wiki: audit fixes — broken links, wikilinks, frontmatter, stale content (66 files)

- Fixed 4 broken markdown links (bad relative paths in See Also sections) - Corrected n8n port binding to 127.0.0.1:5678 (matches actual deployment) - Updated SnapRAID article with actual majorhome paths (/majorRAID, disk1-3) - Converted 67 Obsidian wikilinks to relative markdown links or plain text - Added YAML frontmatter to 35 articles missing it entirely - Completed frontmatter on 8 articles with missing fields Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 11:16:29 -04:00
parent 6da77c2db7
commit 6592eb4fea
66 changed files with 407 additions and 82 deletions
--- a/02-selfhosting/dns-networking/network-overview.md
+++ b/02-selfhosting/dns-networking/network-overview.md
@@ -1,21 +1,30 @@
+---
+title: "Network Overview"
+domain: selfhosting
+category: dns-networking
+tags: [tailscale, networking, infrastructure, dns, vpn]
+status: published
+created: 2026-04-02
+updated: 2026-04-02
+---
 # 🌐 Network Overview

-The **[[MajorInfrastructure|MajorsHouse]]** infrastructure is connected via a private **[[Network Overview#Tailscale|Tailscale]]** mesh network. This allows secure, peer-to-peer communication between devices across different geographic locations (US and UK) without exposing services to the public internet.
+The **MajorsHouse** infrastructure is connected via a private **Tailscale** mesh network. This allows secure, peer-to-peer communication between devices across different geographic locations (US and UK) without exposing services to the public internet.

 ## 🏛️ Infrastructure Summary

 - **Address Space:** 100.x.x.x (Tailscale CGNAT)
- **Management:** Centralized via **[[Network Overview#Ansible|Ansible]]** (`MajorAnsible` repo)
+- **Management:** Centralized via **Ansible** (`MajorAnsible` repo)
 - **Host Groupings:** Functional (web, mail, homelab, bots), OS (Fedora, Ubuntu), and Location (US, UK).

 ## 🌍 Geographic Nodes

 | Host | Location | IP | OS |
 |---|---|---|---|
-| `[[dcaprod|dcaprod]]` | 🇺🇸 US | 100.104.11.146 | Ubuntu 24.04 |
-| `[[majortoot|majortoot]]` | 🇺🇸 US | 100.110.197.17 | Ubuntu 24.04 |
-| `[[majorhome|majorhome]]` | 🇺🇸 US | 100.120.209.106 | Fedora 43 |
-| `[[teelia|teelia]]` | 🇬🇧 UK | 100.120.32.69 | Ubuntu 24.04 |
+| `dcaprod` | 🇺🇸 US | 100.104.11.146 | Ubuntu 24.04 |
+| `majortoot` | 🇺🇸 US | 100.110.197.17 | Ubuntu 24.04 |
+| `majorhome` | 🇺🇸 US | 100.120.209.106 | Fedora 43 |
+| `teelia` | 🇬🇧 UK | 100.120.32.69 | Ubuntu 24.04 |

 ## 🔗 Tailscale Setup

--- a/02-selfhosting/dns-networking/tailscale-homelab-remote-access.md
+++ b/02-selfhosting/dns-networking/tailscale-homelab-remote-access.md
@@ -140,6 +140,6 @@ Now any device on your home LAN is reachable from anywhere on the tailnet, even

 ## See Also

- [[self-hosting-starter-guide]]
- [[linux-server-hardening-checklist]]
- [[setting-up-caddy-reverse-proxy]]
+- [self-hosting-starter-guide](../docker/self-hosting-starter-guide.md)
+- [linux-server-hardening-checklist](../security/linux-server-hardening-checklist.md)
+- [setting-up-caddy-reverse-proxy](../reverse-proxy/setting-up-caddy-reverse-proxy.md)
--- a/02-selfhosting/docker/debugging-broken-docker-containers.md
+++ b/02-selfhosting/docker/debugging-broken-docker-containers.md
@@ -164,5 +164,5 @@ Don't jump straight to the nuclear option. Only use `-v` if you want a completel

 ## See Also

- [[docker-vs-vms-homelab]]
- [[tuning-netdata-web-log-alerts]]
+- [docker-vs-vms-homelab](docker-vs-vms-homelab.md)
+- [tuning-netdata-web-log-alerts](../monitoring/tuning-netdata-web-log-alerts.md)
--- a/02-selfhosting/docker/docker-healthchecks.md
+++ b/02-selfhosting/docker/docker-healthchecks.md
@@ -153,5 +153,5 @@ healthcheck:

 ## See Also

- [[debugging-broken-docker-containers]]
- [[netdata-docker-health-alarm-tuning]]
+- [debugging-broken-docker-containers](debugging-broken-docker-containers.md)
+- [netdata-docker-health-alarm-tuning](../monitoring/netdata-docker-health-alarm-tuning.md)
--- a/02-selfhosting/docker/docker-vs-vms-homelab.md
+++ b/02-selfhosting/docker/docker-vs-vms-homelab.md
@@ -91,5 +91,5 @@ The two coexist fine on the same host. Docker handles the service layer, KVM han

 ## See Also

- [[managing-linux-services-systemd-ansible]]
- [[tuning-netdata-web-log-alerts]]
+- [managing-linux-services-systemd-ansible](../../01-linux/process-management/managing-linux-services-systemd-ansible.md)
+- [tuning-netdata-web-log-alerts](../monitoring/tuning-netdata-web-log-alerts.md)
--- a/02-selfhosting/docker/self-hosting-starter-guide.md
+++ b/02-selfhosting/docker/self-hosting-starter-guide.md
@@ -110,6 +110,6 @@ Tailscale is the easiest and safest starting point for personal use.

 ## See Also

- [[docker-vs-vms-homelab]]
- [[debugging-broken-docker-containers]]
- [[linux-server-hardening-checklist]]
+- [docker-vs-vms-homelab](docker-vs-vms-homelab.md)
+- [debugging-broken-docker-containers](debugging-broken-docker-containers.md)
+- [linux-server-hardening-checklist](../security/linux-server-hardening-checklist.md)
--- a/02-selfhosting/monitoring/netdata-n8n-enriched-alerts.md
+++ b/02-selfhosting/monitoring/netdata-n8n-enriched-alerts.md
@@ -1,3 +1,12 @@
+---
+title: "Netdata n8n Enriched Alert Emails"
+domain: selfhosting
+category: monitoring
+tags: [netdata, n8n, alerts, email, monitoring, automation]
+status: published
+created: 2026-04-02
+updated: 2026-04-02
+---
 # Netdata → n8n Enriched Alert Emails

 **Status:** Live across all MajorsHouse fleet servers as of 2026-03-21
--- a/02-selfhosting/monitoring/netdata-selinux-avc-chart.md
+++ b/02-selfhosting/monitoring/netdata-selinux-avc-chart.md
@@ -134,4 +134,4 @@ done
 - [Deploying Netdata to a New Server](netdata-new-server-setup.md)
 - [Tuning Netdata Web Log Alerts](tuning-netdata-web-log-alerts.md)
 - [Tuning Netdata Docker Health Alarms](netdata-docker-health-alarm-tuning.md)
- [SELinux: Fixing Dovecot Mail Spool Context](/05-troubleshooting/selinux-dovecot-vmail-context.md)
+- [SELinux: Fixing Dovecot Mail Spool Context](../../05-troubleshooting/selinux-dovecot-vmail-context.md)
--- a/02-selfhosting/monitoring/tuning-netdata-web-log-alerts.md
+++ b/02-selfhosting/monitoring/tuning-netdata-web-log-alerts.md
@@ -85,4 +85,4 @@ curl -s http://localhost:19999/api/v1/alarms?all | grep -A 15 "web_log_1m_redire

 ## See Also

- [[Netdata service monitoring]]
+- Netdata service monitoring
--- a/02-selfhosting/reverse-proxy/setting-up-caddy-reverse-proxy.md
+++ b/02-selfhosting/reverse-proxy/setting-up-caddy-reverse-proxy.md
@@ -135,6 +135,6 @@ yourdomain.com {

 ## See Also

- [[self-hosting-starter-guide]]
- [[linux-server-hardening-checklist]]
- [[debugging-broken-docker-containers]]
+- [self-hosting-starter-guide](../docker/self-hosting-starter-guide.md)
+- [linux-server-hardening-checklist](../security/linux-server-hardening-checklist.md)
+- [debugging-broken-docker-containers](../docker/debugging-broken-docker-containers.md)
--- a/02-selfhosting/security/ansible-unattended-upgrades-fleet.md
+++ b/02-selfhosting/security/ansible-unattended-upgrades-fleet.md
@@ -90,5 +90,5 @@ ansible-playbook update.yml -l dca,majorlinux,majortoot

 ## See Also

- [[ansible-getting-started|Ansible Getting Started]]
- [[linux-server-hardening-checklist|Linux Server Hardening Checklist]]
+- [Ansible Getting Started](../../01-linux/shell-scripting/ansible-getting-started.md)
+- [Linux Server Hardening Checklist](linux-server-hardening-checklist.md)
--- a/02-selfhosting/security/fail2ban-apache-404-scanner-jail.md
+++ b/02-selfhosting/security/fail2ban-apache-404-scanner-jail.md
@@ -1,3 +1,12 @@
+---
+title: "Fail2ban Custom Jail: Apache 404 Scanner Detection"
+domain: selfhosting
+category: security
+tags: [fail2ban, apache, security, scanner, firewall]
+status: published
+created: 2026-04-02
+updated: 2026-04-02
+---
 # Fail2ban Custom Jail: Apache 404 Scanner Detection

