4 changed files with 3 additions and 46 deletions
--- a/README.md
+++ b/README.md
@ -23,13 +23,8 @@ This repository contains documentation, guides, and reference material.
  - [Integrate MS Entra in Keycloak as IDP](./keycloak/idp-ms-entra.md)
    Step-by-step instructions for integrating MS Entra as identity-provider.
- **[Microsoft Entra](./ms-entra/)**
+- **[Microsoft Entra](./ms-entra/)**  
  Documentation and guides related to Microsft Entra configuration and best practices.
-  - [Enterprise App Integration with Keycloak](./ms-entra/enterprise-app-keycloak.md)
+  - [Enterprise App Integration with Keycloak](./ms-entra/enterprise-app-keycloak.md)  
    Step-by-step instructions for creating an Enterprise Application in Microsoft Entra (Azure AD) as an identity provider for Keycloak.
 - **[Troubleshooting](./troubleshooting/)**
  Encountered & solved problems.
  - [Nextcloud File Locking](./troubleshooting/nextcloud-file-locking.md)
    Preventing sync conflicts when multiple users edit the same file via the Nextcloud desktop client.
--- a/infrastructure/acme.md
+++ b/infrastructure/acme.md
@ -10,18 +10,6 @@ We agreed to use **ACME DNS-01 challenges** for issuing certificates for **both
 - Keep **low TTLs** (e.g., 60-120s) on both CNAME and TXT records to speed up renewals.
 - Restrict write access to the challenge zone to the ACME automation only.
 ## Meetings
 - 05.08.2025: Bert-Jan Fikse, Tobias Schaller, Tobias Wüst, Tom Jampen (inital version)
 ## Background
 The following article explains how DNS-01 challenges can be effectively used to issue Let's Encrypt certificates for servers with internal IP addresses:
 - https://lists.bfh.science/pipermail/bfh-linux-announce/2021-September/000134.html
 The following manpage explains important implementation details for correctly handling DNS-01 challenges:
 - https://sources.debian.org/src/open-infrastructure-service-tools/20250626-2/dehydrated/share/man/dehydrated-nsupdate.1.rst#L20
 ## Reference Design
 **Dedicated zone:**
 `_acme.digitalboard.ch`
--- a/infrastructure/ipv6.md
+++ b/infrastructure/ipv6.md
@ -6,7 +6,7 @@ We agreed to setup dual stack by default as IPv6 is essential for modern IT infr
 ## Decisions
 - Use **Dual Stack** (IPv4 and IPv6 addresses)
 - Rely on **DNS names instead of raw IP addresses**
- **Each school is responsible for its DNS records** and must manage them for IPv4/IPv6 (including CNAME records for ACME)
+- **Each school is responsible for its DNS records** and must them for IPv4/IPv6 (including CNAME records for ACME)
 - The Digitalboard provides an optional service (dynamic DNS zone for acme challenge responses) as described in the [ACME documentation](./acme.md)
 - The Digitalboard might act as a RIPE customer and provide a `/32` or `/48` IPv6 network for interested schools
--- a/troubleshooting/nextcloud-file-locking.md
+++ b/troubleshooting/nextcloud-file-locking.md
@ -1,26 +0,0 @@
 # Nextcloud File Locking
 ## Problem
 When two users open the same file simultaneously via the desktop sync client, both can write to it, resulting in sync conflicts.
 ## Solution
 Two plugins work together to prevent this:
 - [**files_lock**](https://apps.nextcloud.com/apps/files_lock) — implements WebDAV locking (RFC 4918). When a user opens a file via the desktop client, a lock is acquired server-side. Other clients see the file as locked and cannot write to it.
 - [**notify_push**](https://apps.nextcloud.com/apps/notify_push) — pushes lock state changes to clients in real time, so they don't have to wait for the next poll cycle to discover a lock.
 ## Installation
 ```bash
 docker exec -u www-data <nextcloud-container> php occ app:install files_lock
 docker exec -u www-data <nextcloud-container> php occ app:install notify_push
 ```
 Follow the `notify_push` setup guide to expose the push daemon via Traefik.
 ## Limitations
 - Conflicts are theoretically still possible, but the chances are minimized.
 - Locks are per-session; if a client crashes without releasing the lock, the file may appear locked until the lock expires (default: 30 minutes, can be configured).