From da3255c4c7e98011c688b649a3939a6ad97342c5 Mon Sep 17 00:00:00 2001
From: Esther Jang <jang.esther@gmail.com>
Date: Tue, 20 Aug 2024 16:21:48 -0500
Subject: [PATCH] fixed typos. changed some chapter titles
 infrastructure->tutorials and sas-setup->enb-setup

---
 docs/tutorials/.pages                         |  10 +
 docs/tutorials/enb-setup.md                   | 277 ++++++++++++++++++
 docs/tutorials/epc-setup.md                   |   9 +
 docs/tutorials/hardware.md                    |  76 +++++
 docs/tutorials/librenms-manager-setup.md      | 150 ++++++++++
 docs/tutorials/librenms-setup.md              | 111 +++++++
 docs/tutorials/librenms/.pages                |   4 +
 docs/tutorials/librenms/backup.md             |   2 +
 docs/tutorials/librenms/deploy.md             |  24 ++
 docs/tutorials/librenms/upgrade.md            |  20 ++
 docs/tutorials/peering.md                     |  38 +++
 .../proxmox-vaultwarden-deployment.md         | 243 +++++++++++++++
 docs/tutorials/software.md                    |  53 ++++
 13 files changed, 1017 insertions(+)
 create mode 100644 docs/tutorials/.pages
 create mode 100644 docs/tutorials/enb-setup.md
 create mode 100644 docs/tutorials/epc-setup.md
 create mode 100644 docs/tutorials/hardware.md
 create mode 100644 docs/tutorials/librenms-manager-setup.md
 create mode 100644 docs/tutorials/librenms-setup.md
 create mode 100644 docs/tutorials/librenms/.pages
 create mode 100644 docs/tutorials/librenms/backup.md
 create mode 100644 docs/tutorials/librenms/deploy.md
 create mode 100644 docs/tutorials/librenms/upgrade.md
 create mode 100644 docs/tutorials/peering.md
 create mode 100644 docs/tutorials/proxmox-vaultwarden-deployment.md
 create mode 100644 docs/tutorials/software.md

diff --git a/docs/tutorials/.pages b/docs/tutorials/.pages
new file mode 100644
index 0000000..b674ae4
--- /dev/null
+++ b/docs/tutorials/.pages
@@ -0,0 +1,10 @@
+nav:
+  - hardware.md
+  - software.md
+  - peering.md
+  - librenms-manager-setup.md
+  - librenms-setup.md
+  - epc-setup.md
+  - enb-setup.md
+  - proxmox-vaultwarden-deployment.md
+  - librenms
diff --git a/docs/tutorials/enb-setup.md b/docs/tutorials/enb-setup.md
new file mode 100644
index 0000000..305e8b2
--- /dev/null
+++ b/docs/tutorials/enb-setup.md
@@ -0,0 +1,277 @@
+---
+title: Step 2. eNodeB and SAS Setup
+---
+
+# Step 2: eNodeB and SAS Setup
+
+## Introduction
+Despite CBRS being a relatively open frequency band, the processes for spectrum access are still somewhat opaque and require significant capital investment and/or ISP-level resources to set up. To clarify this process, here’s a step by step walkthrough tutorial of the setup of a Baicells eNodeB (eNB) base station running in the Citizen’s Broadband Radio Service (CBRS) spectrum band (or band 48).
+ 
+Before following this tutorial, you should have completed the setup of a LTE Evolved Packet Core (EPC) to control your eNB, for which the setup of an open source version based on open5gs is outlined in this [tutorial](https://hackmd.io/brHS3l1-T_uTUaDEAHMOxw?view). 
+
+## I. Get set up with a Spectrum Access System (SAS)
+
+### A. Why get set up with a SAS?
+Current FCC regulations require all CBRS equipment (called a CBSD) to be registered on a Spectrum Access System (SAS) that coordinates all spectrum assignments and ensures that no transmissions interfere with each other. This will likely require a commercial agreement with a SAS provider such as Google, Federated Wireless, etc. **This tutorial uses the Google SAS.**
+
+### B. CPI License
+At least one member of your team will require “Certified Professional Installer” (CPI) training and license in order to hold legal responsibility for and sign off on device installations. Most SAS providers will offer training at about $500 for both an online training course and the certification exam. If you aren’t able to get someone on your team certified, be sure to collaborate with a CPI! Feel free to contact us at the Local Connectivity Lab if you need support for your community project in this regard, and we can figure out what is feasible.
+
+The following are some links and helpful notes about this process:
+* https://wifidevan.wordpress.com/cbrs-certified-professional-installer-cpi-study-notes/
+* https://alliancecorporation.ca/webinars/webinars-webinars/cbrs-for-beginners-part-2-by-commscope/
+* https://cbrs.wirelessinnovation.org/acronyms
+
+### C. SAS Pricing Agreements
+
+For Google, the price options provided us in summer 2020 were:
+
+* Fixed Wireless
+    *  SAS services are billed per link/household so you pay for each CPE (Customer Premises Equipment) CBSD registered with SAS. 
+    *  CBSDs that operate as base stations are free of charge. Price Per Customer Link $2.25/month.
+*  Mobility/Private LTE (price is based on CBSD categoris)
+    *  Category A CBSD 
+        *  max transmit capability: 30 dBm/10 MHz = 20 dBm/MHz or “1 Watt”
+        *  mounted under 6m Height Above Average Terrain measured 3-16 km away from site
+        *  $2.67/month
+    *  Category B CBSD 
+        *  max transmit capability: Maximum EIRP of 47 dBm/10 MHz = 37 dBm/MHz or “50 Watt"
+        *  $13.33/month.
+
+### D. SAS Registration
+
+CBSDs must register their transmit capabilities with the SAS using either the “one-step” or “multi-step” process. 
+
+The one-step process requires you to input all installation parameters and sign them with the CPI certificate all on the base station itself, or via a cloud domain proxy such as used by Baicells. **Not all base stations support this and the interfaces for doing so might vary widely, so “multi-step” is typically recommended.**
+
+## II. Register device in SAS portal
+This tutorial will be walking through steps following the specifics of the Google SAS portal interface, but the steps should be generalizable to other SAS portals.
+
+### A. Once you have an account on an SAS service, register your devices on their portal or dashboard.
+The Google SAS portal can be found at: https://wirelessconnectivity.google.com/sas/
+
+### B. Our Setup
+
+Our test setup in the lab includes: 
+
+- 1W Baicells Nova 233 base station in the CBRS band mounted on the 6th floor balcony of our UW computer science building.
+- Alpha Wireless 18 dBi-gain panel antenna with a beamwidth of 65 degrees (model AW3014-T4), mounted straight ahead and not tilted down. 
+
+
+### C. Example Configuration
+An example configuration for this setup is shown below.
+
+![Google SAS Configuration Screen](https://i.imgur.com/9G0bymT.png)
+
+*The configuration screen is a right-hand sidebar next to the map view, hence the unwieldy aspect ratio.*
+
+Explanation of parameters:
+
+1. CBSD Category (A or B):
+    * Defined by rules in Section I.C above
+2. User ID
+    * Specified by the SAS provider when you register
+3. FCC ID and Serial Number:
+    * Both the radio and antenna model must be pre-authorized for use with CBRS by the FCC.
