Network

README.md

@@ -2,7 +2,6 @@
 <img src="https://git.djeex.fr/Djeex/DjeexLab/raw/branch/main/docs/files/img/global/lab.svg" align="center" width="700">
 
 [![docu.djeex.fr](https://img.shields.io/badge/Docu·djeex-00b0f0?style=for-the-badge&logoColor=white&logo=materialformkdocs)](https://docu.djeex.fr/) 
-[![](https://dcbadge.limes.pink/api/server/jvhardware)](https://discord.gg/jvhardware) 
 [![Uptime-Kuma](https://stats.djeex.fr/api/badge/23/status?style=for-the-badge)](https://docu.djeex.fr/) 
 </p>
 

app.config.ts

@@ -39,11 +39,11 @@ export default defineAppConfig({
         icon: 'cib:gitea',
         href: 'https://git.djeex.fr/Djeex/docudjeex',
       },
-      Discord: {
-        label: 'Discord',
-        icon: 'cbi:discord',
-        href: 'https://discord.gg/jvhardware',
-      },
+      Github: {
+        label: 'Github',
+        icon:'cib:github', 
+        href: 'https://github.com/Djeex',
+      }
     },
     github: {
       baseUrl:'https://git.djeex.fr',

assets/css/extra.css

@@ -49,6 +49,18 @@
     max-width: var(--elements-container-maxWidth);
 }
 
+.has-parent-icon .icon {
+    color: #ADA9A4;
+}
+
+.has-parent-icon.active .icon {
+    color: var(--color-primary-500) !important;
+}
+
+.card:hover{
+    color:#00304a;
+}
+
 p img {
     border-radius:7px;
 }

content/0.index.md

@@ -22,29 +22,14 @@ secondary:
 Welcome to docu[·]{style="color: #1ad6ff"}djeex
 
 #description
-Docs, more docs. Tips and experiments. You'll find, among other things:
+Docs, more docs. Tips and experiments. Build your homelab and your own NAS.
 
 #extra
-  ::list
-  - **Debian installation** for your server
-  - **Docker** to deploy your services
-  - **VPN** to access your private network
-  - **Reverse proxy** and **Zero Trust** to expose your services
-  - **SSO** and **Multi-factor** authentication to secure your public services
-  - **Cloud** and **media tools** to access and sync your files and media
-  - _(coming soon)_ **Build your own NAS** from scratch to store your data
-  - _(coming soon)_ **Backup 3-2-1**
-  ::
-
+![](/img/global/docudjeex-home.svg)  
 #support
-  ::terminal
-  ---
-  content:
-  - ssh user@serveex -p 22
-  - cd /docker
-  - sudo docker compose up -d
-  - sudo rm -rf * /
-  - Sud.. shit shiiit shiiiiit !!!
-  ---
-  ::
+::card{icon=cib:gitea style="color:#1ad6ff;"}
+#title
+__git.djeex.fr__
+#description
+[Check my nonsense projects](https://git.djeex.fr)
 ::

content/1.about/1.welcome.md

@@ -1,5 +1,6 @@
 ---
-title: About
+icon: lucide:home
+title: Welcome
 main:
   fluid: false
 ---
@@ -10,7 +11,6 @@ main:
 __Docu[·]{style="color: #1ad6ff"}djeex__ is a site containing the documentation of my personal servers, originally created to easily keep track of my configurations and commands.  
 My infrastructure is built around the Debian 12 + Docker combo, making exporting and deployment simpler.  
 Special thanks to __Nipah__, __Xenio__, and others for their patience and support. Most of this content comes directly from them.  
-Join us on [Discord](https://discord.gg/jvhardware)!
 
 ## About the documentation
 

content/2.general/1.networking/1.nat.md

@@ -26,7 +26,7 @@ When it receives data through a port, your router forwards that data to the mach
 
 Your router has over 65,000 ports available.
 
-Some programs and applications are designed to use specific ports. For example, when your network sends data from an HTML page, the router receives it through port 80 (non-secure) or port 443 (secure via SSL).  
+Some programs and applications are designed to use specific ports. For example, when your network sends data from an HTML page, the router receives it through port 80 (non-secure) or port `443` (secure via SSL).  
 
 So, your router acts as a data dispatcher between the internet and your local machines.
 

content/2.general/1.networking/2.dns.md

@@ -55,7 +55,7 @@ So, if you want to point `mydomain.com` to your server, you can do it by adding
 - __Warning:__ If your server is hosted at home:
 :::
 - Your public IP is the one assigned to your home router. Make sure it's static, or configure [DDNS](https://aws.amazon.com/fr/what-is/dynamic-dns/).
-- Make sure you've [set up port 443 forwarding to your server's listening port](/general/nat).
+- Make sure you've [set up port 443 forwarding to your server's listening port](/general/networking/nat).
 ::
 
 If you're adding a subdomain that should also point to your server, use a `CNAME` record pointing to `mydomain.com`.

content/2.general/1.networking/_dir.yml

@@ -0,0 +1,2 @@
+navigation.title: Networking
+icon: lucide:network

content/2.general/2.storage/1.raid.md

@@ -0,0 +1,113 @@
+---
+navigation: true
+title: RAID
+main:
+  fluid: false
+---
+:ellipsis{left=0px width=40rem top=10rem blur=140px}
+# RAID
+
+_Redundant Array of Independent Disks_
+
+In computing, RAID (Redundant Array of Independent Disks) is a system that allows multiple hard drives to be combined to improve performance and/or reliability. It works by restructuring and distributing data blocks across the drives.
+
+Originally, RAID systems were hardware-based, meaning a dedicated controller (a specific chip) managed data distribution and RAID operations. Today, most RAID systems (or their equivalents) are software-based. In fact, many software technologies can create RAID-like systems with features not available in hardware RAID, such as automatic repair (data scrubbing), snapshots, and more.
+
+## Different Types of RAID
+
+There are several types of RAID, each offering its own pros and cons. In general, RAID impacts the following five factors:
+
+- Number of drives
+- Total storage capacity
+- Read speed
+- Write speed
+- Fault tolerance (resistance to hardware failure)
+
+::alert{type="warning"}
+:::list{type="warning"}
+  - RAID is not a backup system but a service continuity system! It only allows hot-swapping of drives without interrupting your server or restoring from backup. You still need an external backup system.
+::
+
+### No RAID
+---
+
+<div style="display: flex; align-items: center;">
+  <img src="/img/global/no-raid.svg" alt="Image" style="max-width: 30%; max-height:230px; margin-right: 20px;">
+  <ul>
+    <li>Just your disks, without RAID. Data is stored disk by disk.</li>
+    <li>If you lose a disk, only its data is lost.</li>
+    <li>Total capacity is the sum of all disks.</li>
+</div>
+
+Use your disks without RAID when you're not afraid of data loss and can tolerate service interruptions between failure and backup restoration.
+
+### RAID 0
+---
+
+<div style="display: flex; align-items: center;">
+  <img src="/img/global/raid0.svg" alt="Image" style="max-width: 30%; max-height:230px; margin-right: 20px;">
+  <ul>
+    <li>OS sees 1 drive.</li>
+    <li>Data is striped across all disks.</li>
+    <li>If you lose one disk, you lose all data.</li>
+    <li>High read and write performance (multiplied by number of disks).</li>
+    <li>Total capacity is the sum of all disks.</li>
+    <li>Minimum of 2 disks required.</li>
+</div>
+
+Use RAID 0 when you prioritize performance and are not concerned about data loss. Ideal for temporary, high-speed storage (video editing, AI workloads, etc). Not suitable for long-term storage, as one failure means total data loss.
+
+### RAID 1
+---
+
+<div style="display: flex; align-items: center;">
+  <img src="/img/global/raid1.svg" alt="Image" style="max-width: 30%; max-height:230px; margin-right: 20px;">
+  <ul>
+    <li>OS sees 1 drive.</li>
+    <li>All disks contain identical data.</li>
+    <li>You can lose all but one disk.</li>
+    <li>Improved read speed (scales with number of disks).</li>
+    <li>Total capacity is equal to one disk (e.g., 2×10TB = 10TB).</li>
+    <li>Minimum of 2 disks required.</li>
+</div>
+
+Use RAID 1 for strong redundancy. Each disk contains all data, so performance remains unaffected during a failure. Once failed disks are replaced, data is quickly restored. However, usable storage is limited to one disk’s capacity, making it an expensive solution.
+
+::alert{type="success"}
+:::list{type="success"}
+- __Tip:__ You can combine RAID 1 with other RAID types to create mirrored arrays.
+:::
+::
+
+### RAID 5
+---
+<p align="center">
+  <img src="/img/global/raid5.svg" alt="Image" style="max-width: 40%; margin-right: 20px;">
+</p>
+
+- OS sees 1 drive.
+- Data is striped with parity blocks for redundancy.
+- You can lose 1 disk and recover data.
+- Improved read speed (scales with number of disks).
+- Total capacity is the sum of all disks minus one (e.g., 3×10TB = 20TB).
+- Minimum of 3 disks (4 recommended to reduce capacity loss).
+
+Use RAID 5 when you want reliable storage with 3 to 5 disks and minimal space loss. It tolerates one disk failure but may have degraded performance during recovery, which can take days.
+
+### RAID 6
+---
+<p align="center">
+  <img src="/img/global/raid6.svg" alt="Image" style="max-width: 50%; margin-right: 20px;">
+</p>
+
+- OS sees 1 drive.
+- Data is striped with dual parity blocks.
+- You can lose 2 disks and still recover data.
+- Improved read speed (scales with number of disks).
+- Total capacity is the sum of all disks minus two (e.g., 4×10TB = 20TB).
+- Minimum of 4 disks (6 recommended to minimize space loss).
+
+Use RAID 6 in similar situations as RAID 5, especially with 6 or more disks. More disks mean higher failure risk. RAID 6 offers peace of mind by tolerating two simultaneous failures.
+
+## Software RAID
+(coming soon)

