diff --git a/docs/infrastruktur/labdesign b/docs/infrastruktur/labdesign
new file mode 100644
index 0000000..0480f1f
--- /dev/null
+++ b/docs/infrastruktur/labdesign
@@ -0,0 +1,123 @@
+# Introduction
+
+This is assorted notes on what could go into the MakerFLOSS lab
+
+# Requirements
+
+- A space to experiment with new software
+- A place where software could be "test run" for some time
+- A place where errors are not causing IP loss
+  - even if errors are real big !!
+
+
+## More details
+
+- firewalled off from production network of Maker Space
+- accessible from outside
+- potential for exposing services externally 
+
+## Non functions
+
+- Cost conscious
+- support constant change
+
+# Proposals
+
+## Short term
+
+A VPS in a (European) cloud with one public IP
+
+## Midterm
+
+Complement the VPS with some local Hardware. This include
+
+- Firewall with zones implemented using VLANs, DNS/DHCP
+- Netbird access to services in Lab
+- switching infrastructure
+- a primary "stable" proxmox host
+- a seconday experimentation machine
+- a Backup server
+- Use a tunnel to establish external access via public IP on VPS
+
+### Basic Services in Lab
+
+- Git: Forgejo
+- ...
+
+### Lab Diagram
+
+```mermaid
+graph TB
+    subgraph External
+        Internet[🌐 Internet]
+        VPS[FLOSS VPS<br/>88.99.32.236]
+    end
+
+    subgraph OrangeMaker["Orange Makerspace"]
+        OMFirewall[OrangeMaker Firewall]
+        ProdNet[Production Network]
+    end
+
+    subgraph FLOSSLab["MakerFLOSS Lab"]
+        Switch[Switch]
+        Proxmox1[LabZone 1<br/>Test Proxmox]
+        Proxmox2[LabZone 2<br/>Experimental]
+
+        subgraph TAPPaaS
+            FLOSSFirewall[MakerFLOSS Firewall<br/>DNS/DHCP/VLANs]
+            PreProd[Pre-production Zone]
+            Backup[Backup Server]
+        end
+    end
+
+    Internet --> VPS
+    Internet --> OMFirewall
+    VPS -.->|Tunnel| FLOSSFirewall
+    VPS -.->|Netbird| FLOSSFirewall
+    OMFirewall --> ProdNet
+    OMFirewall --> FLOSSFirewall
+    FLOSSFirewall --> Switch
+    FLOSSFirewall --> PreProd
+    Switch --> Proxmox1
+    Switch --> Proxmox2
+    Switch --> Backup
+```
+
+### TAPPaaS Diagram
+
+```mermaid
+graph TB
+    subgraph TAPPaaS
+        subgraph Firewall["Firewall"]
+            Zones[Zones]
+            Caddy[Caddy]
+            Certs[Certificates]
+            DHCPDNS[DHCP/DNS]
+        end
+
+        subgraph PreProd["Pre-Production"]
+            Proxmox[Proxmox]
+            Authentik[Authentik]
+            CICD[CI/CD]
+            Forgejo[Forgejo]
+            More[...]
+        end
+
+        subgraph BackupSrv["Backup"]
+            BackupService[PBS Backup Service]
+        end
+    end
+
+    Firewall --> PreProd
+    Firewall --> BackupSrv
+```
+
+## Long term
+
+replace VPS with a direct IP pinhole access
+
+replace the "stable" FLOSS services running on VPS with modules runing on "stable" machine locally
+
+
+# Design of Mid term solution
+
diff --git a/docs/labdesign b/docs/labdesign
deleted file mode 100644
index e12b23b..0000000
--- a/docs/labdesign
+++ /dev/null
@@ -1,68 +0,0 @@
-# Introduction
-
-This is assorted notes on what could go into the MakerFLOSS lab
-
-# Requirements
-
-- A space to experiment with new software
-- A place where software could be "test run" for some time
-- A place where errors are not causing IP loss
-  - even if errors are real big !!
-
-
-## More details
-
-- firewalled off from production network of Maker Space
-- accessible from outside
-- potential for exposing services externally 
-
-## Non functions
-
-- Cost conscious
-- support constant change
-
-# Proposals
-
-## Short term
-
-A VPS in a (European) cloud with one public IP
-
-## Midterm
-
-Complement the VPS with some local Hardware. This include
-
-- Firewall with zones implemented using VLANs, DNS/DHCP
-- Netbird access to services in Lab
-- switching infrastructure
-- a primary "stable" proxmox host
-- a seconday experimentation machine
-- a Backup server
-- Use a tunnel to establish external access via public IP on VPS
-
-### Basic Services in Lab
-
-- Git: Forjego
-- ...
-
-### Diagram
-
-```mermaid
-graph TD;
-    A[Internet] --> B[OrangeMaker Firewall];
-    A --> H[FLOSS VPS];
-    B --> C[Production Network];
-    B --> D[FLOSS Firewall];
-    D --> E[Switch];
-    D --> F[Pre-production Zone];
-    E --> G[Proxmox Server 2];
-```
-
-## Long term
-
-replace VPS with a direct IP pinhole access
-
-replace the "stable" FLOSS services running on VPS with modules runing on "stable" machine locally
-
-
-# Design of Mid term solution
-