WRKLOG-2026-03-03
Summary
Monday. Major PowerShell codex enhancements for network management - comprehensive WiFi/LAN profile management, XML profile operations, 802.1X, VPN, proxy. Restructured large monolithic .adoc files into granular directories for faster troubleshooting call navigation.
Today’s Priority Tasks
| Priority | Task | Status |
|---|---|---|
P0 |
PowerShell network.adoc enhancements (WiFi/LAN/XML profiles) |
[x] DONE |
P0 |
Restructure network.adoc into granular directory |
[x] DONE |
P1 |
Restructure ad.adoc into granular directory |
[ ] In Progress |
P1 |
Restructure remoting.adoc into granular directory |
[ ] In Progress |
P1 |
CHLA Linux SSH issue (Xianming Ding) |
[ ] CARRY-OVER |
P2 |
HA Infrastructure - Phase 1/2 |
[ ] Paused |
P2 |
iPSK Manager - DB replication |
[ ] CARRY-OVER |
HA Infrastructure Progress
| Phase | Description | Target | Status |
|---|---|---|---|
Phase 0 |
NAS NFS Permissions — kvm-02 access to shared storage |
kvm-02 |
[x] Complete |
Phase 1 |
Vault HA Cluster — vault-01 file→raft migration, vault-02/03 deployment |
kvm-02 |
[ ] Pending |
Phase 2 |
DNS HA — bind-02 secondary with zone transfers from bind-01 |
kvm-02 |
[ ] Pending |
Phase 3 |
VyOS HA — vyos-01 deployed, vyos-02 parallel to pfSense |
kvm-02 |
[x] Complete (DEPLOY-2026-03-07) |
Phase 4 |
Non-Critical VM Migration — ipsk-manager, keycloak-01 |
kvm-02 |
[ ] Pending |
Phase 5 |
Critical Infrastructure — AD HA, ISE HA (future) |
kvm-02 |
[ ] Future |
Reference: See infra-ops component: runbooks/kvm-02-deployment.adoc
Carried Over
Professional (CHLA)
Critical (P0)
| Project | Description | Status | Blocker |
|---|---|---|---|
Mandiant Remediation |
dACL enforcement, posture/ACL remediation, ISE patch |
ACTIVE — Q2 assessment |
|
Linux Research (Xiangming) |
EAP-TLS for Linux workstations |
BEHIND (due 02-24) |
Certificate "password required" — nmcli flags fix documented |
iPSK Manager HA |
Pre-shared key automation — HA deployment |
BEHIND |
DB replication issues |
MSCHAPv2 Migration |
Legacy auth deprecation → EAP-TLS |
BEHIND |
No progress on planning |
High Priority (P1)
| Project | Description | Status |
|---|---|---|
CHLA Antora Setup |
8-phase Antora documentation deployment at work |
ACTIVE (Project) |
SIEM Migration |
QRadar → Microsoft Sentinel — SDK integration |
ACTIVE (Project) |
ISE 3.4 Migration |
Upgrade from 3.2p9 |
Planned — blocked by P0 items |
ISE Hardware Refresh |
PSN/MnT lifecycle replacement |
Planned |
Switch Upgrades |
IOS-XE fleet update |
Pending |
Standard (P2)
| Project | Description | Status |
|---|---|---|
HHS Regulatory Compliance |
New HHS security policies |
NOT STARTED |
InfoSec Reporting Dashboard |
PowerBI metrics for executives |
NOT STARTED |
EDR Migration (AMP → Defender) |
Endpoint protection consolidation |
NOT STARTED |
Azure Legacy Migration |
Modern landing zone |
In progress |
Personal Infrastructure
Recently Completed
| Project | Description | Date |
|---|---|---|
domus-api v0.1.0 |
44-endpoint REST API — multi-spoke, DI, cache invalidation, 55 tests |
2026-04-07 |
IOT_WAN VPN Passthrough |
4 firewall rules applied — IPsec ESP, NAT-T, IKE, TCP 2443 |
2026-04-07 |
VyOS HA Migration |
vyos-01 deployed, replacing pfSense |
2026-03-07 |
C9130AX WiFi6 AP |
Catalyst 9130AX access point deployment |
2026-03-10 |
enterprise-linux-8021x |
Standalone 802.1X EAP-TLS documentation spoke |
2026-02-26 |
CLI Mastery Documentation |
openssl/curl/awk/sed/xargs/pipelines |
2026-02-26 |
Vault SSH CA |
8h certs, 9 hosts configured |
2026-02-21 |
k3s + Prometheus/Grafana |
Monitoring stack on k3s |
2026-02-23 |
In Progress
| Project | Description | Status |
|---|---|---|
ThinkPad P16g Deploy |
Phase 11 verification, Phase 12 security hardening |
|
EVE-NG Lab |
Network simulation lab — 8-phase rollout |
|
RHEL 9 Workstation |
Dr. Shahab’s workstation — 12-phase deployment |
|
kvm-02 Hardware Upgrade |
Supermicro B deployment |
Hardware ready |
Planned
| Project | Description | Blocked By |
|---|---|---|
Vault HA (3-node) |
vault-02, vault-03 on kvm-02 |
kvm-02 deployment |
DNS HA (bind-02) |
Secondary with zone transfers from bind-01 |
kvm-02 deployment |
k3s HA (3-node) |
Control plane HA |
kvm-02 deployment |
Wazuh Agents |
Deploy to all infrastructure hosts |
