOMPLETE DOCUMENT"
+    This document was originally written with the intention of comprehensively covering the deployment of the MongoDB server and Unifi Network Controller.  However, I opted to use an automated scripted installation approach seen [here](https://community.ui.com/questions/UniFi-Installation-Scripts-or-UniFi-Easy-Update-Script-or-UniFi-Lets-Encrypt-or-UniFi-Easy-Encrypt-/ccbc7530-dd61-40a7-82ec-22b17f027776) that was almost turn-key instead.
+
+    ```sh
+    apt-get update; apt-get install ca-certificates curl -y
+    curl -sO https://get.glennr.nl/unifi/install/install_latest/unifi-latest.sh && bash unifi-latest.sh
+    ```
+
+
+## Install Components
+The installation will consist of a MongoDB server and a Unifi Network (controller) server.  You will install the database first, then install the Unifi Controller second, so it can provision the newly-installed local MongoDB database server.
+
+### General Configuration
+We need to configure APT with a few commands to ensure that we can download the MongoDB and Unifi packages.
+```sh
+sudo apt-get update && sudo apt-get install ca-certificates apt-transport-https
+echo 'deb [ arch=amd64,arm64 ] https://www.ui.com/downloads/unifi/debian stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
+sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg https://dl.ui.com/unifi/unifi-repo.gpg
+echo "deb [trusted=yes] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
+sudo apt-get update
+```
+
+!!! node "Alternative GPG Key Installation"
+    If you run into issues installing the GPG key for the Unifi packages, you can alternatively run the command seen below:
+    ```sh
+    sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 06E85760C0A52C50
+    ```
+
+### MongoDB Server
+Run the following commands install and enable automatic startup for the MongoDB server.  Original reference documentation can be found [here](https://www.mongodb.com/docs/manual/tutorial/install-mongodb-on-ubuntu/).
+```sh
+
+```

reference/infrastructure/networking/docker-networking/creating-a-macvlan-sub-interface-for-docker.md

@@ -0,0 +1,26 @@
+---
+tags:
+  - Docker
+  - Macvlan
+  - Networking
+---
+
+**Purpose**:
+You may find that you only have one network adapter on a server / VM and need to have multiple virtual networks associated with it.  For example, Home Assistant exists on the `192.168.3.0/24` network but it needs to also access devices on the `192.168.4.0/24` surveillance network.  To facilitate this, we will make a MACVLAN Sub-Interface.  This will make a virtual interface that is parented to the actual physical interface.
+
+!!! info "Assumptions"
+    It is assumed that you are running Rocky Linux (or CentOS / RedHat).
+
+## Create the Permanent Sub-Interface
+You will begin with making a new interface, it will have the name `macvlan0`.
+``` sh
+nmcli connection add type macvlan ifname surveillance dev ens18 mode bridge ipv4.method manual ipv4.addresses 192.168.4.100/24
+nmcli connection up macvlan-surveillance
+nmcli connection show
+```
+
+## Bind a Docker Network to the Sub-Interface
+Now you need to run the following command to allow docker to use this interface for the `surveillance_network`
+``` sh
+docker network create -d macvlan --subnet=192.168.4.0/24 --gateway=192.168.4.1 -o parent=surveillance surveillance_network
+```

reference/infrastructure/networking/docker-networking/docker-networking.md

@@ -0,0 +1,14 @@
+---
+tags:
+  - Docker
+  - Networking
+---
+
+### Configure Docker Network
+We want to use a dedicated subnet / network specifically for containers, so they don't trample over the **SERVER** and **LAN** networks.  If you are unsure of the name of the network adapter, in this case `eth0`, just type `ipaddr` in the terminal to list the network interfaces to locate it.
+```
+docker network create -d macvlan --subnet=192.168.5.0/24 --gateway=192.168.5.1 -o parent=eth0 docker_network
+```
+
+!!! note
+    Be sure to replace `eth0` with the correct interface name using `ip addr` in the terminal.  e.g. It may appear as something else like `ens18`, etc.  If the interface doesn't exist, Docker will produce an error complaining about it.

reference/infrastructure/networking/firewall-and-routing/sophos/configure-lan-bridging.md

@@ -0,0 +1,38 @@
+---
+tags:
+  - Sophos
+  - Firewall
+  - Routing
+  - LAN
+  - Networking
+---
+
+**Purpose**: You may have a Sophos XGS appliance and need more than one interface to act as additional LAN ports.  You can achieve this with bridges.
+
+!!! info "Assumptions"
+    It is assumed that your Sophos XGS appliance has at least 3 interfaces, one for `WAN`, one for `LAN`, and a third one that will act as a member of the bridge.  You can have as many member interfaces of the bridge as needed, but you need at least one.
+
+## Login to the Firewall
+You will need to access the firewall either directly on the local network at `https://<IP-of-Firewall>:4444` or remotely in Sophos Central.
+
+## Configure a LAN bridge
+Navigate to "**Configure > Network > Interfaces > "Add Interface" > "Add Bridge"**"
+
+| **Field** | **Value** |
+| :--- | :--- |
+| Name | `LAN Bridge` |
+| Hardware | `br0` |
+| Enable routing on this bridge pair | `<Unchecked>` |
+| Member Interfaces | `<Interfaces-of-Additional-Ports> / Zone: "LAN"` |
+
+!!! warning
+    The LAN interface itself needs to be a member of the bridge.  If it is not, the Sophos Appliance will not allow you to use the same IP address as the existing LAN interface.
+
+### IPv4 Configuration
+
+| **Field** | **Value** |
+| :--- | :--- |
+| IP Assignment | `Static` |
+| IPv4/netmask | `<IP-of-LAN-Interface> / <CIDR-of-LAN-Interface>` |
+| Gateway IP | `<Blank>` |
+| Member Interfaces | `<Interfaces-of-Additional-Ports> / Zone: "LAN"` |

reference/infrastructure/networking/firewall-and-routing/sophos/vpn/site-to-site-vpns/ipsec/automatic-tunnel-resetting.md