content/2.general/2.storage/2.zfs.md

@@ -0,0 +1,76 @@
+---
+navigation: true
+title: ZFS
+main:
+  fluid: false
+---
+:ellipsis{left=0px width=40rem top=10rem blur=140px}
+# ZFS
+
+::alert{type="info"}
+🎯 __Objectives:__
+- Understand what ZFS is and why it's useful
+::
+
+ZFS is widely used in the world of servers, NAS systems (like FreeNAS / TrueNAS), virtualization, and even by tech-savvy individuals who want reliable storage. It is both a _file system_ (like NTFS for Windows, EXT4, FAT32, etc.) and a _volume manager_ (similar to LVM).
+
+To put it simply:  
+- A **volume manager** organizes physical storage (like one or more hard drives).  
+- A **file system** organizes how data blocks are written, read, and deleted within those volumes.
+
+ZFS goes far beyond traditional file systems in terms of performance and features.  
+Here’s what we’re most interested in:
+- Its __snapshot management__ features, allowing you to quickly roll back in case of issues.
+- Its support for disk groupings and [__RAID-like structures__](/general/storage/raid) (Z-Mirror, RAIDZ1, RAIDZ2, RAIDZ3).
+- Its __automatic recovery of corrupted data__ (through scrubbing).
+- Its performance, enhanced by RAM caching (ZFS ARC).
+- Its robust error notifications and monitoring.
+
+## Structure
+---
+![](/img/global/zfs.svg)
+
+ZFS has a unique structure:
+
+- **vdev** (virtual device): a group of physical or virtual disks.
+- **zpool**: a collection of vdevs configured as a single storage pool. A zpool can contain multiple vdevs, but a vdev belongs to only one zpool.
+- **dataset**: a logical data container within a zpool. Each dataset can have its own settings (compression, quotas, permissions, etc.).
+
+There are several dataset types:
+- **file system**: a standard ZFS filesystem, mounted without storage quotas.
+- **zvol**: a "virtual disk" with a defined size, which you can format and partition as if it were a physical disk.
+- **snapshot**: a frozen-in-time version of another dataset. Snapshots can be created manually or through backup tools. They can be mounted to browse data as it was at the snapshot time.
+
+## Why ZFS over others?
+---
+### Data Integrity
+
+ZFS continuously checks that your stored data hasn't become corrupted. Every block of data is associated with a checksum, allowing ZFS to detect even the smallest alteration. If corruption is found and a healthy copy exists elsewhere, ZFS can repair the data automatically.
+
+### Built-in RAID
+
+ZFS includes its own volume management system (vdevs). You can build a zpool using multiple disks—similar to traditional [RAID](/general/storage/raid) setups—but with more flexibility. For example:
+- **Z-mirror** → equivalent to RAID 1
+- **RAIDZ1** → equivalent to RAID 5 (tolerates 1 disk failure)
+- **RAIDZ2** → equivalent to RAID 6 (tolerates 2 disk failures)
+- **RAIDZ3** → tolerates up to 3 disk failures
+
+ZFS handles all this natively—no external RAID software needed.
+
+::alert{type="info"}
+:::list{type="info"}
+- Check out the [article on RAID](/general/storage/raid) to find the right solution for your needs.
+:::
+::
+
+### Snapshots and Clones
+
+ZFS allows you to create snapshots—instantaneous images of a dataset's state. Snapshots take up minimal space and can be scheduled frequently. You can also create clones: writable copies of snapshots.
+
+### Compression and Deduplication
+
+ZFS can compress data on the fly (transparently to the user), saving disk space. It also supports deduplication (removing duplicate data), though this feature requires a lot of memory and is not recommended for all use cases.
+
+---
+
+Now you know why ZFS is *the* file system to deploy on your NAS.