k3s NAT fix (29 days blocked) |
Cold Storage (M-DISC) |
Offline archival of keys/headers |
Time |
SanDisk USB Offsite |
Third backup drive rotation |
Time |
Learning Tracks
| Track | Description | Status | Resources |
|---|---|---|---|
API Development (FastAPI) |
REST API design, Pydantic, DI, async, testing |
ACTIVE |
domus-api (44 endpoints), API CLI Mastery |
Claude Code + AI Engineering |
Claude Code mastery, hooks, skills, agents |
ACTIVE |
Anthropic docs, Project |
RHCSA 9 (EX200) |
Red Hat system administration — 21-phase curriculum |
ACTIVE |
Sander van Vugt book, Project |
CISSP |
10-domain security certification |
ACTIVE |
|
Spanish (DELE C1/C2) |
Advanced Spanish certification |
ACTIVE |
Connectors reference, essay structure, Don Quijote |
API CLI Mastery |
jq/curl/awk/httpx pipeline composition |
COMPLETE |
Codex — 6-level curriculum |
Terminal Mastery |
awk/sed/jq/xargs/grep/find patterns |
COMPLETE |
|
College Algebra |
Functions, polynomials, exponentials, logarithms |
ACTIVE |
|
Shell Scripting Guide |
Comprehensive shell scripting (23 chapters) |
In progress |
|
Linux Bible 11e |
Linux administration reference |
In progress |
|
D2 Diagrams |
Infrastructure visualization |
Ongoing |
Practice with every runbook |
Biblical Studies |
Study notes and teachings |
In progress |
Private notes |
Ruby Metaprogramming |
DSL for infrastructure generation |
PARKED (P3) |
domus-captures/education/ruby/ |
Session Log
Session 1: PowerShell Codex Enhancements
Time: Morning
Completed:
-
Enhanced
network.adoc(964 → 1580 lines, +616)-
Added
pwsh-wifienhancements: saved profiles with passwords, profile details, remove/forget, connection history (event log), adapter stats, quality metrics, compare available vs saved -
Added
pwsh-wifi-xmlsection: XML profile location, export/import single+bulk, parse structure, modify (autoconnect, hidden SSID), create WPA2-PSK and WPA3 from scratch, backup/restore with metadata -
Added
pwsh-lansection: Ethernet status, cable check, wired 802.1X profiles, advanced properties (speed/duplex, WoL, jumbo), stats, error detection, force Ethernet over WiFi -
Enhanced
pwsh-quickref: categorized daily commands, one-liners, troubleshooting sequence
-
-
Restructured
network.adocintonetwork/directory (11 files)-
adapters.adoc(80 lines) - ncpa.cpl replacement -
ip-config.adoc(110 lines) - ipconfig equivalent -
wifi.adoc(318 lines) - netsh wlan operations -
wifi-profiles.adoc(236 lines) - XML profile management -
lan.adoc(153 lines) - Ethernet management -
firewall.adoc(86 lines) - Windows Firewall -
8021x.adoc(134 lines) - EAP-TLS authentication -
vpn.adoc(145 lines) - VPN management -
proxy.adoc(131 lines) - Proxy configuration -
diagnostics.adoc(85 lines) - Network diagnostics -
quickref.adoc(88 lines) - Daily commands
-
Rationale: During troubleshooting calls, vim network/wifi.adoc (318 lines) is faster than scrolling through 1580 lines in monolithic file.
Session 2: AD and Remoting Restructure
Time: In Progress
Tasks:
-
Split
ad.adoc(40k) intoad/directory -
Split
remoting.adoc(27k) intoremoting/directory
Session 3: domus-minimus - Minimal Neovim Config
Time: Evening
Rationale: domus-instrumentum has too many plugins. Created minimal config focused on vim motions and text objects.
Completed:
-
Scaffolded
domus-minimus- 5 plugins only:-
catppuccin (colorscheme)
-
treesitter (syntax)
-
blink.cmp (completion)
-
nvim-lint (linting)
-
mini.ai (text objects)
-
-
Custom AsciiDoc text objects:
vi-(code blocks),vi/(comments),vi=(examples) -
Symlinked
~/.config/domus-minimus -
Added
vmalias to~/.zshrc:1251 -
Initial commit (12 files, 412 lines)
-
Push to GitHub: github.com/EvanusModestus/domus-minimus
Structure:
domus-minimus/
├── init.lua
├── lua/minimus/{config,core,plugins}/
├── ftplugin/asciidoc.lua
└── CLAUDE.md
Setup on other machines:
# Clone
git clone git@github.com:EvanusModestus/domus-minimus.git ~/atelier/_projects/personal/domus-minimus
# Symlink
ln -s ~/atelier/_projects/personal/domus-minimus ~/.config/domus-minimus
# Add alias
echo "alias vm='NVIM_APPNAME=domus-minimus nvim'" >> ~/.zshrc
source ~/.zshrcNotes
Focusing on documentation structure for rapid troubleshooting access. CLI-first workflow - copy commands from vim/browser during calls.