+    * The FCC ID is used to identify this approved device type.
+    * The serial number specifies the exact device identity.
+    * Both can usually be found on the outside of the device (circled in image below).
+![](https://i.imgur.com/YDAABLk.jpg)
+ 
+4. Beamforming Gain, Beamwidth
+    * Based on antenna specs in II.B
+5. EIRP
+    * [Effective Isotropic Radiated Power](https://www.everythingrf.com/rf-calculators/eirp-effective-isotropic-radiated-power) of your system including both the base station radio and antenna. 
+    * For a Cat B CBSD, this must be 46 dBm/10 MHz=36 dBm/MHz or lower. 
+    * Calculate this value by adding the max transmit power (actually power density per MHz) of the base station, in our case 28 dBm, to the antenna beamforming gain, in our case 18 dBi; 28+18=36 dBm/MHz. 
+    * For the units requested by the Google interface, add 10 to this value to specify power per 10 MHz instead of per MHz. 
+6. Height
+    * Specified in terms of height Above Ground Level (AGL) which you can measure using a rangefinder/ measuring tape/ building plan, or in height Above Mean Sea Level (AMSL). 
+    * **Not** in terms of HAAT as in the Cat A/B definition.
+    * Must be accurate to within 3 m.
+7. Azimuth
+    * Refers to the compass heading/ direction that the antenna is pointing (set this to 0 for an omnidirectional antenna). 
+    * This [FCC tool](https://www.fcc.gov/media/radio/distance-and-azimuths) is extremely helpful for calculating the azimuth based on the antenna’s gps location and that of a structure you are pointing it at.
+    * You can get these GPS coordinates via Google Maps or Google Earth.
+    ![](https://i.imgur.com/SgxORTx.png)
+
+8. Air Interface
+    * E_UTRA is the LTE radio standard used by our Baicells box.
+    * The only “supported spec” currently available for Baicells is FFS (according to a forum post, linked here).
+9. Location: 
+    * In the Google interface, set the site location in GPS coordinates under the tab labeled with the map pin icon. *(not shown)*
+10. Parameters under "CBSD Info"
+    * Call Sign
+        *  As far as I can tell, this can be any reasonable alphanumeric string as long as it is unique and matches the value of the “call sign” parameter as sent over by the eNB or domain proxy.
+        *  You will set this in the SAS interface as well as either the eNB or Baicells Cloud Core (they all need to match).
+    * Others
+        * These should match the settings with the same name on the eNB’s local management portal, shown on the “Basic Info” page in section IV.A below.
+    
+### D. CPI Signature
+When the parameters are all filled out, click the big red “Ready for CPI” button at the bottom of the panel (not shown here). On the CPI’s version of the interface, it will provide a place to “sign” the configuration with their CPI certificate, which they will upload to the interface. **This must happen before the device can get a spectrum grant.** 
+
+### E. Status Tab
+After the CPI signs the eNB configuration, under the “Status” tab (visible in the config panel), you should see “Not yet Registered” (or a similar message) because the eNB has not checked in to the Google SAS yet with its matching parameters to complete the multi-step process. If something has otherwise gone wrong, you’ll see an error message here.
+
+### F. Other helpful links
+* [Google CBSD registration and deregistration](https://support.google.com/sas/answer/9539493?hl=en&ref_topic=9455755)
+* [Elevation finder tool with map](https://www.freemaptools.com/elevation-finder.htm)
+
+## III. Steps in Baicells Cloud interface
+
+### A. Make a Baicells OMC account. 
+Due to Baicells’ use of a “domain proxy” for their SAS requests, you will need to make a new user account in the Baicells Operators Management Console (OMC): https://cloudcore.baicells.com:4443/ 
+
+This is distinct from their paid “Cloud Core” service which we will not be using in this tutorial, although the management portal is the same.
+
+### B. Take note of the CloudKey
+Once you have made an account, note the 6-letter “CloudKey” in the upper right corner of the screen (circled in red). 
+
+![](https://i.imgur.com/thYx40F.png)
+
+
+This will need to be inputted into the local eNB management portal for the eNB to check into the Cloud OMC. 
+
+*On your version of this portal, if you’re doing this for the first time, you shouldn’t see any eNBs already present.*
+
+### C. Set your SAS service provider. 
+Navigate to Advance→SAS in the left hand menu, and then click the gear icon on the upper right corner, which has the hover text “Settings.” 
+
+## IV. Steps in Baicells management interface
+
+### A. Local Management Portal
+The Baicells eNodeB (eNB) is best managed through the browser-based management portal; the current command line interface is accessible but extremely limited. 
+
+The default IP address of the management portal (and that of most Baicells equipment I’ve seen) is 192.168.150.1, and the default login credentials are admin/admin. *I would recommend changing the admin login credentials to be more secure.*
+
+Connect your computer to the eNB via Ethernet, and navigate to this IP address in your browser (using http://192.168.150.1, not https).
+
+Baicells Initial Login Screen:
+
+![](https://i.imgur.com/4RlDG7R.png)
+
+BTS Info→“Basic Info” Page visible upon login:
+
+![](https://i.imgur.com/AdSEjMC.png)
+
+### B. Upgrade firmware
+Upgrade the firmware to the latest firmware version that supports SAS functionality, or verify that it is already up to date. 
+
+You can check the official [firmware page](https://na.baicells.com/Service/Firmware) under the correct eNB model. The Nova 233 CBRS small cell we’re using is model mBS1105. The latest firmware version after which SAS is officially supported is BaiBS_RTS_3.6.6.IMG (as of Feb 2021), for which the direct download is available [here](https://img.baicells.com//Upload/20200912/FILE/6aaf03fa-7768-40eb-8e1b-ee79f5cb443a.IMG). 
+
+![](https://i.imgur.com/OPL0HYs.png)
+
+***Do not skip this step, otherwise none of the following steps will work right.***
+
+### C. Get everything connected
+
+Once the firmware is upgraded, you will want to get the eNB connected to your local [LTE core network (EPC)](https://hackmd.io/brHS3l1-T_uTUaDEAHMOxw?view) as well as to the Internet so it can contact the necessary SAS infrastructure.
+
+#### 1. Configure Internet Access (WAN)
+Navigate to the Network→WAN/LAN/VLAN tab on the left hand menu. 
+
+We will set the WAN interface IP address to 192.168.151.1, since the Baicells console requires (for whatever reason) a different subnet for the WAN as opposed to the LAN. 
+
+Then we will connect the eNB to an Ethernet port on the EPC that has the IP address 192.168.151.2 (as set up in our previous tutorial), which will act as the eNB’s Internet gateway.
+
+**Don’t forget to hit “Save” after each change you make in this interface.**
+![](https://i.imgur.com/knqF26j.png)
+
+#### 2. Check Internet access
+
+At this point, if the EPC is configured correctly to pass eNB traffic to the Internet, the eNB should be able to ping an arbitrary IP address. 
+
+To test this, navigate to the Network→Diagnostics tab on the left hand menu and select “Ping” under the “Method of Diagnostics” dropdown menu. Set the “Target IP Domain” to be a highly reachable IP address on the Internet such as 1.1.1.1, which is the CloudFlare DNS server. Press “Implement.” 