@@ -0,0 +1,168 @@
+---
+tags:
+  - Sophos
+  - IPsec
+  - VPN
+  - Firewall
+  - Routing
+---
+
+**Purpose**: Generally speaking, when you have site-to-site VPN tunnels, you have to ensure that the *health* of the tunnel is operating as-expected.  Sometimes VPN tunnels will report that they are online and connected, but in reality, no traffic is flowing to the remote side of the tunnel.  In these instances, we can create a script that pings a device on the remote end, and if it does not respond in a timely manner, the script restart the VPN tunnel automatically.
+
+!!! note "Assumptions"
+    This document assumes that you will be running a powershell script on a Windows environment.  The `curl` commands can be used interchangably in Linux, but the example script provided here will be using `curl.exe` within a powershell script, and instead of running on a schedule using crontab, it will be using Windows Task Scheduler.
+
+    I will attempt to provide Linux-equivalant commands where-possible.
+
+## Sophos Environment
+### Configure Sophos XGS Firewall ACLs
+You need to configure a user account that will be specifically used for leveraging the API controls that allow resetting the VPN tunnel(s).  At this stage, you need to log into your Sophos XGS Firewall.  For this example, we will assume you can reach your firewall at https://172.16.16.16:4444 and log in as the administrator. 
+
+### Create API Access Profile
+You need to create a profile that the API User will leverage to issue commands to the firewall's VPN settings.  Without this profile, the user may have either not enough, or too much access.
+
+- Navigate to **System > Profiles > Device Access > "Add"**
+- Profile Name: `VPNTunnelAPI`
+- Check the radio box column named "**None**" to Deny all permissions to all areas of the firewall
+- Expand the "**VPN**" section of the permission tree, and check the box for "**Read-Write**" next to "**Connect Tunnel**"
+- Click the "**Save**" button to save the access profile
+
+### Create API Access User
+Now we need to make a user account that we will use inside the script to authenticate against the firewall using the previously-mentioned access profile
+
+- Navigate to **Configure > Authentication > Users > "Add"**
+- Username: `TunnelCheckerAPIUser`
+- Name: `TunnelCheckerAPIUser`
+- User Type: `Administrator`
+- Profile: `VPNTunnelAPI`
+- Password: `01_placeholder_PASSWORD_here_02`
+- Group: `Open Group`
+- Click the "**Save**" button to save the API user account
+
+### Create Device Access ACL
+Now we need to configure an ACL within the Firewall to allow API access from the specific server we will be using in the next section.
+
+- Navigate to **Administration > Device Access > Local service ACL exception rule > "Add"**
+- Rule Name: `API Access (IPSec Tunnel Heartbeat Script)`
+- Source Zone: `The Zone of the Server/Device that will be used to run the script, such as a server network.
+- Source Network/Host: `<IP_HOST_OF_DEVICE_RUNNING_SCRIPT>`
+- Destination Host: `XGS Firewall (Local IP)` (*This is an IP host pointing to the internal IP of the Firewall*)
+- Services: `HTTPS`
+- Action: `Accept`
+
+### Configure API Access via IP
+Lastly, you need to configure the API access to allow communication from the IP of the device.  I know this seems redundant to the previous "Device Access ACL" but its required for this to work, otherwise you will get an `Sophos API Operations are not allowed from the requester IP address` error when running the script.
+
+- Navigate to **System > Backup & Firmware > API > API Configuration**
+- Add the IP of the Server/Device
+- Click the "**Apply** button
+
+## Server Environment
+### Choose a Server
+It is important to choose a server/device that is able to communicate with the devices on the remote end of the tunnel.  If it cannot ping the remote device(s), it will assume that the tunnel is offline and do an infinite loop of restarting the VPN tunnel.  
+
+### Prepare the Script Folder
+You need a place to put the script (and if on Windows, `curl.exe`).  Follow the instructions specific to your platform below:
+
+=== "Windows"
+    Download `curl.exe` from this location: [Download](https://curl.se/windows/dl-8.10.0_1/curl-8.10.0_1-win64-mingw.zip) and place it somewhere on the operating system, such as `C:\Scripts\VPN_Tunnel_Checker`.  Then copy this script into that same folder and call it `Tunnel_Checker.ps1` with the content below:
+
+    !!! note "Curl Files Extraction"
+        You will want to extract all of the files included in the zip file's `bin` folder.  Specifically, copy the following files into the `C:\Scripts\VPN_Tunnel_Checker` folder:
+        
+        - `curl.exe`
+        - `curl-ca-bundle`
+        - `libcurl-x64.def`
+        - `libcurl-x64.dll`
+
+    ``` powershell
+    function Reset-VPN-Tunnel {
+    Write-Host "VPN Tunnel Broken - Bringing VPN Tunnel Down..."
+    .\curl -k https://172.16.16.16:4444/webconsole/APIController?reqxml=<Request><Login><Username>TunnelCheckerAPIUser</Username><Password>01_placeholder_PASSWORD_here_02</Password></Login><Set><VPNIPSecConnection><DeActive><Name>VPN_TUNNEL_NAME</Name></DeActive></VPNIPSecConnection></Set></Request>
+
+    Start-Sleep -Seconds 5
+
+    Write-Host "Bringing VPN Tunnel Up..."
+    .\curl -k https://172.16.16.16:4444/webconsole/APIController?reqxml=<Request><Login><Username>TunnelCheckerAPIUser</Username><Password>01_placeholder_PASSWORD_here_02</Password></Login><Set><VPNIPSecConnection><Active><Name>VPN_TUNNEL_NAME</Name></Active></VPNIPSecConnection></Set></Request>
+    }
+
+    function Check-VPN-Tunnel {
+    # Server Connectivity Check
+    Write-Host "Checking Tunnel Connection to PLACEHOLDER..."
+    if (-not (Test-Connection '10.0.0.29' -Quiet)) {
+            Reset-VPN-Tunnel
+        }
+
+    # Server Connectivity Check
+    Write-Host "Checking Tunnel Connection to PLACEHOLDER..."
+    if (-not (Test-Connection '10.0.0.30' -Quiet)) {
+            Reset-VPN-Tunnel
+        }
+    }
+
+    function Trace-VPN-Tunnel {
+        Write-Host "Tracing Path to PLACEHOLDER:"
+        pathping -n -w 500 -p 100 10.0.0.29
+
+        Write-Host "Tracing Path to PLACEHOLDER:"
+        pathping -n -w 500 -p 100 10.0.0.30
+    }
+
+    CD "C:\Scripts\VPN_Tunnel_Checker"
+    Check-VPN-Tunnel
+
+    #Write-Host "Checking Tunnel Quality After Running Script..."
+    #Trace-VPN-Tunnel
+    ```
+
+    !!! note "Optional Reporting"
+        You may find that you want some extra logging enabled so you can track the script doing its job to ensure its working.  You can add the following to the script above to add that functionality.
+        
+        Add the following to the bottom of each server in the `Check-VPN-Tunnel` function, directly below the `Reset-VPN-Tunnel` function.
+
+        ``` powershell
+        Add-Content -Path "C:\Scripts\VPN_Tunnel_Checker\Tunnel.log" -Value "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') PLACEHOLDER Connection Down"
+        ```
+
+        Lastly, change the very end of the script under where the `Check-IHS-Tunnel` function is being called to look like this if you want to log heartbeats and not just when a VPN tunnel is down.  The purpose of this is to show the script is actually running.  I recommend only temporarily implementing it during initial deployment.
+
+        ``` powershell
+        CD "C:\Scripts\VPN_Tunnel_Checker"
+        Check-VPN-Tunnel
+        Add-Content -Path "C:\Scripts\VPN_Tunnel_Checker\Tunnel.log" -Value "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss') Heartbeat"
+        ```
+        
+=== "Linux"
+
+    ``` sh
+    PLACEHOLDER
+    ```
+
+### Create Scheduled Task
+At this point, you need this script to run automatically on its own every 5 minutes or so, so you need to create a task in the Windows Task Scheduler in order to achieve this.
+
+=== "Windows"
+
+    - Open "**Task Scheduler**" on the device
+    - Expand "**Task Scheduler Library**" in the tree on the left-hand side
+    - Right-click anywhere in the task list and select "**Create New Task...**"
+        - **General**: 
+            - Name: `Check VPN Tunnel Every 5 Minutes`
+            - When running this task, use the following user account: `SYSTEM`
+        - **Triggers**:
+            - Click "**New...**"
+            - Begin the Task: `On a Schedule`
+            - Settings: `Daily`
+            - Advanced Settings > Repeat Task Every: `5 Minutes` > for a duration of `1 Day`
+        - **Actions**:
+            - Click "**New...**"
+            - Action: `Start a Program`
+            - Program/Script: `C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe`
+            - Add Arguments: `-ExecutionPolicy Bypass -File "C:\Scripts\VPN_Tunnel_Checker\Tunnel_Checker.ps1"`
+    - Press the "**OK**" button to save the scheduled task, then wait for 5 minutes to ensure it triggers as-expected.
+
+=== "Linux"
+
+    - PLACEHOLDER
+    - PLACEHOLDER
+