content/2.general/2.storage/_dir.yml

@@ -0,0 +1,2 @@
+navigation.title: Storage
+icon: lucide:hard-drive

content/2.general/3.hardware/1.basics.md

@@ -0,0 +1,171 @@
+---
+navigation: true
+title: The Basics
+main:
+  fluid: false
+---
+:ellipsis{left=0px width=40rem top=10rem blur=140px}
+# Server Basics
+
+::alert{type="info"}
+🎯 __Objectives:__
+- Understand the fundamentals of server hardware
+::
+
+![hardware](/img/global/hardware.svg)
+
+
+A __server__ is essentially a computer dedicated to specific tasks, designed to remain accessible at all times. Structurally, it's not much different from a regular computer. Depending on its intended use, some components may vary. This article serves as a reference to help you understand the essential components of a server and how their roles adapt based on your needs.
+
+## Motherboard
+---
+The __motherboard__ is the foundation of your machine. It's the component that connects all others together. It enables communication between components and interaction with peripherals (keyboard, mouse, etc.). Choose it based on your I/O (Input/Output) needs like USB ports, network ports, speed, etc., and ensure compatibility with the components you plan to install.
+
+Key components connected to the motherboard:
+- CPU
+- RAM
+- Storage (HDD and/or SSD)
+- Optional dedicated GPU
+
+Common consumer motherboard formats:
+- E-ATX: largest
+- ATX: standard
+- Micro-ATX: smaller
+- Mini-ITX: smallest
+
+Larger boards generally offer more ports and features. Pre-built systems might use proprietary formats.
+
+## CPU
+---
+<div style="display: flex; align-items: center;">
+  <img src="/img/global/cpu.svg" alt="Image" style="max-width: 25%; max-height:230px; margin-right: 20px;">
+  <p>The <strong>CPU</strong> (Central Processing Unit) is the computer's calculator. It processes most software tasks. Modern CPUs have multiple cores, often with virtual threads, to better handle workloads. They need to be cooled using either an active cooler (with a fan) or a passive one (fanless), depending on power consumption (watts). Choose your CPU based on how you plan to use the server.</p>
+</div>
+
+::alert{type="warning"}
+:::list{type="warning"}
+- __Caution:__ Ensure third-party coolers are compatible with the CPU socket and always apply thermal paste before installing the cooler.
+:::
+::
+
+Consider:
+- Number of cores (more cores = better multitasking)
+- Clock speed in GHz
+- Power consumption in Watts
+
+For low-power home servers or NAS (non-intensive computing), consider Intel N100/150 (4 cores) or N305/N355 (8 cores)—efficient and low power (ideal for 24/7 uptime).
+
+## RAM
+---
+
+<p align="center">
+  <img src="/img/global/ram.svg" alt="Image" style="max-width: 65%;">
+</p>
+
+__RAM__ (Random Access Memory) is fast, temporary memory used by the CPU (and iGPU if applicable) for quick access during execution. It clears periodically and when the machine powers down. Better RAM = better CPU performance.
+
+Comes as sticks installed on the motherboard. Varies by format and generation (currently DDR5).
+
+## GPU
+---
+
+The __GPU__ (Graphics Processing Unit) handles graphical, video, and sometimes AI-related processing. Its main theoretical use is to display the image on your screen. In servers, it's useful for media centers (e.g. [Plex](/serveex/media/plex)) and for accelerating AI tasks like facial recognition or photo indexing (e.g. [Immich](/serveex/cloud/immich)).
+
+Depending on the required performance, one can choose between a dedicated GPU with its own VRAM (a graphics card connected to a PCIe slot on the motherboard), or an iGPU—an integrated GPU built into the CPU (such as the N100/N150 or N305/N355), which uses the system’s shared RAM.
+
+### HDD(s)
+---
+
+<p align="center">
+  <img src="/img/global/hdd.svg" alt="Image" style="max-width: 50%; margin-right: 20px;">
+</p>
+
+An __HDD__ (Hard Disk Drive), or hard drive, is a component used to store data. It was once the standard storage device in computers. HDDs consist of one or more stacked platters and read/write heads—somewhat like a vinyl record player.
+
+Today, HDDs can store enormous amounts of data (up to 30TB, or 30,000 gigabytes, for consumer models), but their read and write speeds are limited due to their mechanical nature. They are also bulky and heavy.
+
+Generally, HDDs are best suited for storing data that doesn’t require frequent access or fast write speeds, such as media files (videos, photos), cloud drives, or archived data. They perform well in these scenarios and, most importantly, are significantly cheaper than SSDs for the same amount of storage.
+
+::alert{type="success"}
+:::list{type="success"}
+- __Tip:__ Use multiple HDDs in [RAID](/general/storage/raid) to enhance performance and redundancy.
+:::
+::
+
+Comes in 3.5" and 2.5" formats; servers usually favor the more reliable 3.5".
+
+### SSD(s)
+---
+
+<p align="center">
+  <img src="/img/global/nvme.svg" alt="Image" style="max-width: 50%; margin-right: 20px;">
+</p>
+
+An __SSD__ (Solid State Drive) is a small circuit board with memory chips soldered onto it, used to store information. Unlike RAM, these chips retain data even when not powered, meaning the information is preserved after a reboot. SSDs are generally used as the main storage medium for your server.
+
+Unlike HDDs, SSDs have no moving parts, are highly compact, and most importantly, are extremely fast—offering speeds of several gigabytes per second for high-performance models.
+
+SSDs come in various formats, but today the preferred choice is the M.2 NVMe version, as it is the smallest, fastest, and has become the standard on modern motherboards.
+
+However, SSDs are significantly more expensive than hard drives for the same storage capacity. Typically, the operating system (OS) is installed on the SSD to ensure fast performance. In a server environment, it's also ideal to store [Docker containers](/serveex/core/docker) and databases on the SSD. More broadly, any data that needs to be accessed frequently and quickly—such as websites, applications, or processing workloads—should be stored on an SSD.
+
+### Network Card
+---
+
+A __network card__ allows your machine to communicate with your network (including the internet). It consists of a controller chip and one or more network ports. These ports—often Ethernet ports—can come in different physical formats and support various data transfer standards:
+
+- __RJ45 Gigabit Ethernet (10/100/1000):__ The standard RJ45 connector, supporting speeds from 10 Mbps (0.125 MB/s) up to 1000 Mbps (125 MB/s).
+- __RJ45 2.5G:__ Same connector type, supporting up to 2.5 Gbps (2,500 Mbps or 312.5 MB/s).
+- __RJ45 5G:__ Same connector, supporting up to 5 Gbps (625 MB/s).
+- __RJ45 10G Base-T:__ Same RJ45 format, supporting up to 10 Gbps (1.25 GB/s).
+- __SFP 1G:__ SFP port, commonly used for fiber optic connections, supporting speeds up to 1 Gbps.
+- __SFP+ 10G:__ An enhanced version of the SFP port, also used for fiber optics, supporting up to 10 Gbps.
+
+::alert{type="warning"}
+:::list{type="warning"}
+- __Caution:__ Match network gear (router, switch, cables) to your desired speed. For most uses, CAT5E cables are enough; use CAT6A beyond 10 Gbps. Fiber requires additional care (simplex, duplex, transceivers...).
+:::
+::
+
+The network card is usually built directly into the motherboard, but you can also use dedicated network cards, for example via USB or a PCIe expansion slot.
+
+In general, for a server setup, it's recommended to have at least two Ethernet ports to ensure redundancy in case one connection fails.
+
+### Input/Output Ports
+---
+
+__I/O__ ports allow communication with external devices (displays, keyboard, mouse, network...). Motherboards typically offer:
+- Ethernet ports
+- USB ports (varied types/speeds)
+- Video ports
+- Audio jacks
+
+Choose a motherboard and expansions based on your I/O needs.
+
+### Power Supply
+---
+
+The __power supply unit__ (PSU) is the component that provides electrical power to your machine’s components. It connects to the wall via a power cord and has several output cables that plug into the motherboard and various peripherals, such as hard drives or dedicated graphics cards.
+
+A power supply is defined by several key characteristics:
+
+- Wattage (its total power output),
+- Modularity (whether the cables are fixed or detachable),
+- Efficiency (measured as a percentage). For example, a 500W PSU with 80% efficiency will actually draw 625W from the wall to deliver 500W to the system.
+
+Another important factor is the form factor. There are several standard sizes, from ATX L (for larger cases) to SFX (for compact builds). There are also specialized models for rack-mounted servers, which are typically flat and space-efficient.
+
+To choose the right PSU, a common rule of thumb is to estimate your system’s power needs based on usage, and then double that value. This is because most power supplies operate at optimal efficiency around 50% of their maximum load.
+
+### Case
+---
+
+<div style="display: flex; align-items: center;">
+  <img src="/img/global/case.svg" alt="Image" style="max-width: 25%; max-height:230px; margin-right: 20px;">
+  <p>The <strong>case</strong> is also an essential component of your machine. It plays a key role in cooling, through its fans and airflow design, and it determines the form factor compatibility for your motherboard, power supply, and any dedicated GPU you may install.
+</p>
+</div>
+
+Additionally, the case dictates how many HDDs you can install and what formats they support. Some cases are rack-mountable, meaning they can be installed in server racks (server cabinets).
+
+Choose your case carefully based on your specific needs and the hardware you plan to use.

content/2.general/3.hardware/2.network.md

@@ -0,0 +1,132 @@
+---
+navigation: true
+title: Network
+main:
+  fluid: false
+---
+:ellipsis{left=0px width=40rem top=10rem blur=140px}
+# Network
+
+::alert{type="info"}
+🎯 __Objectives:__
+- Understand the basics of networking hardware
+::
+
+![hardware](/img/global/hardware-networking.svg)
+
+A computer network cannot exist without the hardware required to build it. Hardware determines the size of the network, communication speeds, and its overall performance. In this article, we will focus on the simplest types of networks, typically found in home environments.
+
+## The Router
+---
+The __router__ is the central hub of your network. It directs __packets__—the blocks of data that travel across your network—from the sender to the appropriate recipient. It manages the routing of data both within your local network and to/from external networks. In short, it enables devices to communicate with each other and with the internet.
+
+Everyone has a router at home—it's the __internet box__ provided by your ISP (Internet Service Provider).
+
+In general, a router consists of:
+- a WAN (Wide Area Network) port that receives data from the internet (or from a higher-level network). For example, it could be a port for a fiber optic connection from your ISP, or an SFP+/RJ45 port for a third-party router.
+- a switch, i.e., a hub with several __LAN__ (Local Area Network) ports allowing multiple devices to connect to your network. These ports can be RJ45 or SFP/SFP+.
+- sometimes a built-in WiFi transmitter/receiver.
+
+A router may also include _firewall_ capabilities, allowing you to restrict traffic from specific devices, as well as _[NAT (Network Address Translation)](/general/networking/nat)_ for port forwarding. It generally includes a _[DHCP (Dynamic Host Configuration Protocol)](/general/networking/nat#dhcp)_ server to automatically assign _IP addresses_ to devices connected to the network.
+
+The router directly affects communication speeds between devices. The WAN port limits the maximum internet speed you can receive from your ISP. For example, if your subscription offers 5 Gb/s, you’ll need a WAN port that supports at least 5 Gb/s. Likewise, internal device-to-device communication is limited by the speed of the switch. If your devices communicate at 5 Gb/s, the router’s switch must have 5 Gb/s ports. If you're using WiFi 7 equipment and want to enjoy its full speed, your router must support it as well. If you’re using a separate WiFi access point, make sure its network port matches or exceeds the speed of the WiFi it broadcasts—and that the router supports it too.
+
+Internet speed, number of devices, WiFi speed, and internal network speed—these are the four key factors to consider when choosing an internet box or buying your own router.
+
+::alert{type="success"}
+✨ __Tip:__
+You can easily use a third-party router to manage your network if your ISP’s internet box supports _bridge mode_. In France, only the provider Free offers this option. It is technically possible with other providers that do not support bridge mode, but it can be quite difficult and may prevent you from using all the features a third-party router provides.
+::
+
+## The Switch
+---
+
+The __switch__, or network switch, is a device that allows multiple devices to connect to the network. It acts as a literal hub, connecting directly to the router or to another switch upstream. It helps avoid overloading the switch ports on your router or relocating devices to another room without running a cable from each one back to the router. Another common use case is to segment multiple networks that are managed by the same router.
+
+There are generally two types of switches:
+- **Unmanaged switches**, the most common. These are plug-and-play: you just plug them in and everything works automatically.
+- **Managed switches**. These offer a configuration interface (via command line or web UI), allowing you to fine-tune routing rules under the control of the router. They are powerful for creating virtual networks between your devices, but usually require more setup time and are less convenient than simple unmanaged switches.
+
+::alert{type="warning"}
+:::list{type="warning"}
+- __Warning:__ Make sure to use a switch with ports that match the speeds supported by your network devices.
+:::
+::
+
+## Cables
+---
+
+Cables are essential components of your network. Depending on their type and category, they can limit the bandwidth between devices, so they must be chosen to match your network's specifications. They also need to be compatible with your devices' ports.
+
+Here’s a quick reference of the most common cable and port standards:
+
+- **RJ45 Gigabit Ethernet 10/100/1000**: The standard RJ45 connector, supporting speeds from 10 Mbps (0.125 MB/s) to 1000 Mbps (125 MB/s)
+- **RJ45 2.5G**: Same connector, supporting speeds up to 2.5 Gbps (312.5 MB/s)
+- **RJ45 5G**: Same connector, supporting speeds up to 5 Gbps (625 MB/s)
+- **RJ45 10GBase-T**: Same connector, supporting speeds up to 10 Gbps (1.25 GB/s)
+- **SFP 1G**: SFP port, typically used for fiber optics, supporting up to 1 Gbps
+- **SFP+ 10G**: Enhanced SFP port, also for fiber, supporting up to 10 Gbps
+
+### Ethernet Cables
+
+These copper cables usually use the standard `RJ45` connector. It's the most common network connector found on routers and switches.
+
+Ethernet cables are divided into categories that define their maximum speed based on distance:
+
+| Speed     | Cable Type | Max Distance |
+|-----------|------------|--------------|
+| 10 Gb/s   | CAT 6A     | 100 m        |
+|           | CAT 6      | 55 m         |
+|           | CAT 5e     | 30 m         |
+| 5 Gb/s    | CAT 6      | 100 m        |
+|           | CAT 5e     | 30 m         |
+| 2.5 Gb/s  | CAT 5e     | 100 m        |
+| 1 Gb/s    | CAT 5e     | 100 m        |
+| 100 Mb/s  | CAT 5      | 100 m        |
+
+Some of these cables are flat, round, shielded (requiring grounding), etc. Choose based on your setup. What matters is that, for example, if you want to connect a device with a 2.5 Gb/s RJ45 port to a 2.5 Gb/s router, you’ll need at least a `CAT 5e` cable.
+
+On the other hand, if your device is limited to 100 Mb/s, a simple `CAT 5` cable will suffice.
+
+Nowadays, in new buildings, it is standard practice to install `CAT 6A` cables inside walls. This way, wall ports are ready to support 10 Gb/s over 100 meters.
+
+---
+
+### Optical Cables
+
+Very thin but fragile, optical cables are increasingly appearing in home networks. It often starts with the fiber cable connecting your ISP’s outlet to your box/router. They have several advantages:
+- Extremely compact
+- Zero electrical consumption (unlike copper, which loses energy as heat)
+- No electromagnetic radiation (no shielding needed, no signal interference)
+- Very high speeds over long distances
+
+For local networking, it's important to understand that several types of fiber cables exist. Their performance depends on both distance and compatibility with the appropriate `transceiver`. Fiber cables connect to your devices' SFP+ ports via a small device called a transceiver, which converts electrical signals to light (and vice versa).
+
+For local networks, the recommended standard is a **multimode OM3 fiber with LC connectors**, paired with a **10G LC SFP+ transceiver**. This setup allows 10 Gb/s connections and is compatible with most devices featuring SFP+ ports.
+
+::alert{type="warning"}
+:::list{type="warning"}
+- __Warning:__ Make sure to use transceivers that are compatible with your devices (routers, switches, or other hardware). There is no universal standard yet, and manufacturers usually specify which brands are supported.
+:::
+::
+
+---
+
+### DAC Cables
+
+These are copper cables with integrated `transceivers`. They allow two SFP/SFP+ ports to communicate over short distances without using fragile fiber or RJ45 adapters. However, they consume more energy due to natural copper loss, which is non-negligible.
+
+---
+
+### SFP+ Transceivers
+
+These let you connect different types of cables to your SFP/SFP+ ports. Variants are available for:
+- Fiber optic
+- DAC
+- RJ45
+
+::alert{type="warning"}
+:::list{type="warning"}
+- RJ45 transceivers consume a lot of energy due to copper signal loss and can generate significant heat. Low-power models (under 2W) exist and are generally rated for longer cables (e.g., 80m instead of 30m). Surprisingly, these are preferred over short-distance models because they generate less heat and consume less energy—making them more compatible with sensitive devices. Using the wrong type can cause network degradation or even outages.
+:::
+::