+
+If the result is “Fail!” as in the screenshot, there is likely something wrong with your eNB’s Internet connection through the EPC; you should fix this issue before continuing. 
+![](https://i.imgur.com/tOgPFxa.png)
+
+#### 3. Reboot as needed
+If a message appears that the eNB needs a reboot after the new settings are saved, navigate to the Reboot tab in the left hand menu and perform the reboot (Warm Reset is fine).
+
+#### 4. Attach to Baicells OMC
+To configure the eNB to talk to the OMC as discussed in the prior section, navigate to the BTS Setting→Management Server tab in the management console and enter the CloudKey. 
+
+Within a few minutes, the eNB should appear in your Baicells Cloud OMC console, and the “Basic Info” page should show that the OMC is “Connected.”
+![](https://i.imgur.com/we7ySwo.png)
+![](https://i.imgur.com/Ic7u0II.png)
+
+#### 5. Disable IPsec
+For our purposes we will not be using IPsec between our EPC and eNB; the default IPSec configured is used for the Baicells Cloud EPC which we are not using. 
+
+Navigate to the Network→“MME&IPSec Binding” menu tab and set “IPSec Status” to “Disable.” You may also delete the IPSec tunnels as shown below. 
+![](https://i.imgur.com/1XO8wj5.png)
+
+#### 6. Disable GPS Sync when testing indoors.
+Navigate to the “BTS Setting”→“Sync Setting” menu and disable both “Forced Sync” and “GPS Sync Switch,” in case you need to work with the base station in a location where you don’t have a strong GPS signal. 
+
+Some base stations will not start up normally or attach to the EPC unless they get a GPS signal, and we should avoid this behavior.
+![](https://i.imgur.com/RPq0kzq.png)
+
+#### 7. Change the MME settings
+Change the MME settings. Since we are using our local EPC, we will need to change the MME settings to reflect our MME’s IP address, on which it is listening for eNBs to attach, as well as other configurations. Navigate to the BTS Info→Quick Setting tab on the left hand menu.
+
+![](https://i.imgur.com/owYmUoJ.png)
+
+* Disable RF
+    * You should set the “RF Status” setting to “Disable” before you change the MME IP, because attaching to the MME will normally cause the eNB’s radio to turn on.
+    * Since we have not enabled the eNB to ask for spectrum coordinated by the SAS yet, turning on the radio may cause unwanted interference on someone else’s network.
+* PLMN setting
+    * Remove the existing “PLMN ID” (by clicking the trash can symbol) and set it to the value that you have configured in your EPC.
+    * In our networks, we use “91054” as our PLMN, so add this as a “Primary” and “NotReserved” PLMN by entering the number in the text box and clicking the “+” button.
+* MME IP address
+    * Remove the existing MME IP associated with the old PLMN.
+    * Add the new MME IP address, in our case 192.168.150.2, by entering it in the text box and clicking “+”. This MME IP should be associated with the newly added PLMN by default.
+    * Save the changes and reboot the eNB (Warm Reset); after the reboot has finished (within a few minutes), the eNB should attach to the MME.
+    * If you navigate to BTS Info→Basic Info, you should see the MME Status change from “Not Connected” to “Connected.” If you are looking at the MME logs on the EPC, you will also see the record that an eNB has attached.
+
+#### 8. Enable SAS
+**SAS should only be enabled after successfully attaching the eNB to the MME.** Unfortunately, when SAS is enabled, the eNB will not attach to the MME unless it has a currently valid authorization to transmit on a certain frequency. However, until it is attached to an MME, the Baicells Cloud OMC will not provide it this authorization. 
+
+So we need to have SAS disabled first with the RF also disabled, attach the eNB to the MME, and then enable SAS. 
+
+Choose “Multi-step” under “SAS Registration Type,” as specified in Section I.E. Also choose “B” under “category,” and write in the other parameters to match the ones with the same name in the Google SAS configuration.
+
+![](https://i.imgur.com/d5KzckP.png)
+
+
+After you click “Save,” SAS should be enabled immediately. You should see the SAS enabled status change in the Baicells Cloud OMC. If all goes smoothly, your device should get an authorization to transmit within a few minutes and the radio should turn on!
+
+#### 9. Check Baicells CLOUD OMC to debug issues
+You can check the status of the SAS authorization process in the Cloud OMC. Here you can find logs (upper right corner of SAS screen, shown in the screenshot below) with any error messages that may have occurred in the process.
+![](https://i.imgur.com/rQntnQ9.png)
+
+* Errors can be caused by invalid or non-matching parameter values, lack of CPI signature, lack of spectrum availability, etc. 
+* In more difficult cases, after device registration the SAS may not respond to spectrum inquiries without sending any clear error messages. I have encountered this scenario when requesting spectrum around midnight, which may have been caused by brief database unavailability during the daily “SAS Sync” or IAP. My recommendation is to avoid requesting a new spectrum grant after 11 pm PST.
+* If you change anything about the equipment used on site or the location/orientation of the equipment, you need to change the SAS registration, have it re-signed by the CPI, and use the Baicells OMC to re-request a new spectrum authorization- this process is described in the following section.
+
+## V. How to change location, antenna properties, etc. after deployment
+As an example, this section will show how you would change the equipment’s location upon moving from test site to deployment site.
+
+1. Get the new GPS location either manually using Google Maps/Earth, or automatically using Baicells OMC’s GPS reading for the eNB if available.
+2. Google SAS steps
+    * In the upper right hand corner of the Google SAS configuration for the deployed equipment (long narrow right side panel for a particular site), press the unlock button (shaped like a padlock) to make the configuration editable.
+    <center>
+    
+    ![](https://i.imgur.com/B6DB1or.png)
+    </center>
+    
+    * To edit the site location, click on the map pin icon in the upper left corner of this same right hand configuration panel to enter the location panel. Enter the new GPS coordinates in the box. After your changes, lock the site configuration again. (If the red “Ready for CPI” button appears again at the bottom of the main configuration panel, go ahead and click it to prompt the CPI to sign.)
+    
+    <center>
+    
+    ![](https://i.imgur.com/mFD3cWc.png)
+    </center>
+    
+    * You may have to wait a few minutes or hours for the changes to sync to the CPI’s SAS database view. If after a while the CPI still cannot see the location change, ask them to enter the new GPS coordinates in their own interface and re-sign the configuration.
+3. Baicells Cloud OMC steps
+    * On the Baicells OMC, navigate to the Advance→SAS screen where you can see the list of CBRS devices and their SAS status. Click on the 3 dots ( ⠇) symbol before the serial number for a particular device and click on “Procedure” to enter the SAS procedure screen.
+    ![](https://i.imgur.com/6zXTVah.png)
+
+    * On the Procedure screen, you can see the most recent SAS logs, relinquish and re-request active spectrum authorizations, or de-register and re-register devices. First click on the “Authorized” icon and click on the “Relinquishment req” button to relinquish the current spectrum authorization. Then the latter two icons will become greyed out, but the device will remain registered. 
