Domus Digitalis

Production home enterprise network with 802.1X EAP-TLS, Zero Trust segmentation, HashiCorp Vault PKI, and full API automation.

Select a component below to get started.

Documentation Components

Component	Description	Pages
Infrastructure Operations	Runbooks, recovery procedures, PKI, backup, disaster recovery, services (pfSense, Vault, AD, Keycloak), and automation tools (netapi, dsec)	62+
Linux EAP-TLS	802.1X EAP-TLS deployment methodology for Linux workstations - wpa_supplicant, NetworkManager, certificate provisioning, ISE policy	43
netapi CLI	Network automation CLI with full command reference for ISE (ERS, MnT, DataConnect, pxGrid), pfSense, WLC, IOS, Vault, Synology	114
Secrets Management	dsec/SOPS/age encrypted secrets with domain isolation and environment stratification	~10

Component

Description

Pages

Infrastructure Operations

Runbooks, recovery procedures, PKI, backup, disaster recovery, services (pfSense, Vault, AD, Keycloak), and automation tools (netapi, dsec)

62+

Linux EAP-TLS

802.1X EAP-TLS deployment methodology for Linux workstations - wpa_supplicant, NetworkManager, certificate provisioning, ISE policy

netapi CLI

Network automation CLI with full command reference for ISE (ERS, MnT, DataConnect, pxGrid), pfSense, WLC, IOS, Vault, Synology

114

Secrets Management

dsec/SOPS/age encrypted secrets with domain isolation and environment stratification

~10

In This Hub

Section	Quick Links
Recovery	Credential Chain • Recovery Architecture • Disaster Recovery
Automation	netapi Integration • DataConnect Queries • dsec Secrets
PKI	PKI Strategy • PKI Ceremony • Vault PKI
802.1X	Authorization Policy • Hardened dACL • Workstation Status
CLI Reference	DataConnect • MnT API • ERS API • pfSense

Section

Quick Links

Recovery

Credential Chain • Recovery Architecture • Disaster Recovery

Automation

netapi Integration • DataConnect Queries • dsec Secrets

PKI

PKI Strategy • PKI Ceremony • Vault PKI

802.1X

Authorization Policy • Hardened dACL • Workstation Status

CLI Reference

DataConnect • MnT API • ERS API • pfSense

Quick Start

# Load network credentials
dsource d000 dev/network

# Check ISE sessions
netapi ise mnt sessions

# Check switch 802.1X status
netapi ios exec "show access-session"

# Issue certificate from Vault
netapi vault pki-issue workstation.inside.domusdigitalis.dev --role domus-workstation

Architecture

Key Technologies

Technology	Purpose
Cisco ISE 3.3	RADIUS/NAC with EAP-TLS, dACLs, profiling
HashiCorp Vault	PKI (DOMUS-ROOT-CA / DOMUS-ISSUING-CA)
pfSense	Firewall, DNS, DHCP, VLANs
Cisco C9800-CL	Wireless controller with 802.1X
Cisco 9300	IBNS 2.0 switch with device-tracking
netapi	Unified CLI for all infrastructure APIs
dsec	Age-encrypted secrets management

Technology

Purpose

Cisco ISE 3.3

RADIUS/NAC with EAP-TLS, dACLs, profiling

HashiCorp Vault

PKI (DOMUS-ROOT-CA / DOMUS-ISSUING-CA)

pfSense

Firewall, DNS, DHCP, VLANs

Cisco C9800-CL

Wireless controller with 802.1X

Cisco 9300

IBNS 2.0 switch with device-tracking

netapi

Unified CLI for all infrastructure APIs

dsec

Age-encrypted secrets management

Contact

Evan Modestus - Home Enterprise Network