reference/infrastructure/networking/firewall-and-routing/sophos/vpn/site-to-site-vpns/ipsec/tunnel-creation.md

@@ -0,0 +1,105 @@
+---
+tags:
+  - Sophos
+  - IPsec
+  - VPN
+  - Firewall
+  - Routing
+---
+
+**Purpose**: You may have two Sophos XGS appliances (or a mixed configuration) and need to set up a site-to-site VPN tunnel between two remote locations.  You can achieve this with a simple passphrase-based IPSec VPN tunnel.
+
+!!! info "Assumptions"
+    This documentation only provides instruction for Sophos XGS based devices.  It does not account for third-party vendors or other manufactured hardware.  If you need to set up a mixed VPN tunnel with a different brand of networking device, you need to do your best to match the settings on the tunnels manually.  (e.g. Encryption Type, Phase Lifetimes, etc).
+
+## Architecture
+
+!!! tip "Best Practices - Initiators / Responders"
+    If you have a hub-and-spoke network, where one location acts as a central authority (e.g. domain controllers, auth servers, identity providers, headquarters, etc), you will set up the central "hub" as a VPN responder on its side of the VPN tunnel, and all the remote "spoke" locations would behave as VPN initiators.
+
+``` mermaid
+graph TB
+    Responder((Responder<br/>Headquarters))
+    Initiator1((Initiator<br/>Remote Site 1))
+    Initiator2((Initiator<br/>Remote Site 2))
+    Initiator3((Initiator<br/>Remote Site 3))
+    Initiator4((Initiator<br/>Remote Site 4))
+    Initiator5((Initiator<br/>Remote Site 5))
+
+    Initiator1 --> Responder
+    Initiator2 --> Responder
+    Initiator3 --> Responder
+    Initiator4 --> Responder
+    Initiator5 --> Responder
+```
+
+## Login to the Firewall
+You will need to access the firewall either directly on the local network at `https://<IP-of-Firewall>:4444` or remotely in Sophos Central.
+
+## Configure an IPSec VPN Tunnel
+Navigate to "**Configure > Site-to-Site VPN > Add**"
+
+### General settings
+
+| **Field** | **Value** |
+| :--- | :--- |
+| Name | `<ThisLocation> to <RemoteLocation>` |
+| IP Version | `Dual` |
+| Connection Type | `Tunnel Interface` (*Also known as a "Route-Based VPN"*) |
+| Gateway Type | `Initiate the Connection` / `Respond Only` (*See "Best Practices" Section*) |
+
+### Encryption
+
+| **Field** | **Value** |
+| :--- | :--- |
+| Encryption Profile | `Custom_IKEv2_Initiator` / `Custom_IKEv2_Responder` (*Based on the "Gateway Type"*) |
+| Authentication Type | `Preshared Key / Passphrase` | 
+
+### Gateway Settings
+
+| **Field** | **Value** |
+| :--- | :--- |
+| Listening Interface | `<WAN Interface / Generally "Port2">` (*Internal IP Address*) |
+| Gateway Address | `<Public IP of Remote Firewall>` |
+| Local ID Type | `IP Address` (*Usually Optional*) | 
+| Remote ID Type | `<If the Remote Firewall has one, enter it, otherwise leave blank>` (*Usually Optional*)|
+| Local Subnet | `<Leave Blank>` |
+| Remote Subnet | `<Leave Blank>` |
+
+!!! note "Tunnel IDs / Subnets"
+    If one side of the tunnel indicates a Local ID, you need to input that as the Remote ID on the other end of the tunnel.  While Tunnel IDs are generally optional, if one side uses them, both need to.
+
+    - "Route-Based" VPNs do not need subnets indicated / configured
+    - "Policy-based" VPNs require subnets indicated / configured
+
+## Configure IPSec Encryption Profile
+Navigate to "**System > Profiles > IPSec Profiles > Custom_IKEv2_`<Initiator>/<Responder>`**"
+
+!!! info "Explanation of Phases and their Relation to Initiators/Responders"
+    Phase 1 could be described as establishing the initial tunnel's connectivity from the Initiator to the Responder. (Local to Remote).  While phase 2 would be considered individual devices establishing connections through the VPN tunnel.  (Individual Endpoint Connectivity).
+
+    The responder's phase 1 & 2 lifetime values are 300 seconds longer than the initiator's phase 1 & 2 lifetime values.
+
+=== "Initiator Phase Lifetime Values"
+
+    | **Field** | **Value** | **Notes** | 
+    | :--- | :--- | :--- |
+    | Phase 1 Lifetime | *Default Value*: `28800` | `<Longer Lifetime Compared to Phase 2>` |
+    | Phase 2 Lifetime | *Default Value*: `14400` | `<Shorter Lifetime Compared to Phase 1>` |
+        
+=== "Responder Phase Lifetime Values"
+
+    | **Field** | **Value** | **Notes** | 
+    | :--- | :--- | :--- |
+    | Phase 1 Lifetime | *Default Value + 300 Seconds*: `328800` | `<Longer Lifetime Compared to Phase 2>` |
+    | Phase 2 Lifetime | *Default Value + 300 Seconds*: `314400` | `<Shorter Lifetime Compared to Phase 1>` |
+
+!!! warning "Remote / Local Phase Lifetimes"
+    Within the context of the remote and local VPN tunnels, the lifetime of the Phase 1 and Phase 2 encryption keys needs to be shorter on the intiator than the responder sides of the VPN tunnel.
+
+## Repeat Steps on Remote Firewall
+You will need to repeat the steps on both firewalls, so one firewall is the initiator, and one is configured as the responder.  Keep special note of the admonitions regarding initiator / responder / local / remote differences.
+
+## Connect the IPSec Tunnels
+Now you need to start the tunnel on the Initiator side first, then start the tunnel on the responder side.  If both sides show green status indicators, the tunnel should be active.
+