+    ![](https://i.imgur.com/bjbGzyY.png)
+
+    * We will need to fully de-register and re-register the device with the new parameters. Click the “Registered” icon and then the “De-register” button when it appears to de-register the device. 
+    ![](https://i.imgur.com/aW9qDZF.png)
+
+    * Once the device is in the “Unregistered” state, click the “Unregistered” icon and then click the “Register req” button when it appears. If all goes well, the device should re-register, and also request and receive a new grant (completing the full procedure) within a few moments.
diff --git a/docs/tutorials/epc-setup.md b/docs/tutorials/epc-setup.md
new file mode 100644
index 0000000..292c4e2
--- /dev/null
+++ b/docs/tutorials/epc-setup.md
@@ -0,0 +1,9 @@
+---
+title: Step 1. LTE Core Network Setup
+---
+
+# Step 1: CoLTE/EPC (LTE Core Network) Setup
+
+Our core networks use the [CoLTE project](https://github.com/uw-ictd/colte) maintained by the [UW ICTD Lab](https://ictd.cs.washington.edu/).
+
+For information on how to install and configure CoLTE, visit the [tutorial](https://docs.colte.network/tutorials/epc-setup.html) we wrote with them!
diff --git a/docs/tutorials/hardware.md b/docs/tutorials/hardware.md
new file mode 100644
index 0000000..3fa73ec
--- /dev/null
+++ b/docs/tutorials/hardware.md
@@ -0,0 +1,76 @@
+---
+title: Hardware Overview
+---
+
+# Our Hardware
+
+This page will be an overview of some of the core pieces of hardware that we use to deploy our sites.
+
+This page is in development, please contact us at lcl@seattlecommunitynetwork.org if you would like to learn more about the hardware we use.
+
+**TODO**
+=======
+## Network Site Equipment
+
+### Base Station (eNodeB)
+![Baicells Nova 233 Base Station Marketing Image](https://www.doubleradius.com/images/Nova-233-3-5GHz-1W-Gen2-mBS1105_02.jpg?resizeid=3&resizeh=1000&resizew=1000)
+
+Baicells Nova 233 3.5GHz 1W Gen2
+
+More info [here](https://www.doubleradius.com/baicells-nova-233-gen-2-enodeb-outdoor-base-station)
+
+### Panel Antennas (eNodeB)
+![Alpha Wireless Antenna Marketing Image](https://www.lastmilegear.com/wp-content/uploads/2017/12/aw3014.jpg)
+
+Alpha Wireless, 3.3-3.8GHz, 2x2 MIMO, 18dBi, +/-45°, 65°
+
+More info [here](https://www.lastmilegear.com/shop/alpha-aw3014/)
+
+### Core Network Computer (EPC)
+![Qotom Mini PC Marketing Image](https://www.qotom.net/upload/thumb_src/400_400/1526031726.jpg)
+
+Qotom Mini PC Q190G4N S07
+
+Key features:
+- 4 ethernet ports
+- designed to be run 24/7
+- small and quiet
+- cheap
+
+More info [here](https://www.qotom.net/product/36.html)
+
+## User Access Devices
+
+### LTE Consumer Premises Equipment (CPE)
+![Baicells Atom CPE Marketing Image](https://www.lastmilegear.com/wp-content/uploads/2018/02/Baicells-Atom-eg8035L.jpg)
+
+Baicells Atom OD04 3.5GHz 14dBi
+
+More info [here](https://www.lastmilegear.com/shop/atom-od04-3-5ghz-14dbi-gen2/)
+
+### Outdoor WiFi Router
+![Mikrotik OmniTIK 5 PoE ac Marketing Image](https://www.wifi-stock.com/full/omnitik_5ac.jpg?size=10)
+
+Mikrotik OmniTIK 5 PoE ac
+
+Outdoor router of choice for NYC Mesh, so it has been tried and tested. Good balance of quality and price.
+
+More info [here](https://mikrotik.com/product/rbomnitikpg_5hacd)
+
+### Home WiFi Router
+![TP-Link Archer A5 Router Marketing Image](https://m.media-amazon.com/images/I/51R2a9p-vNL._AC_SS450_.jpg)
+
+TP-Link Archer A5 Router
+
+More info [here](https://www.tp-link.com/us/home-networking/wifi-router/archer-a5/)
+
+### CBRS-Compatible Unlocked Smartphone
+
+We purchase refurbished Google Pixel 4 smartphones because they are affordable, provide all
+necessary smartphone features, and are CBRS-compatible.
+
+Note that purchasing CBRS-compatible phones can be a logistical challenge. We've experienced trouble purchasing
+from vendors that send incorrect models of phones that don't support CBRS band and we had to go back and forth.
+Test your phones before distributing them!
+
+Here is [one spot](https://www.backmarket.com/search?q=pixel%204&ga_search=pixel%204) to purchase refurbished phones.
diff --git a/docs/tutorials/librenms-manager-setup.md b/docs/tutorials/librenms-manager-setup.md
new file mode 100644
index 0000000..c59f013
--- /dev/null
+++ b/docs/tutorials/librenms-manager-setup.md
@@ -0,0 +1,150 @@
+---
+title: Network Monitoring 1. LibreNMS Network Manager Configuration
+---
+
+# LibreNMS Network Manager Configuration
+
+Seattle Community Networks uses SNMP to monitor network nodes. LibreNMS is used for Network Management, Dashboard generation and Alerting.