content/2.general/3.hardware/_dir.yml

@@ -0,0 +1,2 @@
+navigation.title: Hardware
+icon: lucide:server

content/2.general/_dir.yml

@@ -1,3 +1,3 @@
 icon: noto:open-book
 navigation.title: General
-navigation.redirect: /general/nat
+navigation.redirect: /general/networking/nat

content/3.serveex/1.introduction.md

@@ -1,4 +1,5 @@
 ---
+icon: lucide:bookmark
 navigation: true
 title: Introduction
 main:
@@ -7,8 +8,7 @@ main:
 :ellipsis{left=0px width=40rem top=10rem blur=140px}
 ## A Home Lab by a Beginner, for Beginners
 
-<p align="center">
-<img src="/img/serveex/serveex.svg" align="center" width="700">
+![](/img/serveex/serveex-server.svg)  
 
 **Serveex** is primarily a personal project aimed at hosting as many everyday services as possible at home, without relying on proprietary platforms (Google, Apple, Netflix, etc.). The goal was to experiment, learn, and document every step along the way. This is purely a scientific project and is not intended for production use.
 
@@ -18,11 +18,14 @@ A big thanks to **Nipah** for sharing his infinite knowledge and, above all, for
 **Prerequisites:**
 :::list{type="primary"}
 - Have [an online VPS](https://www.it-connect.fr/les-serveurs-prives-virtuels-vps-pour-les-debutants/) or a local machine: ideally a mini PC (you can find N100 models for around €100), but it also works on a laptop or [a virtual machine](https://openclassrooms.com/fr/courses/2035806-virtualisez-votre-architecture-et-vos-environnements-de-travail/6313946-installez-virtualbox). The [Freebox Delta/Ultra offer virtual machines](https://next.ink/3493/machines-virtuelles-et-freebox-delta-comment-heberger-votre-premiere-page-web/).
-- Know how to configure [NAT rules on a router and assign DHCP leases](/general/nat)
-- Know how to configure the [DNS zone of a domain name](/general/dns)
+- Know how to configure [NAT rules on a router and assign DHCP leases](/general/networking/nat)
+- Know how to configure the [DNS zone of a domain name](/general/networking/dns)
 :::
 ::
 
+<p align="center">
+<img src="/img/serveex/serveex.svg" align="center" width="700">
+
 The goal is to be easily deployable and easy to migrate, so here is its structure:
 
 ::card-grid{grid-template-columns="repeat(2, minmax(0, 1fr));"}

content/3.serveex/2.core/1.installation.md

@@ -60,7 +60,7 @@ Additionally:
 - [Firewalld](https://linuxcapable.com/how-to-install-firewalld-on-debian-linux/)
 
 ### Samba Sharing (Access a Remote Network Disk)
-- [Create and Access a Samba Share](/general/samba)
+- [Create and Access a Samba Share](/general/networking/samba)
 
 
 ### File Transfer via rsync

content/3.serveex/2.core/3.swag.md

@@ -265,7 +265,7 @@ server {
 ---
 ::alert{type="info"}
 📋 __Prerequisite:__ <br/><br/>
-We assume that you have created a subdomain like `dockge.mydomain.com` in your [DNS zone](/general/dns), with a `CNAME` pointing to `mydomain.com` and — unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare) — that you've forwarded port `443` from your router to the server's `443` in [your NAT rules](/general/nat).
+We assume that you have created a subdomain like `dockge.mydomain.com` in your [DNS zone](/general/networking/dns), with a `CNAME` pointing to `mydomain.com` and — unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare) — that you've forwarded port `443` from your router to the server's `443` in [your NAT rules](/general/networking/nat).
 ::
 
 Now it's time to expose Dockge on the internet so you can access and manage your containers remotely. We assume you've set up the subdomain `dockge.mydomain.com` with a `CNAME` pointing to `mydomain.com`.

content/3.serveex/2.core/_dir.yml

@@ -1 +1,2 @@
 navigation.title: Server core
+icon: lucide:server-cog

content/3.serveex/3.security/1.wireguard.md

@@ -81,8 +81,6 @@ Paste the following configuration:
 
 ```yaml
 ---
-volumes:
-  etc_wireguard:
 services:
   wg-easy:
     network_mode: host
@@ -109,7 +107,9 @@ services:
 ```
 
 ::alert{type="success"}
-✨ __Tip:__ Add the Watchtower label to enable automatic updates
+✨ __Tip:__
+- You can also specify your own wireguard port with `WG_PORT`
+- Add the Watchtower label to enable automatic updates
 
 ```yaml
 services
@@ -131,7 +131,7 @@ IPS=
 
 | Variable     | Description | Example |
 |--------------|-------------|---------|
-| `HOST`       | Domain name of the host | `mydomain.com` |
+| `HOST`       | IP of public access of your host (router ISP's IP if it's at home) | `80.75.137.27` |
 | `PW`         | Bcrypt password hash, [generate here](https://bcrypt-generator.com/). **NOTE:** Double the `$` characters | `$$2a$$12$$FF6T4QqSP9Ho` |
 | `ADDRESS`    | VPN DHCP address range, the `x` must remain, others can vary | `10.8.0.x` |
 | `IPS`        | IPs routed by clients through the VPN. Use `10.8.0.0/24` to only route VPN traffic. To include local LAN, add `192.168.0.0/16` separated by commas. | `10.8.0.0/24` |
@@ -249,7 +249,6 @@ sudo docker compose up -d
 ::alert{type="warning"}
 :::list{type="warning"}
 - __Warning:__ If a client device is on the same LAN as the server, edit `wg0.conf` and change the endpoint to the local server IP:
-
 `Endpoint = your-server-ip:51820`
 :::
 ::

content/3.serveex/3.security/2.authentik.md

@@ -73,14 +73,14 @@ sudo echo "AUTHENTIK_SECRET_KEY=$(openssl rand 60 | base64)" >> .env
 ::
 
 Open Dockge and search for "authentik" in the inactive stacks.
-Name the stack `authentik` and paste the following configuration, replacing `{AUTHENTIK_TAG:-2024.2.3}`{lang=properties} with [the latest version of Authentik](https://version-2024-6.goauthentik.io/docs/releases). 
+Name the stack `authentik` and paste the following configuration, replacing `{AUTHENTIK_TAG:-2025.6.3}`{lang=properties} with [the latest version of Authentik](https://goauthentik.io/docs/releases). 
 
