Infrastructure Operations

Domus Digitalis infrastructure documentation - runbooks, recovery procedures, automation, and architecture for a production home enterprise network.

802.1X EAP-TLS • Zero Trust • HashiCorp Vault PKI • netapi Automation

Quick Links

Section	Description
netapi Automation	NEW - Unified API automation framework for all infrastructure
dsec Secrets Management	NEW - Age-encrypted secrets with domain isolation
Infrastructure Diagrams	Visual architecture diagrams (D2 source files)
Current Roadmap	Active infrastructure backup and security roadmap
Certmgr Troubleshooting	CRITICAL - Fix renewal failures before certs expire
Backup Runbook	Step-by-step infrastructure backup procedure
Dr. Shahab Project	Linux workstation NetworkManager migration (DUE TOMORROW)

Section

Description

netapi Automation

NEW - Unified API automation framework for all infrastructure

dsec Secrets Management

NEW - Age-encrypted secrets with domain isolation

Infrastructure Diagrams

Visual architecture diagrams (D2 source files)

Current Roadmap

Active infrastructure backup and security roadmap

Certmgr Troubleshooting

CRITICAL - Fix renewal failures before certs expire

Backup Runbook

Step-by-step infrastructure backup procedure

Dr. Shahab Project

Linux workstation NetworkManager migration (DUE TOMORROW)

Infrastructure Overview

See Infrastructure Diagrams for full visual documentation.

Table 1. Key Systems Summary
System	IP	Role
pfSense-01	10.50.1.1	Firewall/Router
ISE-02 (PAN)	10.50.1.21	RADIUS/NAC (Primary Admin Node)
Keycloak-01	10.50.1.80	SAML/OIDC IdP (Docker)
home-dc01	10.50.1.50	AD DS / DNS / DHCP
certmgr-01	10.50.1.60	Vault PKI / Let’s Encrypt
9800-CL-WLC	10.50.1.40	Wireless Controller
KVM-01	10.50.1.99	Hypervisor (supermicro300-9d1)
NAS-01	10.50.1.70	Synology Backups

Document Structure

Tools

Automation frameworks and utilities for infrastructure operations:

netapi - Unified CLI for all infrastructure APIs (ISE, pfSense, Gitea, Keycloak, etc.)
dsec - Age-encrypted secrets management with domain isolation
Integration patterns and best practices

Roadmaps

Long-term planning documents organized by year and month. Each roadmap tracks:

Action items with priorities
Checklists for completion tracking
Notes and discoveries

Projects

Discrete work items with defined scope and completion criteria:

Dr. Shahab Linux Workstation
HashiCorp Vault Sub-CA
Future projects…

Runbooks

Step-by-step operational procedures:

Backup procedures
Disaster recovery
Security validation

Incidents

Post-incident reviews and lessons learned.

Reviews

Periodic infrastructure reviews and audits.

Backup Status

Check current backup health:

# Load credentials with dsec
DSEC_SECURITY_MODE=permissive eval $(dsec source d000 dev/network)

# Check backup status with netapi
netapi synology backup-status --detailed

See netapi Integration and dsec Integration for complete automation documentation.

Version History

Version	Date	Changes
2026.01	2026-01-24	Initial structure, backup roadmap, YubiKey validation

Version

Date

Changes

2026.01

2026-01-24

Initial structure, backup roadmap, YubiKey validation