+
+## LibreNMS Manager Installation:
+[Install LibreNMS](https://docs.librenms.org/Installation/Install-LibreNMS/)
+[Install and Configure LibreNMS on Ubuntu with nginx](https://computingforgeeks.com/how-to-install-and-configure-librenms-on-ubuntu-with-nginx/)
+
+## Network-Specific Configuration:
+Change active user to librenms:
+```sudo su - librenms```
+
+Edit /opt/librenms/config.php:
+
+```php
+<?php
+
+$config['user'] = 'librenms';
+$config['base_url'] = "/";
+$config['snmp']['community'] = array('<SNMP COMMUNITY STRING>');
+$config['auth_mechanism'] = "mysql"; # default, other options: ldap, http-auth
+$config['nets'][] = "10.0.0.0/24"; # Replace with your Management Network Subdomain
+$config['rrd_purge'] = 0;
+$config['enable_billing'] = 1;
+$config['show_services'] = 1;
+```
+
+As user 'librenms', run /opt/librenms/snmp-scan.php, to scan the configured network for snmp hosts
+
+## Adding Baicells OS configuration to LibreNMS
+
+As user 'librenms' on the librenms server, create the following files and update their contents accordingly:
+* For OS detection, ~librenms/includes/definitions/rts.yaml:
+```
+	os: rts
+		text: 'Baicells RTS'
+		type: network
+		icon: rts
+		over:
+		- { graph: device_bits, text: 'Device Traffic' }
+		- { graph: device_processor, text: 'CPU Usage' }
+		- { graph: device_mempool, text: 'Memory Usage' }
+		discovery:
+		- sysDescr:
+			- 'CELL'
+```
+
+* For defining custom RTS OS sensors, ~librenms/includes/definitions/discovery/rts.yaml:
+
+```
+mib: BAICELLS-MIB
+modules:
+	os:
+    	hardware: BAICELLS-MIB::hardwareVersion.0
+    	serial: BAICELLS-MIB::sn.0
+    	version: BAICELLS-MIB::softwareVersion.0
+	sensors:
+    	count:
+        	data:
+            	-
+                	oid: ulThroughput
+                	num_oid: '.1.3.6.1.4.1.53058.190.7.{{ $index }}'
+                	descr: 'Upload Throughput'
+                	group: 'Throughput'
+                	index: 'ulthroughput.{{ $index }}'
+            	-
+                	oid: dlThroughput
+                	num_oid: '.1.3.6.1.4.1.53058.190.8.{{ $index }}'
+                	descr: 'Download Throughput'
+                	group: 'Throughput'
+                	index: 'dlThroughput.{{ $index }}'
+            	-
+                	oid: ulPrbUtilization
+                	num_oid: '.1.3.6.1.4.1.53058.190.9.{{ $index }}'
+                	descr: 'Upload PRB Utilization'
+                	group: 'Utilization'
+                	index: 'ulPrbUtilization{{ $index }}'
+            	-
+                	oid: dlPrbUtilization
+                	num_oid: '.1.3.6.1.4.1.53058.190.10.{{ $index }}'
+                	descr: 'Download PRB Utilization'
+                	group: 'Utilization'
+                	index: 'dlPrbUtilization.{{ $index }}'
+    	frequency:
+        	data:
+            	-
+                	oid: carrierBwMhz
+                	num_oid: '.1.3.6.1.4.1.53058.100.7.{{ $index }}'
+                	divisor: 5
+                	descr: 'Carrier Bandwidth'
+                	index: 'carrierBwMhz.{{ $index }}'
+    	percent:
+        	data:
+            	-
+                	oid: eRABEstablishSuccessRate
+                	num_oid: '.1.3.6.1.4.1.53058.190.3.{{ $index }}'
+                	descr: 'ERAB Establishment Success Rate'
+                	group: 'LTE'
+                	index: 'eRABEstablishSuccessRate.{{ $index }}'
+            	-
+                	oid: hoSuccInterEnbS1Rate
+                	num_oid: '.1.3.6.1.4.1.53058.190.4.{{ $index }}'
+                	descr: 'Inter MME S1 Handover Success Rate'
+                	group: 'LTE'
+                	index: 'heSuccInterEnbS1Rate.{{ $index }}'
+            	-
+                	oid: hoSuccInterEnbRate
+                	num_oid: '.1.3.6.1.4.1.53058.190.5.{{ $index }}'
+                	descr: 'Inter MME Handover Success Rate'
+                	group: 'LTE'
+                	index: 'hoSuccInterEnbRate.{{ $index }}'
+            	-
+                	oid: rrcBuildSuccessRate
+                	num_oid: '.1.3.6.1.4.1.53058.190.6.{{ $index }}'
+                	descr: 'RRC Build Success Rate'
+                	group: 'LTE'
+                	index: 'rrcBuildSuccessRate.{{ $index }}'
+```
+
+* For defining a custom OS class to use Wireless sensors, ~librenms/LibreNMS/OS/Rts.php (note: pay attention to capitalization)
+
+```php
+<?php
+namespace LibreNMS\OS;
+
+use LibreNMS\Device\WirelessSensor;
+use LibreNMS\Interfaces\Discovery\Sensors\WirelessClientsDiscovery;
+use LibreNMS\Interfaces\Discovery\Sensors\WirelessUtilizationDiscovery;
+use LibreNMS\OS;
+
+class Rts extends OS implements WirelessClientsDiscovery
+{
+	public function discoverWirelessClients()
+	{
+    	$oid = '.1.3.6.1.4.1.53058.100.11.0'; //BAICELLS-MIB::ueConnections.0
+    	return array(
+        	new WirelessSensor('clients', $this->getDeviceId(), $oid, 'rts', 1, 'UE Connections')
+    	);
+	}
+}
+```
+
+* A nice looking logo, ~librenms/html/images/os/rts.png
+[Download an example Baicells Logo Here](https://imgur.com/9AOohPr.png)
+
+* Download the baicells mib from [this link](https://na.baicells.com/download/RTS%203.6%20BAICELLS-MIB.mib), and save it to ~librenms/mibs/BAICELLS-MIB (note: no file extension)
diff --git a/docs/tutorials/librenms-setup.md b/docs/tutorials/librenms-setup.md
new file mode 100644
index 0000000..2878de4
--- /dev/null
+++ b/docs/tutorials/librenms-setup.md
@@ -0,0 +1,111 @@
+---
+title: Network Monitoring 2. LibreNMS Agent Configuration
+---
+
+# LibreNMS Agent Configuration
+
+## Adding a New Node to LibreNMS
+
+Both the eNodeB and the EPC must be configured individually in order for them to report statistics to the SNMP Manager. Since the eNodeB is not directly accessible from the management VPN, we configure an SNMP proxy on the EPC to pass SNMP statistics to the Management host.
+
+## EPC SNMP Configuration
+
+* Install snmpd to the EPC node:
+``` $ sudo apt install snmpd ```
+
+* Modify /etc/snmp/snmpd.conf:
+
+```
+sysLocation 	<SITE NAME STRING>
+sysContact  	lcl@seattlecommunitynetwork.org
+sysServices 	72
+master      	agentx
+agentAddress	udp:161
+com2sec readonly <SNMP Manager IP Address> <SNMP COMMUNITY STRING>
+com2sec -Cn ctx_baicells readonly <SNMP Manager IP Address> enodeb
+group readonlygroup v2c readonly
+view all included .1
+access readonlygroup "" v2c noauth exact all none none
+access readonlygroup ctx_baicells v2c noauth prefix all none none
+proxy -Cn ctx_baicells -v 2c -c private 192.168.151.1 .1.3
+```
+
+This configuration allows us to access SNMP data on the EPC with the standard community string (refer to internal standards documentation). but will proxy the Baicells SNMP data when we send the community string ‘enodeb’
+
+* Update the snmpd service file to automatically restart snmpd on crash:
+   * Edit /lib/systemd/system/snmpd.service, modify the 'ExecStart' line, and add the 'ExecReload', 'Restart', and 'RestartSec' lines:
+
+```
+[Unit]
+Description=Simple Network Management Protocol (SNMP) Daemon.
+After=network.target
+ConditionPathExists=/etc/snmp/snmpd.conf
+
+[Service]
+Type=simple
+ExecStartPre=/bin/mkdir -p /var/run/agentx
+ExecStart=/usr/sbin/snmpd -LO2w -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -f -p /run/snmpd.pid
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=on-failure
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
+```
+
+* Enable and restart snmpd:
+```
+Sudo systemctl daemon-reload
+sudo systemctl enable snmpd
+sudo systemctl restart snmpd
+```
+
+## Baicells SNMP configuration
+* Log into the Baicells configuration console:
+```https://<Baicells IP Address>```
+
+* From the left menu, select System
+
+* Select SNMP
+![Example Screenshot: enabling SNMP in the Baicells Console](https://i.imgur.com/YanPtMs.png)
+   * Under ‘SNMP Switch,’ select ‘Enable’
+   * Configure the following options:
+      * Community String: private
+      * Contact: lcl@seattlecommunitynetwork.org
+      * Location: \<SITE NAME STRING\> (String should not have any spaces)
+      * Source: Any
+
+## Adding the Node to LibreNMS
+* If the EPC is running, librenms should be able to auto-discover it. Run this command from a shell on the management host:
+```sudo -u librenms lnms scan```
+
+* LibreNMS should print a status message that it was able to add a new device.