 ```yaml
 ---
 services:
 
   postgresql:
-    image: docker.io/library/postgres:12-alpine
+    image: docker.io/library/postgres:16-alpine
     container_name: authentik-postgresql
     restart: unless-stopped
     healthcheck:
@@ -117,7 +117,7 @@ services:
       - redis:/data
   
   server:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2.1}
     container_name: authentik-server
     restart: unless-stopped
     command: server
@@ -130,7 +130,6 @@ services:
     volumes:
       - ./media:/media
       - ./custom-templates:/templates
-      - ./auth.css:/web/dist/custom.css
       - ./ssh:/authentik/.ssh
     env_file:
       - .env
@@ -142,7 +141,7 @@ services:
       - redis
 
   worker:
-    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.2.3}
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2025.2.1}
     container_name: authentik-worker
     restart: unless-stopped
     command: worker
@@ -164,7 +163,6 @@ services:
       - ./media:/media
       - ./certs:/certs
       - ./custom-templates:/templates
-      - ./auth.css:/web/dist/custom.css
       - ./ssh:/authentik/.ssh
     env_file:
       - .env
@@ -197,7 +195,7 @@ To use Authentik outside your local network, you must expose it.
 
 ::alert{type="info"}
 📋 __Prerequisites:__  <br/><br/>
-We assume you have already created a subdomain like `auth.mydomain.com` in your [DNS zone](/general/dns), with a CNAME pointing to `mydomain.com`. Also, unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare), you must have already forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/nat).
+We assume you have already created a subdomain like `auth.mydomain.com` in your [DNS zone](/general/networking/dns), with a CNAME pointing to `mydomain.com`. Also, unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare), you must have already forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/networking/nat).
 ::
 
 Open the `authentik-server.conf` file:

content/3.serveex/3.security/3.cloudflare.md

@@ -46,7 +46,7 @@ Here we’ll explain how to integrate SWAG with Cloudflare tunnels.
 ---
 ### DNS Zone
 
-First, you need to set Cloudflare as your [DNS zone](/general/dns) manager. If you bought your domain from Cloudflare, that’s already done. Otherwise, check with your registrar how to add external DNS servers. Cloudflare provides [step-by-step documentation](https://developers.cloudflare.com/dns/zone-setups/full-setup/setup/) on how to configure a DNS Zone, whether your domain is external or registered with Cloudflare.
+First, you need to set Cloudflare as your [DNS zone](/general/networking/dns) manager. If you bought your domain from Cloudflare, that’s already done. Otherwise, check with your registrar how to add external DNS servers. Cloudflare provides [step-by-step documentation](https://developers.cloudflare.com/dns/zone-setups/full-setup/setup/) on how to configure a DNS Zone, whether your domain is external or registered with Cloudflare.
 
 If you only have one server to protect behind Cloudflare, you can delete all existing DNS records. By default, your domain and all its subdomains will be redirected to the tunnel.
 
@@ -214,10 +214,10 @@ TUNNEL_PW=
 
 Once done, deploy the stack. Check the logs—you should reach `server ready`.
 
-Then confirm your tunnel appears under _Networks > Tunnels_ in [Cloudflare Zero Trust](https://one.dash.cloudflare.com/). By default, all subdomains will be routed through the tunnel—no need to define them [in your DNS zone](/general/dns).
+Then confirm your tunnel appears under _Networks > Tunnels_ in [Cloudflare Zero Trust](https://one.dash.cloudflare.com/). By default, all subdomains will be routed through the tunnel—no need to define them [in your DNS zone](/general/networking/dns).
 
 ::alert{type="success"}
-✨ __Tip:__ If you want to expose a service without a tunnel, just define an A record [in your DNS zone](/general/dns). If resolution fails, disable the proxy function for that record—e.g., for `sub.mondomaine.fr`.
+✨ __Tip:__ If you want to expose a service without a tunnel, just define an A record [in your DNS zone](/general/networking/dns). If resolution fails, disable the proxy function for that record—e.g., for `sub.mondomaine.fr`.
 ![dns](/img/serveex/cf-dns.png)
 ::
 

content/3.serveex/3.security/_dir.yml

@@ -1 +1,2 @@
 navigation.title: Security
+icon: lucide:shield

content/3.serveex/4.monitoring/1.uptime-kuma.md

@@ -68,7 +68,7 @@ You can now access the tool via `http://yourserverip:3200`.
 ::alert{type="info"}
 📋 __Before you begin:__ 
 <br/><br/>
-We assume you have the subdomain `stats.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/dns). And of course, [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` of your router should point to port `443` of your server via [NAT rules](/general/nat).
+We assume you have the subdomain `stats.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/networking/dns). And of course, [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` of your router should point to port `443` of your server via [NAT rules](/general/networking/nat).
 ::
 
 ::alert{type="warning"}

content/3.serveex/4.monitoring/2.dozzle.md

@@ -41,11 +41,9 @@ services:
     env_file:
       - .env
     environment:
-      - DOZZLE_AUTH_PROVIDER=simple
       - DOZZLE_HOSTNAME=${DOMAIN}
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
-      - /docker/dozzle/data:/data
 ```
 
 ::alert{type="success"}
@@ -65,7 +63,7 @@ Fill in your domain name in the `.env` file, for example:
 DOMAIN=dozzle.mydomain.com
 ```
 
-Deploy the container and go to `http://yourserverip:9135`. Voilà, your Dozzle web UI is up and running!
+Deploy the container. Go to `http://yourserverip:9135`. Voilà, your Dozzle web UI is up and running!
 
 ## Exposing Dozzle with Swag
 ---
@@ -81,7 +79,7 @@ You may want to access Dozzle remotely and on all your devices. To do so, we’l
 ::alert{type="info"}
 📋 __Before you begin:__
 <br/><br/>
-We assume you have created a subdomain like `dozzle.mydomain.com` in your [DNS zone](/general/dns) with a `CNAME` pointing to `mydomain.com` and that, [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), you’ve redirected port `443` from your router to port `443` on your server in your [NAT rules](/general/nat).
+We assume you have created a subdomain like `dozzle.mydomain.com` in your [DNS zone](/general/networking/dns) with a `CNAME` pointing to `mydomain.com` and that, [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), you’ve redirected port `443` from your router to port `443` on your server in your [NAT rules](/general/networking/nat).
 ::
 
 Go to Dockge and edit the SWAG compose file to add Dozzle’s network:

content/3.serveex/4.monitoring/3.speedtest-tracker.md

@@ -91,7 +91,7 @@ Deploy the container and go to `http://yourserverip:3225`. Log in with the accou
 ---
 ::alert{type="info"}
 📋 **Prerequisites:**  
-We assume that you've already created a subdomain like `speedtest.yourdomain.com` in your [DNS zone](/general/dns) with a `CNAME` pointing to `yourdomain.com`, and [unless you’re using Cloudflare Zero Trust](/serveex/security/cloudflare), you've also forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/nat).
+We assume that you've already created a subdomain like `speedtest.yourdomain.com` in your [DNS zone](/general/networking/dns) with a `CNAME` pointing to `yourdomain.com`, and [unless you’re using Cloudflare Zero Trust](/serveex/security/cloudflare), you've also forwarded port `443` from your router to port `443` of your server in your [NAT rules](/general/networking/nat).
 ::
 
 Now we want to expose Speedtest Tracker to the internet so you can access it remotely. We assume you've set up the DNS `CNAME` for `speedtest.yourdomain.com` pointing to `yourdomain.com`.

content/3.serveex/4.monitoring/4.beszel.md

@@ -44,7 +44,7 @@ services:
     container_name: beszel
     restart: unless-stopped
     ports:
-      - ${PORT}$:8090
+      - ${PORT}:8090
     volumes:
       - ./data:/beszel_data
       - ./socket:/beszel_socket
@@ -156,7 +156,7 @@ If you want to access Beszel remotely from all your devices, expose it using Swa
 ::alert{type="info"}
 📋 __Prerequisite:__
 <br/><br/>
-You must have created a DNS subdomain like `beszel.mydomain.com` with a `CNAME` pointing to `mydomain.com`, and—unless you're using Cloudflare Zero Trust—you must have forwarded port `443` on your router to your server’s `443` port via [NAT rules](/general/nat).
+You must have created a DNS subdomain like `beszel.mydomain.com` with a `CNAME` pointing to `mydomain.com`, and—unless you're using Cloudflare Zero Trust—you must have forwarded port `443` on your router to your server’s `443` port via [NAT rules](/general/networking/nat).
 ::
 