reference/infrastructure/networking/firewall-and-routing/sophos/vpn/ssl-vpn/configuring-remote-vpn-rdp-access.md

@@ -0,0 +1,44 @@
+---
+tags:
+  - Sophos
+  - RDP
+  - SSL VPN
+  - VPN
+  - Firewall
+---
+
+## Purpose
+This document exists to outline the generalized process to configuring remote access in a Sophos XGS Firewall to allow a VPN user to RDP into a workstation.  *Setting up Remote SSL VPN Access is not covered in this document.*
+
+### Create MAC Host for Destination Device
+The first step in the process is to create a MAC address host for the device being RDP'd into, that way if it's IP rotates, the firewall rule will continue to work correctly.
+
+- Navigate to **Sophos XGS Firewall > [System] Hosts and Services**
+- Click on the **Mac Host** tab > "**Add**"
+    - Name: `<Device-Hostname>`
+    - Description: `<Workstation Remote Access for (username)>`
+    - Type: `Mac Address`
+    - MAC Address: `<mac address of device>`
+    Click **Save**
+
+### Configure Firewall Rule
+- Navigate to **[Protect] Rules and Policies > Add Firewall Rule (New Firewall Rule)**
+    - Rule Name: `Remote Workstation Access for (username)`
+    - Source Zone: `VPN`
+    - Source Networks and Devices: `Any`
+    - Destination Zone: `LAN`
+    - Destination Networks: `<MAC Host We Previously Made>`
+    - Services > Add New Item > `RDP`
+        - If `RDP` does not exist, click "Add", `Services`
+            - Name: `RDP`
+            - Description: `Remote Desktop Protocol`
+            - Type: `TCP/UDP`
+                - Protocol: `TCP`
+                - Source Port: `1:65535`
+                - Destination Port: `3389`
+                Click **Save**
+    - Check **Match Known Users**
+        - Under "Users or Groups" click "Add New Item"
+        - Search for the username of the person using the VPN that needs to access the workstation (e.g. `nicole.rappe@bunny-lab.io`)
+    - Click the **Save** button and have the user try to connect to the VPN, then RDP into their workstation.
+        

reference/infrastructure/networking/index.md

@@ -0,0 +1,38 @@
+---
+tags:
+  - Infrastructure
+  - Networking
+  - Index
+  - Documentation
+---
+
+# Networking
+## Purpose
+Network topology, addressing, firewalling, VPN, and network service dependencies.
+
+## Includes
+- IP tables and address plans
+- Firewall and VPN configurations
+- Network controllers and DNS-related services
+
+## New Document Template
+````markdown
+# <Document Title>
+## Purpose
+<what this network doc exists to describe>
+
+!!! info "Assumptions"
+    - <platform or appliance assumptions>
+    - <privilege assumptions>
+
+## Architecture
+<ASCII diagram or concise topology notes>
+
+## Procedure
+```sh
+# Commands or config steps
+```
+
+## Validation
+- <command + expected result>
+````

reference/infrastructure/networking/ip-tables/172-16-16-0-sophos-network.md

@@ -0,0 +1,17 @@
+---
+tags:
+  - Sophos
+  - iptables
+  - Networking
+---
+
+### IP Addresses
+Documented IP addresses of Hyper-V Failover Cluster VMs that exist behind the Sophos XG Firewall VM.  All of these machines are funneled through the Sophos XG Firewall VM before they are allowed to communicate on the physical network with other devices. 
+
+## 172.16.16.0/24 Network
+| **IP Address** | **FQDN** | **Additional Notes** |
+| :--- | :--- | :--- |
+| 172.16.16.1 | LAB-SOPHOS-01.bunny-lab.io | Sophos XG Firewall |
+| 172.16.16.2 | LAB-IRIS-01 | Blue Iris Surveillance |
+| 172.16.16.3 | `NOT IN USE` | `NOT IN USE` |
+| 172.16.16.4 | `NOT IN USE` | `NOT IN USE` |