+
+* When first discovered, the EPC will show up generically as it’s ip address. Edit the hostname, but clicking ‘Edit Device’ (gear icon):
+   * Click the red pencil icon, and change the ip address to the hostname
+   * Fill ‘Overwrite IP’ with the EPC IP address
+      * *Note: If the IP is not changed to the hostname, you will not be able to add the eNodeB by it’s IP address*
+![Example Screenshot: Updating EPC Hostname in LibreNMS](https://i.imgur.com/LHeL3Zq.png)
+
+* The Baicells eNB needs to be added manually: From LibreNMS, select Devices and click “Add Device”
+![Example Screenshot: Manually adding eNodeB to LibreNMS](https://i.imgur.com/Tlqpbh3.png)
+
+* Add a new device, with the following configurations:
+   * Hostname: <IP Address of the site’s EPC>
+   * Community: ‘enodeb’
+   * Force Add: On
+
+* *Note: If you receive an error message stating that a device with the specified IP already exists, make sure that you have* successfully changed the eNodeB’s hostname per the previous step.
+
+* Once the device is added, click the ‘Edit Device’ icon (gear icon) and update the following values:
+   * Display name: \<eNB Cell Name\>
+   * Overwrite device contact: lcl@seattlecommunitynetwork.org
+
+## Other helpful notes:
+
+* [Baicells eNB config guide](https://img.baicells.com//Upload/20210810/FILE/195c7e84-47d9-4acb-aa00-cba0e080d885.pdf)
+
+* How to SSH into Baicells eNB:
+   * SSH using port 27149 (username same as normal web-based login)
+   * Convert the MAC address of this eNB to link local address: http://www.sput.nl/internet/ipv6/ll-mac.html
+
diff --git a/docs/tutorials/librenms/.pages b/docs/tutorials/librenms/.pages
new file mode 100644
index 0000000..ea632fd
--- /dev/null
+++ b/docs/tutorials/librenms/.pages
@@ -0,0 +1,4 @@
+nav:
+  - deploy.md
+  - upgrade.md
+  - backup.md
\ No newline at end of file
diff --git a/docs/tutorials/librenms/backup.md b/docs/tutorials/librenms/backup.md
new file mode 100644
index 0000000..1a01460
--- /dev/null
+++ b/docs/tutorials/librenms/backup.md
@@ -0,0 +1,2 @@
+# Backing Up
+In the future when we want to back up the rrd folder of a docker install, you just need to copy the compose/librenms/rrd folder. If you want to back up the database, you need to go into the container called `librenms_db` and do a mysqldump with the user `librenms` with the database librenms and whatever password you set, probably in the environment variables of the compose file of the deployment This means something like `mysqldump librenms -u librenms --password=<your_password> > librenms.sql`
\ No newline at end of file
diff --git a/docs/tutorials/librenms/deploy.md b/docs/tutorials/librenms/deploy.md
new file mode 100644
index 0000000..8c9a7f6
--- /dev/null
+++ b/docs/tutorials/librenms/deploy.md
@@ -0,0 +1,24 @@
+# Deploying
+I wrote a script to deploy libreNMS with the configuration that SCN uses. The repo is [here](https://github.com/abacef/scn-librenms-deploy-script/tree/main)
+
+## Software requirements
+Only tested on debian and ubuntu. Not sure what else it works on but it could work on other linux distros
+
+
+## Steps
+1. Install docker if it is not installed already
+1. Install docker compose if it is not installed already
+1. Instal unzip if it is not installed already
+1. Check out this repo
+1. If you want to restore a previous install, provide a sqldump named `librenms.sql` flat in this checked out repo. There is a helper script called `get_database_from_currently_running_server.sh` to get the database off of the non dockerized install (needs ssh access to the server)
+   1. If you want to restore the graphs too, you can provide a file named `rrd.zip` flat in the checked out repo which is just the rrd folder ziped up.  There is a helper script called `get_rrd_zip_from_currently_running_server.sh` to get the rrd zip from the non dockerized install (needs ssh access to the server)
+1. Run `./deploy.sh`
+   1. builds the librenms image
+   1. builds the database image with/without the backup
+   1. Starts the service using `docker compose`. This creates 2 shared volumes in the `compose` directory
+      1. The `librenms` folder is for the librenms docker images to share configuration data including rrd files
+      1. The `db` volume is the database
+   1. unzips the rrd folder in the rrd directory of the shared `librenms` volume
+
+The UI will run on port 8000
+
diff --git a/docs/tutorials/librenms/upgrade.md b/docs/tutorials/librenms/upgrade.md
new file mode 100644
index 0000000..0b259b3
--- /dev/null
+++ b/docs/tutorials/librenms/upgrade.md
@@ -0,0 +1,20 @@
+# Upgrading
+Upgrading can be segmented into 2 parts. The container OSses and the service
+
+## OS
+Each container runs an OS
+- The Maria db container is based on ubuntu, so you can just do `sudo apt update` and `sudo apt upgrade` when executing bash on the container
+- The Redis container for some reason only has an ash executable installed on the container. Also it runs on alpine so it can be updated using `apk update` and `apk upgrade`
+- The libreNMS and the libreNMS dispatcher container is instantiaated on the same container which is on alpine, and uses bash. Update as usual for alpine installs.
+
+## Service
+I think that libreNMS vends a script called daily.sh (librenms docs [here](https://docs.librenms.org/General/Updating/)) that is added to the cron, but cron is not running on docker containers since each container only runs one process. Even if we manually run daily.sh, there are errors. I think that the docs also give a manually manual way to update, by doing a git clone, but since the librenms files were not pulled using git, we cant use this way. I tried using rsync to overwrite the old files with the new files, but there are some issues. The nuclear option can be used, which is remove the containers, build new updated ones, and start that, but this will include a small outage
+
+1. Go to the compose directory and run `sudo docker compose down` to stop and remove all the containers. We store data (rrd files and the database) in a docker volume inside the compose directory anyway so we should not need to worry about removing containers removing any data
+1. Go to the `librenms_image` directory, change the version of the image to the latest version [here](https://hub.docker.com/r/librenms/librenms/tags)
+1. run `sudo docker build . -t scn-librenms`, which should build the new image
+1. go to the `db_image` directory and update the Dockerfile's version to the latest version [here](https://hub.docker.com/_/mariadb/tags)
+1. run `sudo docker build . -t scn_mariadb_librenms`
+1. go to the compose directory and update the compose.yml file to use the latest redis release [here](https://hub.docker.com/_/redis/tags)
+1. Then you should be able to start the service with a `sudo docker compose -f compose/compose.yml up -d`
+1. The service should come up as it was before. If it does not, you may have to do a [./lnms migrate](https://docs.librenms.org/General/Updating/)
\ No newline at end of file
diff --git a/docs/tutorials/peering.md b/docs/tutorials/peering.md
new file mode 100644
index 0000000..02d7318
--- /dev/null
+++ b/docs/tutorials/peering.md
@@ -0,0 +1,38 @@
+---
+title: Public ASN Peering
+---
+# Public ASN Peering
+### Local Connectivity Lab operates **AS54429**
+
+## Our peering Policy is **Yes**
+
+Please [contact us](mailto:lcl@seattlecommunitynetwork.org) to peer with our network.