 ## The Problem
--- a/02-selfhosting/security/linux-server-hardening-checklist.md
+++ b/02-selfhosting/security/linux-server-hardening-checklist.md
@@ -236,5 +236,5 @@ Reference: [sa-learn documentation](https://spamassassin.apache.org/full/3.0.x/d

 ## See Also

- [[managing-linux-services-systemd-ansible]]
- [[debugging-broken-docker-containers]]
+- [managing-linux-services-systemd-ansible](../../01-linux/process-management/managing-linux-services-systemd-ansible.md)
+- [debugging-broken-docker-containers](../docker/debugging-broken-docker-containers.md)
--- a/02-selfhosting/security/selinux-fail2ban-execmem-fix.md
+++ b/02-selfhosting/security/selinux-fail2ban-execmem-fix.md
@@ -1,3 +1,12 @@
+---
+title: "SELinux: Fixing Fail2ban grep execmem Denial on Fedora"
+domain: selfhosting
+category: security
+tags: [selinux, fail2ban, fedora, execmem, security]
+status: published
+created: 2026-04-02
+updated: 2026-04-02
+---
 # SELinux: Fixing Fail2ban grep execmem Denial on Fedora

 ## The Problem
@@ -82,5 +91,5 @@ Writing the `.te` file manually is more reliable and self-documenting.

 ## See Also

- [Docker & Caddy Recovery After Reboot (Fedora + SELinux)](../../../05-troubleshooting/docker-caddy-selinux-post-reboot-recovery.md) — another SELinux fix for post-reboot service issues
- [SELinux: Fixing Dovecot Mail Spool Context](../../../05-troubleshooting/selinux-dovecot-vmail-context.md) — custom SELinux context for mail spool
+- [Docker & Caddy Recovery After Reboot (Fedora + SELinux)](../../05-troubleshooting/docker-caddy-selinux-post-reboot-recovery.md) — another SELinux fix for post-reboot service issues
+- [SELinux: Fixing Dovecot Mail Spool Context](../../05-troubleshooting/selinux-dovecot-vmail-context.md) — custom SELinux context for mail spool
--- a/02-selfhosting/security/ufw-firewall-management.md
+++ b/02-selfhosting/security/ufw-firewall-management.md
@@ -174,4 +174,4 @@ The Fedora servers (majorlab, majorhome, majormail, majordiscord) use iptables o
 ## See Also

 - [Linux Server Hardening Checklist](linux-server-hardening-checklist.md) — initial firewall setup as part of server provisioning
- [Fail2ban & UFW Rule Bloat Cleanup](../../../05-troubleshooting/networking/fail2ban-ufw-rule-bloat-cleanup.md) — what happens when manual blocks get out of hand
+- [Fail2ban & UFW Rule Bloat Cleanup](../../05-troubleshooting/networking/fail2ban-ufw-rule-bloat-cleanup.md) — what happens when manual blocks get out of hand
--- a/02-selfhosting/services/mastodon-instance-tuning.md
+++ b/02-selfhosting/services/mastodon-instance-tuning.md
@@ -64,5 +64,5 @@ docker exec mastodon-web tootctl media remove --days 7

 ## See Also

- [[self-hosting-starter-guide]]
- [[docker-healthchecks]]
+- [self-hosting-starter-guide](../docker/self-hosting-starter-guide.md)
+- [docker-healthchecks](../docker/docker-healthchecks.md)
--- a/02-selfhosting/services/updating-n8n-docker.md
+++ b/02-selfhosting/services/updating-n8n-docker.md
@@ -61,7 +61,7 @@ docker stop n8n-n8n-1 && docker rm n8n-n8n-1
 docker run -d \
  --name n8n-n8n-1 \
  --restart unless-stopped \
-  -p 5678:5678 \
+  -p 127.0.0.1:5678:5678 \
  -v n8n_n8n_data:/home/node/.n8n \
  -e N8N_EDITOR_BASE_URL=https://n8n.majorshouse.com/ \
  -e N8N_PORT=5678 \
--- a/02-selfhosting/storage-backup/rsync-backup-patterns.md
+++ b/02-selfhosting/storage-backup/rsync-backup-patterns.md
@@ -181,5 +181,5 @@ aws s3 sync /backup/offsite/ s3://your-bucket/offsite/ --storage-class DEEP_ARCH

 ## See Also

- [[self-hosting-starter-guide]]
- [[bash-scripting-patterns]]
+- [self-hosting-starter-guide](../docker/self-hosting-starter-guide.md)
+- [bash-scripting-patterns](../../01-linux/shell-scripting/bash-scripting-patterns.md)