reference/infrastructure/networking/ip-tables/192-168-5-0-container-network.md

@@ -0,0 +1,60 @@
+---
+tags:
+  - Containers
+  - iptables
+  - Networking
+---
+
+### IP Addresses
+Documented IP addresses of containers.
+
+## 192.168.5.0/24 Network
+| **IP Address** | **Hostname** | **Additional Notes** |
+| :--- | :--- | :--- |
+| 192.168.5.1 | PFSENSE | pfSense Firewall |
+| 192.168.5.2 | AUTH.bunny-lab.io | Keycloak Server |
+| 192.168.5.3 | AUTH.bunny-lab.io | Keycloak PostgreSQL DB Server |
+| 192.168.5.4 | ALPINE-WORK-01.bunny-lab.io | Firefox Containerized Environment |
+| 192.168.5.5 | ACTUAL.bunny-lab.io | Actual Finance Server |
+| 192.168.5.6 | Monica | Server |
+| 192.168.5.7 | Monica | Database |
+| 192.168.5.8 | Gatus | Server |
+| 192.168.5.9 | Gatus | Database |
+| 192.168.5.10 | `UNDOCUMENTED - Active` | |
+| 192.168.5.11 | NOTES.bunny-lab.io | Trillium Notes |
+| 192.168.5.12 | `UNDOCUMENTED - Active` | |
+| 192.168.5.13 | LAB-CLOUD-02 | Docker Proxy |
+| 192.168.5.14 | `UNDOCUMENTED - Active` | |
+| 192.168.5.15 | `UNDOCUMENTED - Active` | |
+| 192.168.5.16 | `UNDOCUMENTED - Active` | |
+| 192.168.5.17 | `UNDOCUMENTED - Active` | |
+| 192.168.5.18 | `UNDOCUMENTED - Active` | |
+| 192.168.5.19 | Immich | Server |
+| 192.168.5.20 | Immich | Microservices |
+| 192.168.5.21 | Immich | Machine Learning |
+| 192.168.5.22 | Immich | Redis DB |
+| 192.168.5.23 | Immich | PostgreSQL DB |
+| 192.168.5.24 | Sanctuary | Content Database Server |
+| 192.168.5.25 | Homebox | Inventory Management System |
+| 192.168.5.26 | Material MkDocs | Voice Training Documentation |
+| 192.168.5.27 | MM.bunny-lab.io | Mattermost PostgreSQL DB |
+| 192.168.5.28 | MM.bunny-lab.io | Mattermost Server |
+| 192.168.5.29 | `UNDOCUMENTED - Active` | |
+| 192.168.5.30 | Pyload | Python-Based Download Manager |
+| 192.168.5.31 | FLATNOTES.bunny-lab.io | Note-Taking Server |
+| 192.168.5.32 | SEMAPHORE.bunny-lab.io | Ansible Semaphore |
+| 192.168.5.33 | SEMAPHORE.bunny-lab.io | Ansible Semaphore PostgreSQL Database |
+| 192.168.5.34 | CONTACT.bunny-lab.io | Linkstack |
+| 192.168.5.35 | BIFROST.bunny-lab.io | Rustdesk HBBS |
+| 192.168.5.36 | FLYFF.bunny-lab.io | Material MKDocs |
+| 192.168.5.37 | traggo.bunny-lab.io | Traggo Time-Management Server |
+| 192.168.5.38 | speedtest.bunny-lab.io | Speedtest Tracker |
+| 192.168.5.39 | speedtest.bunny-lab.io | Speedtest Tracker Database |
+| 192.168.5.40 | apprise.bunny-lab.io | Apprise Notification Relaying Service |
+| 192.168.5.41 | joplin.bunny-lab.io | Joplin Documentation |
+| 192.168.5.42 | todo.bunny-lab.io | Tududi Server | 
+| 192.168.5.43 | `UNDOCUMENTED - Active` | |
+| 192.168.5.44 | `UNDOCUMENTED - Active` | |
+| 192.168.5.45 | `UNDOCUMENTED - Active` | |
+| 192.168.5.46 | kb.bunny-lab.io | Zensical Documentation Server |
+| 192.168.5.47 | help.bunny-lab.io | Rustdesk Info Page |