+
+Note this network is our public ASN, not the [Seattle Community Network](https://seattlecommunitynetwork.org) itself. If you would like to join the network visit our [connect](https://seattlecommunitynetwork.org/ourSites.html) page.
+
+Seattle Community Network (SCN) is a community network dedicated to providing fair access to underserved communities all across the Puget Sound. [Learn more on our FAQ](../faq/about.md).
+
+### Peering Policy
+
+* Local Connectivity Lab has an open peering policy.
+* We have no requirements in terms of traffic, size, support/SLA, etc.
+* We operate both IPv4 and IPv6. Peering via both protocols is appreciated.
+
+### Locations
+
+| Building | Address                      | Ports    |
+| -------- | ---------------------------- | -------- |
+| Westin   | 2001 6th Avenue, Seattle, WA | 1G / 10G |
+
+### Exchanges
+
+| Exchange                        | City         | IPv4           | IPv6             | ASNs | Routes | Speed |
+| ------------------------------- | ------------ | -------------- | ---------------- | ---- | ------ | ----- |
+| Seattle Internet Exchange (SIX) | Seattle, WA  | 206.81.81.150 | 2001:504:16::d49d | 336  | ~192K  | 10G   |
+
+## Peering Data
+
+ASN: 54429  
+Peering Contact: tech@seattlecommunitynetwork.org  
+PeerDB Page: [https://as54429.peeringdb.com](https://as54429.peeringdb.com)  
+As we are a non-profit, please consider providing as many routes as possible, including upstream or other routes.  
diff --git a/docs/tutorials/proxmox-vaultwarden-deployment.md b/docs/tutorials/proxmox-vaultwarden-deployment.md
new file mode 100644
index 0000000..f9e19fc
--- /dev/null
+++ b/docs/tutorials/proxmox-vaultwarden-deployment.md
@@ -0,0 +1,243 @@
+---
+title: Proxmox Deployment Guide - Vaultwarden
+---
+
+### Deployed by: Esther Jang, Paul Phillion, Rudra Singh
+
+---
+
+## Section 1: What is Proxmox?
+
+- **Proxmox VE (Virtual Environment)** is an open-source server management platform designed to deploy and manage virtual machines (VMs) and containers.
+- It integrates KVM hypervisor and LXC containers, enabling users to manage virtual infrastructure through a web-based interface.
+
+## Section 2: Access Requirements for Proxmox VE at Seattle Community Network
+
+- To submit a request for a SCN self-hosted Proxmox VM on our private cloud, please fill out [this form](https://docs.google.com/forms/d/e/1FAIpQLSf6NYZHTfxi_hcQM1DWJ8mhgJDl-iiqRL4yTQG_x1az6XEfEQ/viewform?usp=sf_link).
+- If you are working on a project for SCN and need access to the Proxmox VE, please continue reading.
+- Next, you will need access to the OpenVPN. Proxmox VE can only be accessed on the VPN. Specific details can be obtained from the SCN discord. Once connected to the VPN, a specific IP will be provided for you to access the Proxmox VE, where you can input your credentials.
+
+## Section 3: Setting up your VM
+
+- ### Install SSH
+- ### Install Keys
+- ### Test SSH CLI
+
+## Section 4: SSH Troubleshooting
+
+- Please let the SCN discord know if you have trouble SSH'ing in. A useful command during setup was `sudo ufw status`. If it is active, use `ufw disable`. The expected status should be inactive. If that still doesn’t work, try restarting the VM from the Proxmox VE.
+
+## Section 5: Beginning Deployment: Vaultwarden
+
+```bash
+docker pull vaultwarden/server:latest
+docker run -d --name vaultwarden -v /vw-data/:/data/ --restart unless-stopped -p 80:80 vaultwarden/server:latest
+```
+
+## Section 6: Docker Compose
+
+- Create a Docker Compose file:
+
+```yaml
+version: "3"
+
+services:
+  vaultwarden:
+    container_name: vaultwarden
+    hostname: vaultwarden9
+    ports:
+      - "127.0.0.1:8080:80"
+    environment:
+      - LOG_FILE=/log/access.log
+      - LOG_LEVEL=info
+      - EXTENDED_LOGGING=true
+    image: vaultwarden/server:latest
+    restart: unless-stopped
+    volumes:
+      - /opt/vw-data:/data
+      - /var/log/vw:/log
+```
+
+- To start and run your container application in detached mode, use:
+  
+```bash
+docker-compose up -d
+docker-compose start
+docker-compose stop
+docker-compose restart
+```
+
+## Section 7: Azure DNS
+
+- For this deployment, we're utilizing a public IP address. This address must be configured within Azure DNS to point to our chosen domain name.
+- Navigate to Home - Microsoft Azure with your account.
+- Open “DNS zones”. If you were using a private IP, you would use “Private DNS zones”.
+- We will be creating a subdomain under seattlecommunitynetwork.org.
+- Click on that, and under DNS management, click recordsets, and click add.
+- Insert the beginning of the subdomain name, which in our case is “vaultwarden”.
+- Below, under IP address, insert your IP, and create your new subdomain.
+
+## Section 8: Enabling Nginx
+
+```bash
+sudo apt update
+sudo apt install nginx
+sudo systemctl enable nginx
+sudo systemctl start nginx
+```
+
+- Next, go to `/etc/nginx/sites-enabled/default`. Delete everything inside `default` and paste this:
+
+```nginx
+# The `upstream` directives ensure that you have a http/1.1 connection
+# This enables the keepalive option and better performance
+#
+# Define the server IP and ports here.
+upstream vaultwarden-default {
+  zone vaultwarden-default 64k;
+  server 127.0.0.1:8080;
+  keepalive 2;
+}
+
+# Needed to support websocket connections
+# See: https://nginx.org/en/docs/http/websocket.html
+# Instead of "close" as stated in the above link we send an empty value.
+# Else all keepalive connections will not work.
