* Security / Privacy
** DONE check wg hub cannot ssh into kube
CLOSED: [2026-04-14 Tue 16:37]
:LOGBOOK:
- State "DONE"       from "ACTIVE"     [2026-04-14 Tue 16:37]
  Tested.  No peers can be ssh-ed to.
:END:
** TODO stop login from proxmox kube nodes to LAN machines
** TODO set up wg bastion and LAN wg peer bastion for on the road access
** HOLD mullvad second account
SCHEDULED: <2026-04-14 Tue>
** HOLD mullvad on proxmox nodes via CLI
:LOGBOOK:
- State "DONE"       from "BACKLOG"    [2026-04-14 Tue 17:00]
:END:
** TODO privacy wg hub complete wg and caddy setup
SCHEDULED: <2026-04-15 Wed>
** Backups
*** TODO Automated Proxmox backups
*** TODO special stuff for kube state??
*** TODO specific database backups (dumpdb and friends? replicas?)
* Monitoring
** ACTIVE Nats on workstation
** TODO n8n on workstation?
* Kube Expansion
** TODO add mac VM
* Non-Kube WG services
** TODO workstation as WG peer??
* Services
** ACTIVE Mattermost
** ACTIVE VaultWarden
* Integration
** TODO explore SSO