 In Dockge, edit Swag's compose file and add Beszel’s network:

content/3.serveex/4.monitoring/5.upsnap.md

@@ -94,7 +94,7 @@ You may want to access it remotely from all your devices. To do so, we'll expose
 ::alert{type="info"}
 📋 __Beforehand:__
 <br/><br/>
-We assume you've created a subdomain in your [DNS zone](/general/dns), such as `upsnap.yourdomain.com` with a `CNAME` to `yourdomain.com`. Also, unless you're using Cloudflare Zero Trust, you should have already forwarded port `443` from your router to port `443` on your server in your [NAT rules](/general/nat).
+We assume you've created a subdomain in your [DNS zone](/general/networking/dns), such as `upsnap.yourdomain.com` with a `CNAME` to `yourdomain.com`. Also, unless you're using Cloudflare Zero Trust, you should have already forwarded port `443` from your router to port `443` on your server in your [NAT rules](/general/networking/nat).
 ::
 
 Go to Dockge, and edit the SWAG compose by adding the UpSnap network:

content/3.serveex/4.monitoring/_dir.yml

@@ -1 +1,2 @@
 navigation.title: Monitoring
+icon: lucide:chart-no-axes-column

content/3.serveex/5.media/1.plex.md

@@ -144,7 +144,7 @@ Then go to the _Remote Access_ section and manually select a port (we’ll use `
 
 ![picture](/img/serveex/plex-port.png)
 
-- On your router, forward TCP port `1234` to port `32400` for your server’s IP using [NAT rules](/general/nat).
+- On your router, forward TCP port `1234` to port `32400` for your server’s IP using [NAT rules](/general/networking/nat).
 - Once done, return to Plex to verify that remote access is functional.
 
 ::alert{type="danger"}
@@ -163,7 +163,7 @@ Simply add your media to `/media/movies` and `/media/tvseries` on your server. Y
 
 ::alert{type="info"}
 :::list{type="info"}
-- If your media is stored on a network disk (e.g. NAS or external hard drive over the network), refer to the [Samba mount guide](/general/samba) so Plex can access it.
+- If your media is stored on a network disk (e.g. NAS or external hard drive over the network), refer to the [Samba mount guide](/general/networking/samba) so Plex can access it.
 :::
 ::
 
@@ -175,7 +175,7 @@ However, you may want to expose Tautulli so you can view stats from a simple URL
 
 ::alert{type="info"}
 :::list{type="info"}
-- We assume you have the subdomain `tautulli.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/dns). And of course, [unless you use Cloudflare Zero Trust](/serveex/security/cloudflare), your box's port `443` must be forwarded to your server's port `443` in [NAT rules](/general/nat).
+- We assume you have the subdomain `tautulli.mydomain.com` with a `CNAME` pointing to `mydomain.com` in your [DNS zone](/general/networking/dns). And of course, [unless you use Cloudflare Zero Trust](/serveex/security/cloudflare), your box's port `443` must be forwarded to your server's port `443` in [NAT rules](/general/networking/nat).
 :::
 ::
 

content/3.serveex/5.media/2.qbittorrent.md

@@ -217,7 +217,7 @@ To start downloads from outside your home, without a VPN, you can expose the Qbi
 
 ::alert{type="info"}
 :::list{type="info"}
-- We assume you have the subdomain `seedbox.mydomain.com` with a `CNAME` pointing to `mydomain.com` in [DNS zone](/general/dns). And that port `443` on your router is forwarded to your server in [NAT rules](/general/nat), unless you’re using Cloudflare Zero Trust.
+- We assume you have the subdomain `seedbox.mydomain.com` with a `CNAME` pointing to `mydomain.com` in [DNS zone](/general/networking/dns). And that port `443` on your router is forwarded to your server in [NAT rules](/general/networking/nat), unless you’re using Cloudflare Zero Trust.
 :::
 ::
 

content/3.serveex/5.media/3.servarr.md

@@ -49,11 +49,20 @@ root
 │   └── overseerr
 │       └── config
 └── media
+    ├── downloads
     ├── tvseries
     ├── movies
     └── library
 ```
 
+::alert{type="warning"}
+:::list{type="warning"}
+- __Warning:__ Make sure to follow this file structure carefully, especially the `media` folder. This folder must be mounted **exactly the same way** in both the _Qbittorrent_ compose file (`/your/path/media:/media`) and the _arr_ applications.  
+If not, the _arr_ apps may not recognize the path provided by Qbittorrent and will fail to create _hardlinks_.  
+Without hardlinks, the _arr_ apps will copy the files instead—**doubling the space used** on your storage.
+:::
+::
+
 Open Docker and your `plex` stack. Modify the compose file as follows:
 ```yaml
 ---
@@ -385,7 +394,7 @@ It can be useful to expose Overseerr if you want to send requests from outside y
 
 ::alert{type="info"}
 :::list{type="info"}
-- We assume you have the subdomain `films.mydomain.com` with a `CNAME` pointing to `films.fr` in your [DNS zone](/general/dns). And that [unless you’re using Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/nat).
+- We assume you have the subdomain `films.mydomain.com` with a `CNAME` pointing to `films.fr` in your [DNS zone](/general/networking/dns). And that [unless you’re using Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/networking/nat).
 :::
 ::
 

content/3.serveex/5.media/_dir.yml

@@ -1 +1,2 @@
 navigation.title: Media & Seedbox
+icon: lucide:list-video

content/3.serveex/6.cloud/1.immich.md

@@ -40,7 +40,7 @@ Configure the `.env` file by copying the latest version [from here](https://gith
 
 ::alert{type="info"}
 :::list{type="info"}
-- If you're using a NAS or a network-shared drive via [Samba](/general/samba/) to store your data, replace the value of `UPLOAD_LOCATION`{lang=properties} with the path to your shared folder.
+- If you're using a NAS or a network-shared drive via [Samba](/general/networking/samba/) to store your data, replace the value of `UPLOAD_LOCATION`{lang=properties} with the path to your shared folder.
 :::
 ::
 
@@ -59,7 +59,7 @@ The main benefit of this setup is being able to access Immich remotely on all yo
 ::alert{type="info"}
 📋 __Before you begin:__ 
 <br/><br/>
-We assume that you have a subdomain `immich.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns). Also, unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare), make sure port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/nat).
+We assume that you have a subdomain `immich.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/networking/dns). Also, unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare), make sure port `443` on your router is forwarded to port `443` on your server via [NAT rules](/general/networking/nat).
 ::
 
 In Dockge, open the SWAG stack and edit the compose file to add Immich's network:

content/3.serveex/6.cloud/2.nextcloud.md

@@ -57,7 +57,7 @@ services:
 
 ::alert{type="info"}
 :::list{type="info"}
-- If you’re using a NAS or network-shared drive via [Samba](/general/samba), replace `/docker/nextcloud/data` with the path to your shared folder.
+- If you’re using a NAS or network-shared drive via [Samba](/general/networking/samba), replace `/docker/nextcloud/data` with the path to your shared folder.
 :::
 ::
 
@@ -89,7 +89,7 @@ The goal of this setup is to access Nextcloud remotely from all your devices. We
 
 ::alert{type="info"}
 :::list{type="info"}
-- We assume you have a subdomain `nextcloud.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns). And unless you’re using [Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` on your router must be forwarded to port `443` on your server using [NAT rules](/general/nat).
+- We assume you have a subdomain `nextcloud.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/networking/dns). And unless you’re using [Cloudflare Zero Trust](/serveex/security/cloudflare), port `443` on your router must be forwarded to port `443` on your server using [NAT rules](/general/networking/nat).
 :::
 ::
 

content/3.serveex/6.cloud/_dir.yml

@@ -1 +1,2 @@
 navigation.title: Cloud Drive & Photos
+icon: lucide:cloud-upload

content/3.serveex/7.files/1.file-browser.md

@@ -27,9 +27,8 @@ services:
   filebrowser:
     container_name: filebrowser
     volumes:
-      - /:/srv
       - /docker/filebrowser/config:/config/
-      # - /path/to/your/folders:/yourfolders
+      - /path/to/your/folders:/yourfolders #add your folders to browse as /docker:/docker for exemple
     ports:
       - 8010:80
     image: filebrowser/filebrowser:s6
@@ -67,7 +66,7 @@ You may want to access File Browser remotely from all your devices. To do that,
 