reference/infrastructure/networking/ip-tables/homelab-server-inventory.md

@@ -0,0 +1,242 @@
+---
+tags:
+  - iptables
+  - Networking
+  - Docker
+---
+
+## Overview
+All servers (physical and virtual) are documented within this specific page.  They are written in a specific annotated manner in order to make them copy/paste ready for the Ansible AWX Operator server that interacts with devices in the homelab over `SSH` and `WinRM` protocols.  This allows me to automate functions such as updates across the entire homelab declaratively versus individually.
+
+**Note**: This list does not include Docker/Kubernetes-based workloads/servers.  Those can be found within the [Container Network IP Table](../../networking/ip-tables/192-168-5-0-container-network.md) document.  Given that Ansible does not interact with containers in my homelab (*yet*), these devices are not listed within this document.
+
+## Updating Ansible Inventory
+Whenever changes are made here, they need to be replicated to the production Ansible AWX Inventory File.  This ensures that Ansible AWX is always up-to-date.  Simply copy/paste the codeblock below into the linked inventory file, and commit the change with a comment explaining what was added/removed from the inventory list. 
+
+[:material-ansible: Edit Ansible AWX Inventory File](https://git.bunny-lab.io/GitOps/awx.bunny-lab.io/_edit/main/inventories/homelab.ini){ .md-button }
+
+```ini title="https://git.bunny-lab.io/GitOps/awx.bunny-lab.io/src/branch/main/inventories/homelab.ini"
+# ----------------------------------------------------------------- #
+# Servers (Physical and Virtual) - Hosts Mapped to IPs / FQDNs      #
+# ----------------------------------------------------------------- #
+# Deep Nodes
+deep-node ansible_host=10.0.0.20
+
+lab-pfsense-01 ansible_host=192.168.3.1 # (1)
+lab-mini-pc ansible_host=192.168.3.2 # (2)
+lab-storage-01 ansible_host=192.168.3.3 # (3)
+cluster-node-01 ansible_host=192.168.3.4 # (4)
+cluster-node-02 ansible_host=192.168.3.5 # (5)
+lab-games-04 ansible_host=lab-games-04.bunny-lab.io # (6)
+lab-photos-01 ansible_host=lab-photos-01.bunny-lab.io # (7)
+kb-bunny-lab-io ansible_host=kb.bunny-lab.io # (8)
+# NOT-IN-USE ansible_host=192.168.3.9 # (9)
+lab-ansible-01 ansible_host=lab-ansible-01.bunny-lab.io # (10)
+lab-games-02 ansible_host=lab-games-02.bunny-lab.io # (11)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io # (12)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io # (13)
+lab-games-03 ansible_host=lab-games-03.bunny-lab.io # (14)
+#lab-docker-01 ansible_host=lab-docker-01.bunny-lab.io # (15)
+lab-games-05 ansible_host=lab-games-05.bunny-lab.io # (16)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io @ (17)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io # (18)
+#container-node-01 ansible_host=container-node-01.bunny-lab.io # (19)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io # (20)
+lab-puppet-01 ansible_host=lab-puppet-01.bunny-lab.io # (21)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io # (22)
+usagi-cluster ansible_host=usagi-cluster.bunny-lab.io # (23)
+lab-pool-01 ansible_host=lab-pool-01.bunny-lab.io # (24)
+lab-dc-01 ansible_host=lab-dc-01.bunny-lab.io # (25)
+lab-dc-03 ansible_host=lab-dc-03.bunny-lab.io # (26)
+lab-camera-01 ansible_host=lab-camera-01.bunny-lab.io # (27)
+lab-games-01 ansible_host=lab-games-01.bunny-lab.io # (28)
+lab-cloud-01 ansible_host=lab-cloud-01.bunny-lab.io # (29)
+deeplab-win11 ansible_host=deeplab-win11.dev-testing.lab # (30)
+lab-dt-02 ansible_host=lab-dt-02.bunny-lab.io # (31)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io # (32)
+cluster-node-03 ansible_host=192.168.3.33 # (33)
+lab-draas-01-ilo ansible_host=192.168.3.34 # (34)
+deeplab-dc ansible_host=deeplab-dc-01.dev-testing.lab # (35)
+deeplab-win10 ansible_host=deeplab-win10.dev-testing.lab # (36)
+# NOT-IN-USE ansible_host=192.168.3.37 # (37)
+# NOT-IN-USE ansible_host=192.168.3.38 # (38)
+# NOT-IN-USE ansible_host=192.168.3.39 # (39)
+# NOT-IN-USE ansible_host=192.168.3.40 # (40)
+# NOT-IN-USE ansible_host=192.168.3.41 # (41)
+# NOT-IN-USE ansible_host=192.168.3.42 # (42)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io # (43)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io # (44)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io # (45)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io # (46)
+# NOT-IN-USE ansible_host=NOT-IN-USE.bunny-lab.io # (47)
+lab-docker-02 ansible_host=192.168.3.48 # (48)
+lab-fps-01 ansible_host=192.168.3.49 # (49)
+# NOT-IN-USE ansible_host=192.168.3.50 # (50)
+# NOT-IN-USE ansible_host=192.168.3.51 # (51)
+# NOT-IN-USE ansible_host=192.168.3.52 # (52)
+# NOT-IN-USE ansible_host=192.168.3.53 # (53)
+veeam-draas-01 ansible_host=192.168.3.54 # (54)
+# NOT-IN-USE ansible_host=192.168.3.55 # (55)
+# NOT-IN-USE ansible_host=192.168.3.56 # (56)
+# NOT-IN-USE ansible_host=192.168.3.57 # (57)
+lab-photos-02 ansible_host=192.168.3.58 # (58)
+lab-ca-01 ansible_host=192.168.3.59 # (59)
+lab-ca-02 ansible_host=192.168.3.60 # (60)
+lab-mail-02 ansible_host=192.168.3.61 # (61)
+# NOT-IN-USE ansible_host=192.168.3.62 # (62)
+# NOT-IN-USE ansible_host=192.168.3.63 # (63)
+lab-iso-01 ansible_host=192.168.3.64 # (64)
+# NOT-IN-USE ansible_host=192.168.3.65 # (65)
+# NOT-IN-USE ansible_host=192.168.3.66 # (66)
+lab-fps-02 ansible_host=192.168.3.67 # (67)
+lab-pbs-01 ansible_host=192.168.3.68 # (68)
+rke2-cluster-node-01 ansible_host=192.168.3.69 # (69)
+rke2-cluster-node-02 ansible_host=192.168.3.70 # (70)
+rke2-cluster-node-03 ansible_host=192.168.3.71 # (71)
+rke2-cluster-node-04 ansible_host=192.168.3.72 # (72)
+rke2-cluster-node-05 ansible_host=192.168.3.73 # (73)
+# NOT-IN-USE ansible_host=192.168.3.74 # (74)
+# NOT-IN-USE ansible_host=192.168.3.75 # (75)
+deeplab-node-02 ansible_host=192.168.3.253 # (253)
+core-switch-01 ansible_host=192.168.3.254 # (254)
+# NOT-IN-USE ansible_host=192.168.3.254 # (254)
+
+# ----------------------------------------------------------------- #
+# Host Groups - Various Logical Groupings of Devices                #
+# ----------------------------------------------------------------- #
+[domainControllers]
+lab-dc-01
+lab-dc-03
+
+[windowsDomainServers]
+lab-games-04
+lab-games-02
+lab-games-03
+lab-games-05
+lab-dc-01
+lab-dc-03
+lab-camera-01
+lab-games-01
+lab-ca-01
+lab-ca-02
+lab-mail-02
+
+[windowsStandaloneServers]
