Mission, current state, target

Area	State
Sites	Home (Proxmox active), RZ (Hetzner ESXi active), Lager (off-site, passive)
Hypervisors	Proxmox VE 8.4 (Home, single host), VMware ESXi 7 (RZ, legacy)
Routers	pfSense 2.8.1 on each site, OpenVPN site-to-site `10.233.100.0/24`
Identity	Authentik 2025.8.4 with OIDC + per-app group claims
Edge	Traefik on RZ (file + docker providers, Let's Encrypt)
Backup	PBS as VM on Synology DS918+ — VM-image-level recovery + per-app dumps
Wiki	Wiki.js 2.5.307 — replaced BookStack on 2026-04-29
Media stack	Plex + Immich + Tdarr (RTX-3060 NVENC node planned)

¶ Mission, current state, target