 ::alert{type="info"}
 :::list{type="info"}
-- __Pre-requisite:__ We assume you've already created a subdomain like `files.yourdomain.com` in your [DNS zone](/general/dns) pointing to `yourdomain.com` with a `CNAME`, and—unless you're using Cloudflare Zero Trust—have already forwarded port `443` on your router to port `443` on your server using [NAT rules](/general/nat).
+- __Pre-requisite:__ We assume you've already created a subdomain like `files.yourdomain.com` in your [DNS zone](/general/networking/dns) pointing to `yourdomain.com` with a `CNAME`, and—unless you're using Cloudflare Zero Trust—have already forwarded port `443` on your router to port `443` on your server using [NAT rules](/general/networking/nat).
 :::
 ::
 

content/3.serveex/7.files/2.pingvin.md

@@ -81,7 +81,7 @@ Tout l'intérêt d'une telle solution, c'est de pouvoir y accéder à distance e
 ::alert{type="info"}
 📋 __Au préalable :__ 
 <br/><br/>
-Nous partons du principe que vous avez le sous-domaine `pingvin.mondomaine.fr` avec un `CNAME` qui pointe vers `mondomaine.fr` dans votre [zone DNS](/general/dns). Et que bien sûr, [à moins que vous utilisiez Cloudflare Zero Trust](/serveex/security/cloudflare), le port `443` de votre box pointe bien sur le port `443` de votre serveur via [les règles NAT](/general/nat).
+Nous partons du principe que vous avez le sous-domaine `pingvin.mondomaine.fr` avec un `CNAME` qui pointe vers `mondomaine.fr` dans votre [zone DNS](/general/networking/dns). Et que bien sûr, [à moins que vous utilisiez Cloudflare Zero Trust](/serveex/security/cloudflare), le port `443` de votre box pointe bien sur le port `443` de votre serveur via [les règles NAT](/general/networking/nat).
 ::
 
 Dans Dockge, rendez-vous dans la stack de SWAG et éditez le compose en ajoutant le réseau de pingvin :

content/3.serveex/7.files/_dir.yml

@@ -1 +1,2 @@
 navigation.title: File & share
+icon: lucide:folder-tree

content/3.serveex/8.development/1.code-server.md

@@ -122,7 +122,7 @@ The whole point of such a solution is to access it remotely from any device. To
 
 ::alert{type="info"}
 :::list{type="info"}
-- __Preliminary:__ We assume you’ve created a subdomain like `code.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/dns), and—unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare)—that you’ve forwarded port `443` from your router to port `443` on your server using [NAT rules](/general/nat).
+- __Preliminary:__ We assume you’ve created a subdomain like `code.yourdomain.com` with a `CNAME` pointing to `yourdomain.com` in your [DNS zone](/general/networking/dns), and—unless you're using [Cloudflare Zero Trust](/serveex/security/cloudflare)—that you’ve forwarded port `443` from your router to port `443` on your server using [NAT rules](/general/networking/nat).
 :::
 ::
 

content/3.serveex/8.development/2.gitea.md

@@ -74,7 +74,7 @@ The benefit of this setup is being able to access it remotely from any of your d
 
 ::alert{type="info"}
 :::list{type="info"}
-- __Prerequisite:__ We assume you have created a subdomain such as `gitea.yourdomain.com` in your [DNS zone](/general/dns) with `CNAME` pointing to `yourdomain.com`, and [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), you have already forwarded port `443` from your router to your server’s port `443` in the [NAT rules](/general/nat).
+- __Prerequisite:__ We assume you have created a subdomain such as `gitea.yourdomain.com` in your [DNS zone](/general/networking/dns) with `CNAME` pointing to `yourdomain.com`, and [unless you're using Cloudflare Zero Trust](/serveex/security/cloudflare), you have already forwarded port `443` from your router to your server’s port `443` in the [NAT rules](/general/networking/nat).
 :::
 ::
 

content/3.serveex/8.development/3.it-tools.md

@@ -58,7 +58,7 @@ You might want to access it remotely on all your devices. To do that, we'll expo
 
 ::alert{type="info"}
 :::list{type="info"}
-- __Pre-requisite:__ We assume you’ve created a subdomain like `tools.yourdomain.com` in your [DNS zone](/general/dns) with `CNAME` set to `yourdomain.com`. Also, unless you’re using [Cloudflare Zero Trust](/serveex/security/cloudflare), make sure you’ve already forwarded port `443` from your router to port `443` on your server in the [NAT rules](/general/nat).
+- __Pre-requisite:__ We assume you’ve created a subdomain like `tools.yourdomain.com` in your [DNS zone](/general/networking/dns) with `CNAME` set to `yourdomain.com`. Also, unless you’re using [Cloudflare Zero Trust](/serveex/security/cloudflare), make sure you’ve already forwarded port `443` from your router to port `443` on your server in the [NAT rules](/general/networking/nat).
 :::
 ::
 

content/3.serveex/8.development/_dir.yml

@@ -1 +1,2 @@
 navigation.title: Developpement
+icon: lucide:code-xml

content/3.serveex/9.apps/1.adguard.md

@@ -58,7 +58,7 @@ root
 
 Open Dockge and click `compose`
 
-Name the stack `adguard` and paste the configuration below:
+Name the stack `adguardhome` and paste the configuration below:
 
 ```yaml
 ---
@@ -104,7 +104,7 @@ To make AdGuard usable from outside your home network, you need to expose it.
 
 ::alert{type="info"}
 :::list{type="info"}
-- __Prerequisites:__ We assume you've created a subdomain like `adguard.mydomain.com` in your [DNS zone](/general/dns) with a `CNAME` pointing to `mydomain.com`, and that you’ve already forwarded port `443` from your router to port `443` on your server in your [NAT rules](/general/nat). Also forward port `53` and port `853` to your server. These ports are used to route DNS requests.
+- __Prerequisites:__ We assume you've created a subdomain like `adguard.mydomain.com` in your [DNS zone](/general/networking/dns) with a `CNAME` pointing to `mydomain.com`, and that you’ve already forwarded port `443` from your router to port `443` on your server in your [NAT rules](/general/networking/nat). Also forward port `53` and port `853` to your server. These ports are used to route DNS requests.
 :::
 ::
 

content/3.serveex/9.apps/2.vaultwarden.md

@@ -76,7 +76,7 @@ services:
 Next, generate a password hash to put in the `TOKEN` variable in `.env`:
 