+#lab-dt-02
+
+[linuxServers]
+lab-photos-01
+lab-photos-02
+lab-puppet-01
+lab-cloud-01
+lab-docker-02
+lab-iso-01
+
+[workstations]
+lab-operator-01
+
+# ----------------------------------------------------------------- #
+# Host Group Variables - Defining Specific Requirements of Groups   #
+# ----------------------------------------------------------------- #
+[domainControllers:vars]
+ansible_connection=winrm
+ansible_port=5986
+ansible_winrm_transport=kerberos
+ansible_winrm_scheme=https
+ansible_winrm_server_cert_validation=ignore
+
+[windowsDomainServers:vars]
+ansible_connection=winrm
+ansible_port=5986
+ansible_winrm_transport=kerberos
+ansible_winrm_scheme=https
+ansible_winrm_server_cert_validation=ignore
+
+[windowsStandaloneServers:vars]
+ansible_connection=winrm
+ansible_winrm_kerberos_delegation=false
+ansible_port=5986
+ansible_winrm_transport=ntlm
+ansible_winrm_server_cert_validation=ignore
+
+[linuxServers:vars]
+ansible_connection=ssh
+```
+
+1.  pfSense Firewall @ `192.168.3.1` | [Documentation](https://www.pfsense.org/getting-started/)
+2.  3.7GHz High-Performance Mini-PC @ `192.168.3.2`
+3.  TrueNAS Core Server @ `192.168.3.3` | [Documentation](https://www.truenas.com/truenas-core/)
+4.  ProxmoxVE Virtualization Node @ `192.168.3.4`
+5.  ProxmoxVE Virtualization Node @ `192.168.3.5`
+6.  Satisfactory Dedicated Server @ `192.168.3.6` | [Documentation](https://satisfactory.wiki.gg/wiki/Dedicated_servers)
+7.  Immich Server @ `192.168.3.7` | [Documentation](https://immich.app/docs/install/docker-compose/)
+8.  Zensical Documentation Server @ `192.168.3.8` | [Documentation](https://hub.docker.com/r/zensical/zensical)
+9.  Not Currently In-Use @ `192.168.3.9` | [Documentation](https://example.com)
+10.  Ansible AWX @ `192.168.3.10` | [Documentation](../../../../deployments/automation/ansible/awx/deployment/awx-operator.md)
+11.  Minecraft - All The Mods 9 @ `192.168.3.11` | [Documentation](https://www.curseforge.com/minecraft/modpacks/all-the-mods-9)
+12.  Ferrumgate Server @ `192.168.3.12` | [Documentation](https://ferrumgate.com/)
+13.  NOT IN USE @ `192.168.3.13`
+14.  Minecraft - All The Mods 10 @ `192.168.3.14` | [Documentation](https://www.curseforge.com/minecraft/modpacks/all-the-mods-10)
+15.  Docker Container Environment (Portainer) @ `192.168.3.15` | [Documentation](../../../../deployments/platforms/containerization/docker/deploy-portainer.md)
+16.  Valheim Server @ `192.168.3.16` | [Documentation](../../../../deployments/services/gaming/valheim.md)
+17.  Not Currently In-Use @ `192.168.3.17` | [Documentation](https://example.com)
+18.  Keycloak Server @ `192.168.3.18` | [Documentation](../../../../deployments/services/authentication/keycloak/deployment.md)
+19.  Docker Container Environment (Portainer) @ `192.168.3.19` | [Documentation](../../../../deployments/platforms/containerization/docker/deploy-portainer.md)
+20.  PrivacyIDEA @ `192.168.3.20` | [Documentation](../../../../deployments/services/authentication/privacyidea.md)
+21.  Puppet Server @ `192.168.3.21` | [Documentation](../../../../deployments/automation/puppet/deployment/puppet.md)
+22.  Not Currently In-Use @ `192.168.3.22` | [Documentation](https://example.com)
+23.  Hyper-V Failover Cluster @ `192.168.3.23` | [Documentation](../../../../deployments/platforms/virtualization/hyper-v/failover-cluster/deploy-failover-cluster-node.md)
+24.  TrueNAS SCALE @ `192.168.3.24` | [Documentation](https://www.truenas.com/truenas-scale/)
+25.  Primary Domain Controller @ `192.168.3.25` | [Documentation](https://example.com)
+26.  Secondary Domain Controller @ `192.168.3.26` | [Documentation](https://example.com)
+27.  Blue Iris Surveillance @ `192.168.3.27` | [Documentation](https://blueirissoftware.com/)
+28.  ARK: Survival Ascended Server @ `192.168.3.28` | [Documentation](../../../../deployments/services/gaming/ark-survival-ascended.md)
+29.  Nextcloud AIO @ `192.168.3.29` | [Documentation](../../../../deployments/services/productivity/nextcloud-aio.md)
+30.  Dev-Testing Win11 Lab Environment @ `192.168.3.35` | [Documentation](https://example.com)
+31.  Windows 11 Work VM @ `192.168.3.31` | [Documentation](https://example.com)
+32.  Matrix Synapse HomeServer @ `192.168.3.32` | [Documentation](https://github.com/matrix-org/synapse)
+33.  ProxmoxVE Virtualization Node @ `192.168.3.33`
+34.  LAB-DRAAS-01 iLO IPMI Access Interface @ `192.168.3.34` | [Documentation](https://example.com)
+35.  Dev-Testing DC Lab Environment @ `192.168.3.35` | [Documentation](https://example.com)
+36.  Dev-Testing Win10 Lab Environment @ `192.168.3.35` | [Documentation](https://example.com)
+37.  Security Onion @ `192.168.3.37` | [Documentation](https://docs.securityonion.net/en/2.4/installation.html)
+38.  Wazuh SIEM Security VM @ `192.168.3.38` | [Documentation](https://documentation.wazuh.com/current/quickstart.html)
+39.  Rancher Harvester Hyper-Converged Infrastructure
+40.  Rancher Harvester Hyper-Converged Infrastructure - VIP Management Interface
+41.  Pterodactyl Dedicated Game Server Hosting Dashboard
+42.  NGINX Server Package Caching Server
+43.  NOT IN USE @ `192.168.3.43`
+44.  NOT IN USE @ `192.168.3.44`
+45.  NOT IN USE @ `192.168.3.45`
+46.  NOT IN USE @ `192.168.3.46`
+47.  NOT IN USE @ `192.168.3.47`
+48.  Portainer Docker Node
+49.  Windows File Server
+50.  Flyff VM 01
+51.  Semaphore UI Automation Server
+52.  Headless Laptop Server 01
+53.  Headless Laptop Server 02
+54.  Veeam Backup & Replication Server
+55.  Veeam Backup Worker
+56.  Veeam Backup Worker
+57.  Veeam Backup Worker
+58.  Immich Server @ `192.168.3.58` | [Documentation](https://immich.app/docs/install/docker-compose/)
+59.  Active Directory Root Certificate Services VM
+60.  Active Directory Intermediary Certificate Services VM
+61.  Mailcow Email Server
+62.  NOT IN USE @ `192.168.3.62`
+63.  Proxmox Datacenter Manager
+64.  H5ai File Sharing Server
+65.  Netbird VPN Server
+66.  Kasm Workspaces VM
+67.  Windows File Server
+68.  Proxmox Backup Server
+69.  Rancher RKE2 Kubernetes Laptop Cluster Node
+70.  Rancher RKE2 Kubernetes Laptop Cluster Node
+71.  Rancher RKE2 Kubernetes Laptop Cluster Node
+72.  Rancher RKE2 Kubernetes Laptop Cluster Node
+73.  Rancher RKE2 Kubernetes Laptop Cluster Node
+74.  Rancher Harvester Node
+75.  Rancher Harvester Cluster VIP
+253. Fedora Workstation 42 VM
+254. Core Infrastructure Switch 01 (Zyxel GS1920-48)