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      "";
+}
+
+# Redirect HTTP to HTTPS
+server {
+    listen 80;
+    listen [::]:80;
+    server_name vaultwarden.seattlecommunitynetwork.org;
+
+    if ($host = vaultwarden.seattlecommunitynetwork.org) {
+        return 301 https://$host$request_uri;
+    }
+    return 404;
+}
+
+server {
+    # For older versions of nginx appened http2 to the listen line after ssl and remove `http2 on`
+    listen 443 ssl;
+    listen [::]:443 ssl;
+   # http2 on;
+    server_name vaultwarden.seattlecommunitynetwork.org;
+
+    # Specify SSL Config when needed
+    ssl_certificate /etc/path...;
+    ssl_certificate_key /etc/path...;
+    ssl_trusted_certificate /etc/path...;
+
+    client_max_body_size 525M;
+
+    location / {
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection $connection_upgrade;
+
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto $scheme;
+
+      proxy_pass http://vaultwarden-default;
+    }
+
+    # Optionally add extra authentication besides the ADMIN_TOKEN
+    # Remove the comments below `#` and create the htpasswd_file to have it active
+    #
+    #location /admin {
+    # See: https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/
+      #auth_basic "Administrator's Area";
+      #3auth_basic_user_file /path/to/htpasswd_file;
+
+      #proxy_http_version 1.1;
+      #proxy_set_header Upgrade $http_upgrade;
+      #proxy_set_header Connection $connection_upgrade;
+
+      #proxy_set_header Host $host;
+      #proxy_set_header X-Real-IP $remote_addr;
+      #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+      #proxy_set_header X-Forwarded-Proto $scheme;
+      #proxy_pass http://vaultwarden-default;
+    }
+}
+```
+
+## Section 9: Obtain SSL Certificates
+
+```bash
+sudo apt install certbot python3-certbot-nginx
+sudo certbot --nginx -d vaultwarden.seattlecommunitynetwork.org
+```
+
+- Certbot will modify your Nginx configuration to handle HTTPS and redirect from HTTP to HTTPS.
+- Ensure that you copy the file paths provided at the conclusion of the certbot process into the default nginx configuration file, replacing the corresponding comments with these paths.
+## Section 10: Ensure Everything is Running
+
+```bash
+sudo systemctl status nginx
+```
+
+## Section 11: Additional Features
+
+- Enabling admin panel:
+
+Go back to `/etc/nginx/sites-enabled/default` and uncomment the admin section at the bottom. Follow directions at [Nginx Admin Guide](https://docs.nginx.com/nginx/admin-guide/security-controls/configuring-http-basic-authentication/) to encrypt your admin password as a `.env` file (preferably using argon CLI).
+
+Once done, make sure you create a `.env` file in the directory where the compose file is with `VAULTWARDEN_ADMIN_TOKEN=[insert your hashed admin token]`.
+
+Then in your compose, add these two lines under environment:
+
+```yaml
+- ADMIN_TOKEN=${VAULTWARDEN_ADMIN_TOKEN}
+- DOMAIN=https://vaultwarden.seattlecommunitynetwork.org
+```
+
+Restart the container and try logging into <https://vaultwarden.seattlecommunitynetwork.org/admin>.
+
+Once logged in, SMTP and 2FA enabling settings can be configured on the home page.
+
+## Section 12: Data Backup
+
+- Enabling backups for Vaultwarden is a simple process. Please review the attached backup bash script, which facilitates the transfer of Vaultwarden data to another virtual machine. Additionally, there is a cleanup bash script designed to retain only the most recent file in the other VM, deleting all others. Feel free to modify the scripts as necessary to suit your specific requirements.
+
+
+
+
+
+
+Backup script:
+```bash
+#!/bin/bash
+
+docker-compose down
+datestamp=$(date +%m-%d-%Y)
+zip -9 -r /home/scn/backups/${datestamp}.zip /opt/vw-data*
+scp -i ~/.ssh-comm/id_rsa /home/scn/backups/${datestamp}.zip azureuser@[IP address]:~/backups/
+docker-compose up -d
+```
+
+Cleanup Script:
+```bash
+#!/bin/bash
+
+# Define the directory containing backup files
+backup_dir=~/backups
+
+# Go to the backup directory
+cd "$backup_dir" || exit
+
+# Find and delete older backup files (excluding the latest day)
+find . -type f -name '*.zip' ! -mtime -1 -exec rm {} +
+
+# Exit
+exit 0
+```
+## Section 13: Using the Backup
+To restore a data backup to the original virtual machine, simply unzip the file and delete the existing contents of `/opt/vw-data`. Then, transfer the contents of your zip file into this directory. Perform a quick restart of the container, and you will have successfully restored the version of the backup you selected.
diff --git a/docs/tutorials/software.md b/docs/tutorials/software.md
new file mode 100644
index 0000000..74082f4
--- /dev/null
+++ b/docs/tutorials/software.md
@@ -0,0 +1,53 @@
+---
+title: Software Overview
+---
+
+# Our Software
+
+Here is a list of the software that we use to deploy, maintain, and plan our network sites.
+
+## Networking
+
+### Local Services
+We use the [CoLTE project](https://github.com/uw-ictd/colte) maintained by the University of Washington [ICTD Lab](https://ictd.cs.washington.edu/)
+to provide services such as network monitoring, web-based administration, and local web and DNS serving/caching.
+
+### Evolved Packet Core (EPC)
+Our EPC is powered by [Open5GS](https://github.com/open5gs/open5gs), an open-source project for 4G and 5G core networks. Currently all of our networks are 4G networks.
+
+### Spectrum Access System (SAS)
+We have a partnership with [Google SAS](https://www.google.com/get/spectrumdatabase/sas/) to gain access to CBRS spectrum.
+
+Learn more about our SAS setup [here](enb-setup.md).
+
+### Network Monitoring and Alerting
+We use [LibreNMS](https://www.librenms.org) and SNMPd to monitor our nodes and provide alerting. Our Baicells-specific Network Manager setup is documented [here](librenms-manager-setup.md), and our instructions for configuring a new node can be found [here](librenms-setup.md).
+
+## Field Measurement
+
+### Network Performance Measurement Tool
+The LCL Network Performance Measurement Tool is an Android App in development that will measure a variety of network metrics, including but not limited to ping, upload/download speed, signal strength. We will use this tool to easily capture and upload network metrics
+in the field so that we can provide better estimates of what kind of Internet access that our users can expect to receive.
+
+### Network Cell Info Lite
+[Network Cell Info Lite](https://play.google.com/store/apps/details?id=com.wilysis.cellinfolite) is an Android App on the Google Playstore that is free to use (with advertisements)
+and is capable of taking network metric measurements and recording them to upload. This is an option that we
+use but are not satisfied with for many reasons, which is why we are developing our own app.
+
+## Site Planning
+
+### Google Earth
+We primarily use the Google Earth Pro [desktop application](https://www.google.com/earth/versions/#earth-pro) to do a rough line-of-sight evaluation. We perform what is called a "viewshed analysis" that allows us to determine what is visible from a specific point on Earth (e.g. a rooftop).
+
+### Ubiquiti Line of Sight
+A [web-based line of sight tool](https://link.ui.com/) provided by Ubiquiti that contains helpful altitude data and diagrams.
+A drawback is that it is specialized to provide data for Ubiquiti devices only.
+
+
+## Other resources
+### Facebook ISP Toolbox Line of Sight
+A [web-based line of sight tool](https://www.facebook.com/isptoolbox/line-of-sight-check/) provided by Facebook Connectivity that utilizes public LiDAR data. Unfortunately LiDAR data for the Seattle area is not present yet, although there is data for some areas in Tacoma.
+
+### Facebook ISP Toolbox Market Evaluator
+A [web-based market evaluator](https://www.facebook.com/isptoolbox/market-evaluator/) provided by Facebook Connectivity that can be used
+to provide more context about the areas around potential network sites. It offers information about other service providers in the area, average household income, median speeds, and current lowest broadband price available.