 ```shell
-echo -n "yourpassword" | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4
+echo -n 'yourpassword' | argon2 "$(openssl rand -base64 32)" -e -id -k 65540 -t 3 -p 4
 ```
 
 Copy the result securely.
@@ -108,7 +108,7 @@ Recently, Vaultwarden requires SSL to be accessed, which prevents access via a l
 The main benefit of Vaultwarden is being able to access it remotely from any device. We'll expose it through [SWAG](/serveex/core/swag).
 
 ::alert{type="info"}
-✨ __Before you start:__ Make sure you've created a DNS subdomain like `vault.yourdomain.com` with `CNAME` pointing to `yourdomain.com` and (unless using Cloudflare Zero Trust) that you've forwarded port `443` from your router to your server's `443` via [NAT rules](/general/nat).
+✨ __Before you start:__ Make sure you've created a DNS subdomain like `vault.yourdomain.com` with `CNAME` pointing to `yourdomain.com` and (unless using Cloudflare Zero Trust) that you've forwarded port `443` from your router to your server's `443` via [NAT rules](/general/networking/nat).
 ::
 
 In Dockge, go to the SWAG stack and edit the compose file to add the Vaultwarden network:
@@ -235,7 +235,7 @@ server {
 
 Press `Esc`, then type `:x` and press `Enter` to save and exit.
 
-And there you go — Vaultwarden is now exposed! Visit `vault.yourdomain.com` to access the admin panel and create your account. For more information, see the [Bitwarden documentation](https://bitwarden.com/help/).
+And there you go — Vaultwarden is now exposed! Visit `https://vault.yourdomain.com/admin` to access the admin panel and paste the password you specified when generatique the `ADMIN_TOKEN`. For more information, see the [Bitwarden documentation](https://bitwarden.com/help/).
 
 Don't forget to install Bitwarden browser extensions (they work with Vaultwarden) for [Chrome](https://chromewebstore.google.com/detail/gestionnaire-de-mots-de-p/nngceckbapebfimnlniiiahkandclblb) and [Firefox](https://addons.mozilla.org/fr/firefox/addon/bitwarden-password-manager/), as well as [iOS](https://apps.apple.com/fr/app/bitwarden/id1137397744) and [Android](https://play.google.com/store/apps/details?id=com.x8bit.bitwarden&hl=fr) apps to sync your passwords.
 

content/3.serveex/9.apps/_dir.yml

@@ -1 +1,2 @@
 navigation.title: Useful Apps
+icon: lucide:award

content/4.Stockeex/1.introduction.md

@@ -1,17 +1,23 @@
 ---
+icon: lucide:bookmark
 navigation: true
 title: Introduction
-layout: page
 main:
   fluid: false
 ---
-:ellipsis{left=0px width=40rem top=10rem blur=140px}
+# Stockeex
 
   ::terminal{style="margin-top:80px;"}
   ---
   content:
-  - sudo systemctl status stockeex
-  - server is busy, come back later...
-
+  - sudo systemctl status stockeex-article
+  - currently writing, come back later...
   ---
   ::
+
+:ellipsis{left=0px width=40rem top=10rem blur=140px}
+
+<div align="center">
+  <img src="/img/stockeex/stockeex-raid.svg" alt="Image" style="max-width: 60%;">
+</div>
+

content/5.nonsense/1.python/1.nvidia-stock-bot.md

@@ -0,0 +1,39 @@
+---
+navigation: true
+title: Nvidia Stock Bot
+main:
+  fluid: false
+---
+:ellipsis{left=0px width=40rem top=10rem blur=140px}
+
+# 🤖 Nvidia Stock Bot
+---
+
+For the past four years, the electronics hardware shortage has been relentless. Graphics cards are no exception. In 2020, I had to wait two months to get my RTX 3080. To manage it, I joined [JV Hardware](https://discord.gg/gxffg3GA96), where a small group of geeks had set up a bot that pinged users when GPUs became available.
+
+Four years later and with 5,000 members on the server, the RTX 5000 series is being released. Yet, no working stock bot seems to exist. Not to mention a certain “influencer” who charges users for access to a bot that doesn’t even work. He manually copies alerts from other servers like ours, which have already solved the issue.
+
+Anyway, eager to get an RTX 5090 for my AI-dedicated machine, I decided it was time to dive into Python—with a little help from ChatGPT. Along with another member, KevOut, who helped guide me through the APIs and initial architecture, I ended up building a clean and functional bot that sends different kinds of Discord alerts—all deployable in a simple Docker container.
+
+After many setbacks, I went from this:
+
+![Nvidia Stock Bot Old](/img/nonsense/nvidia-stock-bot-old-en.svg)
+
+To this:
+
+![Nvidia Stock bot](/img/nonsense/nvidia-stock-bot-en.svg)
+
+And more recently :
+
+![Nvidia Stock bot](/img/nonsense/nvidia-stock-bot-en-v4.svg)
+
+And I was also lucky enough to be referenced in the famous [selfhost newsletter](https://selfh.st/weekly/2025-07-11/) !
+
+More info directly on the repo:
+
+::card
+#title
+  🐋 __Nvidia Stock Bot__
+#description
+  [Nvidia GPU stock alert bot](https://git.djeex.fr/Djeex/nvidia-stock-bot)
+::

content/5.nonsense/1.python/2. adguard-cidre.md

@@ -1,41 +1,12 @@
 ---
 navigation: true
-title: Python Scripts
+title: Adguard CIDRE
 main:
   fluid: false
 ---
 :ellipsis{left=0px width=40rem top=10rem blur=140px}
-# Python Scripts
 
-My messy Python creations
-
-## 🤖 Nvidia Stock Bot
----
-
-For the past four years, the electronics hardware shortage has been relentless. Graphics cards are no exception. In 2020, I had to wait two months to get my RTX 3080. To manage it, I joined [JV Hardware](https://discord.gg/gxffg3GA96), where a small group of geeks had set up a bot that pinged users when GPUs became available.
-
-Four years later and with 5,000 members on the server, the RTX 5000 series is being released. Yet, no working stock bot seems to exist. Not to mention a certain “influencer” who charges users for access to a bot that doesn’t even work. He manually copies alerts from other servers like ours, which have already solved the issue.
-
-Anyway, eager to get an RTX 5090 for my AI-dedicated machine, I decided it was time to dive into Python—with a little help from ChatGPT. Along with another member, KevOut, who helped guide me through the APIs and initial architecture, I ended up building a clean and functional bot that sends different kinds of Discord alerts—all deployable in a simple Docker container.
-
-After many setbacks, I went from this:
-
-![Nvidia Stock Bot Old](https://git.djeex.fr/Djeex/nvidia-stock-bot/raw/commit/88c09ff4cffd96cbf0852ec785f9fbf2130c23b2/assets/img/nvbot.png)
-
-To this:
-
-![Nvidia Stock bot](https://git.djeex.fr/Djeex/nvidia-stock-bot/raw/branch/main/assets/img/nvbot_schematics.png)
-
-More info directly on the repo:
-
-::card
-#title
-  🐋 __Nvidia Stock Bot__
-#description
-  [Nvidia GPU stock alert bot](https://git.djeex.fr/Djeex/nvidia-stock-bot)
-::
-
-## 🤖 Adguard CIDRE Sync
+# 🤖 Adguard CIDRE Sync
 ---
 
 Adguard Home is a fantastic solution for DNS-level ad blocking and rewriting requests—perfect for removing ISP DNS trackers or intrusive ads.

content/5.nonsense/1.python/_dir.yml

@@ -0,0 +1,2 @@
+navigation.title: Python
+icon: lucide:file-code-2

content/5.nonsense/2.bash/1.servarr-duplicates.md

@@ -1,15 +1,11 @@
 ---
 navigation: true
-title: Bash Scripts
+title: Servarr corrector
 main:
   fluid: false
 ---
 :ellipsis{left=0px width=40rem top=10rem blur=140px}
-# Bash Scripts
-
-A few random scripts that saved my life.
-
-## Detecting Duplicates and Replacing Them with Hardlinks
+# Servarr duplicates corrector
 ---
 
 Six months after downloading terabytes of media, I realized that Sonarr and Radarr were copying them into my Plex library instead of creating hardlinks. This happens due to a counterintuitive mechanism: if you mount multiple folders in Sonarr/Radarr, it sees them as different filesystems and thus cannot create hardlinks. That’s why you should mount only one parent folder containing all child folders (like `downloads`, `movies`, `tvseries` inside a `media` parent folder).
@@ -143,5 +139,3 @@ So, in conclusion, I:
 - Learned never to blindly copy-paste a ChatGPT script without understanding and dry-running it
 - Learned that Qwen on a RTX 5090 is more coherent than ChatGPT-4o on server farms (not even mentioning “normal” ChatGPT)
 - Learned that even with 100TB of storage, monitoring it would’ve alerted me much earlier to the 12TB of duplicates lying around
-
-Catch you next time for more exciting adventures.

content/5.nonsense/2.bash/2.luks- backup.md

@@ -0,0 +1,88 @@
+---
+navigation: true
+title: LUKS Backup
+main:
+  fluid: false
+---
+:ellipsis{left=0px width=40rem top=10rem blur=140px}
+
+# Backup of LUKS Headers for Encrypted Disks/Volumes
+---
+
+I recently realized that having just the password is not enough to unlock a LUKS volume after a failure or corruption. I learned how to dump the LUKS headers from disks/volumes and to use the serial numbers along with partition names to accurately identify which header corresponds to which disk/partition (I have 10 of them!).
+
+After struggling to do this manually, I asked Qwen3 (an LLM running on my RTX 5090) to create a script that automates the listing and identification of disks, dumps the headers, and stores them in an encrypted archive ready to be backed up on my backup server.
+
+This script:
+* Lists and identifies disks with their serial numbers
+* Lists partitions
+* Dumps headers into a secured folder under `/root`
+* Creates a temporary archive
+* Prompts for a password
+* Encrypts the archive with that password
+* Deletes the unencrypted archive
+
+```bash
+#!/bin/bash
+
+# Directory where LUKS headers will be backed up
+DEST="/root/luks-headers-backup"
+mkdir -p "$DEST"
+
+echo "🔍 Searching for LUKS containers on all partitions..."
+
+# Loop through all possible disk partitions (including NVMe and SATA)
+for part in /dev/sd? /dev/sd?? /dev/nvme?n?p?; do
+    # Skip if the device doesn't exist
+    if [ ! -b "$part" ]; then
+        continue
+    fi
+
+    # Check if the partition is a LUKS encrypted volume
+    if cryptsetup isLuks "$part"; then
+        # Find the parent disk device (e.g. nvme0n1p4 → nvme0n1)
+        disk=$(lsblk -no pkname "$part" | head -n 1)
+        full_disk="/dev/$disk"
+
+        # Get the serial number of the parent disk
+        SERIAL=$(udevadm info --query=all --name="$full_disk" | grep ID_SERIAL= | cut -d= -f2)
+        if [ -z "$SERIAL" ]; then
+            SERIAL="unknown"
+        fi
+
+        # Extract the partition name (e.g. nvme0n1p4)
+        PART_NAME=$(basename "$part")
+
+        # Build the output filename with partition name and disk serial
+        OUTPUT="$DEST/luks-header-${PART_NAME}__${SERIAL}.img"
+
+        echo "🔐 Backing up LUKS header of $part (Serial: $SERIAL)..."
+
+        # Backup the LUKS header to the output file
+        cryptsetup luksHeaderBackup "$part" --header-backup-file "$OUTPUT"
+        if [[ $? -eq 0 ]]; then
+            echo "✅ Backup successful → $OUTPUT"
+        else
+            echo "❌ Backup failed for $part"
+        fi
+    fi
+done
+
+# Create a timestamped compressed tar archive of all header backups
+ARCHIVE_NAME="/root/luks-headers-$(date +%Y%m%d_%H%M%S).tar.gz"
+echo "📦 Creating archive $ARCHIVE_NAME..."
+tar -czf "$ARCHIVE_NAME" -C "$DEST" .
+
+# Encrypt the archive symmetrically using GPG with AES256 cipher
+echo "🔐 Encrypting the archive with GPG..."
+gpg --symmetric --cipher-algo AES256 "$ARCHIVE_NAME"
+if [[ $? -eq 0 ]]; then
+    echo "✅ Encrypted archive created: ${ARCHIVE_NAME}.gpg"
+    # Remove the unencrypted archive for security
+    rm -f "$ARCHIVE_NAME"
+else
+    echo "❌ Encryption failed"
+fi
+```
+
+**Don’t forget to back up `/etc/fstab` and `/etc/crypttab` as well!**

content/5.nonsense/2.bash/_dir.yml

@@ -0,0 +1,2 @@
+navigation.title: Bash
+icon: lucide:file-terminal