reference/infrastructure/networking/linux-networking/modifying-ip-address-of-server.md

@@ -0,0 +1,34 @@
+---
+tags:
+  - Linux
+  - Networking
+---
+
+**Purpose**: This is a scaffold document outlining the high level of changing an IP address of a server in either Debian or RHEL based operating systems.
+
+=== "Ubuntu / Debian"
+
+    ``` sh
+    # Edit Netplan File
+    nano /etc/netplan/<name-of-netplan-file>
+    # <edit existing networking> --> <save file>
+
+    # Apply Netplan Changes
+    netplan apply
+    ```
+        
+=== "Rocky / Fedora / RHEL"
+
+    ``` sh
+    # Modify the Existing Connection via nmcli
+    nmcli connection modify ens18-connection \
+    ipv4.addresses 192.168.3.13/24 \
+    ipv4.gateway 192.168.3.1 \
+    ipv4.dns "192.168.3.25,192.168.3.26" \
+    ipv4.method manual
+
+    # Bring the Connection Online
+    sudo nmcli connection down ens18-connection
+    sudo nmcli connection up ens18-connection
+    ```
+

reference/infrastructure/networking/misc/tuya-smart-lights.md

@@ -0,0 +1,31 @@
+---
+tags:
+  - Tuya
+  - Networking
+---
+
+### pfSense DHCP Reservations for Tuya-Based Smart Devices
+| **Description** | **IP Address** | **MAC Address** | **Hostname** | **Device ID** | **Local Key** |
+| :--- | :--- | :--- | :--- | :--- | :--- |
+| Bottom of Stairs | 10.0.0.200 | bcddc29072bf | ESP\_9072BF | 50316010bcddc29072bf | 5c92ba765b22a96f |
+| Right Monitor | 10.0.0.201 | bcddc2901aef | ESP\_901AEF | 50316010bcddc2901aef | ea4852cf67fbff52 |
+| Downstairs Light | 10.0.0.202 | bcddc28fe4c4 | ESP\_8FE4C4 | 74160333bcddc28fe4c4 | c207fffba7143bdb |
+| Right TV Light | 10.0.0.203 | b4e62d4bc3fe | ESP\_4BC3FE | 36087764b4e62d4bc3fe | 9e807e03a398a31c |
+| Nightstand | 10.0.0.204 | b4e62d4bc3cb | ESP\_4BC3CB | 36087764b4e62d4bc3cb | 739fca9d40634ad5 |
+| Top of Stairs | 10.0.0.205 | bcddc2904ed9 | ESP\_904ED9 | 50316010bcddc2904ed9 | 23452028cfe464c0 |
+| Bathroom | 10.0.0.206 | 2cf432220421 | ESP\_220421 | 105480752cf432220421 | 03099191b6ab585e |
+| Front Porch | 10.0.0.207 | bcddc2947aae | ESP\_947AAE | 50316010bcddc2947aae | 18d074fa9ff47087 |
+| Left Monitor | 10.0.0.208 | 2cf43221af1a | ESP\_21AF1A | 105480752cf43221af1a | aef4f6067548c3a9 |
+| Puppy Nook | 10.0.0.209 | cc50e3feaa2b | ESP\_FEAA2B | 76380710cc50e3feaa2b | 7c881c27da5079b6 |
+| TV  | 10.0.0.210 | cc50e378bab9 | ESP\_78BAB9 | 35138222cc50e378bab9 | 89b366574278e990 |
+| Left TV Light | 10.0.0.211 | cc50e378916d | ESP\_78916D | 10548075cc50e378916d | a2d0aeb1ad676b9f |
+| Bedroom Light | 10.0.0.212 | bcddc2907645 |     | 50316010bcddc2907645 | d73b0af93d1bf2da |
+| Garden Water Pump | 10.0.0.213 | 98f4abef7c2c |     | 2182401498f4abef7c2c | 4715733dd7850f00 |
+| wifi Water Timer | 10.0.0.214 |     |     | eb54e6ae7c7536a4bbawyw | 2a72efa9b2f36437 |
+| Tech Room Light Strips | 10.0.0.215 |     |     | eb7dd0deaab376a2ffsqwl | 2a72efa9b2f36437 |
+| Irrigation Hub | 10.0.0.216 | 10d5615ab16b |     | eb3b374a82a993d252j7v9 | 2a72efa9b2f36437 |
+| Front Lawn Sprinkler |     |     |     | ebace67e93f8fde4ccdv7p | 2a72efa9b2f36437 |
+
+### Misc Color Profile Notes:
+- **1 NAME 3 4 0 255 2 5 1500 8000**
+- 20 NAME 22 23 29 1000 21 24 2700 6500 

reference/infrastructure/networking/vpn/netbird.md

@@ -0,0 +1,52 @@
+---
+tags:
+  - NetBird
+  - VPN
+  - Networking
+  - Docker
+---
+
+## Purpose
+Netbird is a free and open-source VPN server and client platform.  The following document will illustrate how to deploy Netbird into a homelab or business environment.
+
+!!! note "Assumptions"
+    It is assumed that you are running Rocky Linux 10.  You can technically use anything, but the command syntax will be different depending on the platform, and this document will not outline every possible operating system.
+
+### Install Prerequisites
+You need to install a few things before we can begin with the deployment of Netbird.  Run the following commands set up the server environment before Netbird deployment.  This also assumes that you opened all of the necessary ports listed in the [official Netbird deployment documentation](https://docs.netbird.io/selfhosted/selfhosted-quickstart) as well as set up a reverse proxy pointing to port 80 on the Netbird server.
+
+!!! warning "Run as Non-Sudo"
+    Run all of the commands below as a normal user, do not use `sudo su` when deploying Netbird.
+
+```sh
+# Update system & install necessary packages
+sudo dnf update -y
+sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+sudo dnf install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin jq
+sudo systemctl enable docker --now 
+
+# Configure normal user to have docker privileges
+sudo usermod -aG docker nicole
+
+# Logout and log back in via SSH
+exit
+ssh nicole@192.168.3.65
+
+# Create Netbird project directory and pull down installation files
+sudo mkdir -p /srv/containers/netbird
+sudo chmod -R 770 /srv/containers/netbird
+sudo chown -R nicole:docker /srv/containers/netbird
+cd /srv/containers/netbird
+curl -sSLO https://github.com/netbirdio/netbird/releases/latest/download/getting-started-with-zitadel.sh
+
+# Deploy Netbird
+export NETBIRD_DOMAIN=vpn.bunny-lab.io
+bash getting-started-with-zitadel.sh
+```
+
+### Example Deployment Output
+If everything is working correctly, you can go make some coffee and come back.  When everything is done getting set up, you will see output similar to the below:
+
+```sh
+
+```