merge: add homelab-mastery as subdir

Moved homelab-mastery repo content into homelab-mastery/ subdirectory.
Covers architecture, concepts, certifications, interview-prep, and learning-path.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

homelab-mastery/certifications/roadmap.md

@@ -0,0 +1,165 @@
+# Certification Roadmap — Cloud Engineering Track
+
+Your goal: Cloud Engineer. This is one of the best-paid, highest-demand roles in tech.
+Your project already demonstrates cloud engineering skills. Certs give you the vocabulary and credentials to prove it on paper.
+
+---
+
+## Your Path (In Order)
+
+```
+CompTIA A+ Core 1  ✅ DONE (highest score)
+        ↓
+CompTIA A+ Core 2  ← YOU ARE HERE
+        ↓
+CompTIA Network+   ← OPTIONAL (CCNA covers this and more)
+        ↓
+CCNA               ← Strong networking foundation
+        ↓
+AWS Solutions Architect Associate  ← Core cloud cert
+        ↓
+CompTIA Cloud+     ← Vendor-neutral cloud (optional, pairs well with AWS SAA)
+        ↓
+AWS SysOps Administrator Associate ← Operations focus (very relevant to homelab)
+        ↓
+Kubernetes (CKA)   ← Container orchestration (natural next step from Docker)
+        ↓
+AI / Prompt Engineering certs      ← After cloud foundation is solid
+```
+
+---
+
+## Each Cert Explained
+
+### CompTIA A+ Core 2 (In Progress)
+
+**What it covers:** Windows OS, macOS, Linux basics, security fundamentals, troubleshooting, remote support  
+**Why it matters:** Completes your A+ certification — required baseline for most IT roles  
+**How it connects to your homelab:** Linux troubleshooting, OS concepts, security basics
+
+**Study tips:**
+- Professor Messer (free on YouTube) — best A+ resource, period
+- Jason Dion practice exams (Udemy, ~$15) — take these until you consistently hit 85%+
+- Focus on Core 2's security domain — it maps directly to your Authentik/SSO work
+
+---
+
+### CCNA (Cisco Certified Network Associate)
+
+**What it covers:** TCP/IP networking, routing, switching, VLANs, subnetting, wireless, security basics, automation basics  
+**Why it matters:** The gold standard networking cert. Hiring managers trust it more than Network+. Cloud engineering requires deep networking knowledge.  
+**How it connects to your homelab:**
+- Subnetting: your Docker bridge networks (172.x.x.x), Tailscale (100.x.x.x) are subnets
+- DNS: you configured Cloudflare DNS for every subdomain
+- Routing: Cloudflare Tunnel routes traffic to specific containers by hostname
+- Firewalls: you configured ufw rules on kscloud1
+- TCP/UDP: you opened specific ports, understand why services bind to certain ports
+
+**Study resources:**
+- *Jeremy's IT Lab* (free, YouTube + Packet Tracer labs) — best free CCNA content
+- *Neil Anderson's CCNA course* (Udemy) — comprehensive paid option
+- Cisco Packet Tracer (free simulator) — build labs, don't just watch
+- Allan Johnson's *CCNA 200-301 Official Cert Guide* (Cisco Press) — the official book
+
+**Timeline:** Plan 3–6 months of consistent study. Don't rush it.
+
+---
+
+### AWS Solutions Architect — Associate (SAA-C03)
+
+**What it covers:** EC2, S3, VPC, IAM, RDS, load balancers, auto-scaling, serverless, storage, CDN, security  
+**Why it matters:** Most in-demand cloud cert in the market. AWS powers ~33% of the internet. This cert is the entry point to cloud engineering jobs.  
+**How it connects to your homelab:**
+- Your Hetzner VPS is essentially what an EC2 instance is on AWS
+- Your Cloudflare Tunnel is similar to AWS CloudFront + ALB
+- Your Docker networking maps to AWS VPC concepts
+- Your Tailscale private network maps to AWS VPC peering / PrivateLink
+- Your Prometheus/Grafana stack maps to AWS CloudWatch
+- Your active-active failover maps to AWS multi-AZ architecture
+
+**Study resources:**
+- *Stephane Maarek's AWS SAA course* (Udemy, ~$15 on sale) — the best, period
+- *Tutorial Dojo practice exams* by Jon Bonso — most accurate practice exams for AWS
+- AWS Free Tier — build the same things you built in your homelab, but on AWS
+
+**Timeline:** 2–3 months after CCNA. Easier once you know networking well.
+
+---
+
+### AWS SysOps Administrator — Associate (SOA-C02)
+
+**What it covers:** Monitoring, logging, automation, deployments, security, cost management, high availability  
+**Why it matters:** More hands-on than SAA. Directly maps to what you did in your homelab — keeping systems running, monitoring them, troubleshooting.  
+**How it connects to your homelab:** This is literally your homelab at enterprise scale. Prometheus → CloudWatch. Docker → EC2/ECS. Cloudflare Tunnel → ALB. Tailscale → VPC.
+
+**Take this after SAA.** Many people skip it — don't. It makes you a better engineer.
+
+---
+
+### Certified Kubernetes Administrator (CKA)
+
+**What it covers:** Container orchestration, Kubernetes cluster management, deployments, networking, storage, troubleshooting  
+**Why it matters:** Docker Compose is what you use at home. Kubernetes is what companies use in production. This cert is highly valued at mid-to-senior level.  
+**How it connects to your homelab:** You run containers with Docker Compose — Kubernetes is the enterprise version. Your `kitestacks` Docker network maps to Kubernetes namespaces. Your services map to Kubernetes Deployments.
+
+**Study resources:**
+- *Mumshad Mannambeth's CKA course* (KodeKloud) — industry standard
+- KodeKloud labs — hands-on practice environment built specifically for this exam
+
+**When to take it:** After AWS certs. Kubernetes before cloud fundamentals is backwards.
+
+---
+
+### AI / Prompt Engineering Certifications
+
+Since you're already running Open WebUI + LiteLLM, you have a head start.
+
+| Cert | Provider | Cost | Best For |
+|------|----------|------|----------|
+| **AWS AI Practitioner (AIF-C01)** | AWS | ~$150 | Cloud AI fundamentals, pairs with your AWS path |
+| **Azure AI-900** | Microsoft | ~$165 | Broad AI concepts, vendor-neutral feel |
+| **Google Generative AI Fundamentals** | Google Cloud | Free | Quick badge, good starter |
+| **DeepLearning.AI — Prompt Engineering** | Coursera/DeepLearning | Free (audit) | Best hands-on prompt content |
+| **Vanderbilt Prompt Engineering Specialization** | Coursera | ~$50 | Certificate for LinkedIn |
+
+**Honest advice:** For prompt engineering, a portfolio beats a cert. Document your LiteLLM/Open WebUI setup. Show model routing configurations. Write about the decisions you made. That's more valuable than any certificate.
+
+---
+
+## Certification Timeline
+
+Given where you are today:
+
+| Timeframe | Milestone |
+|-----------|-----------|
+| Next 1–2 months | CompTIA A+ Core 2 ✅ |
+| Months 3–8 | CCNA |
+| Months 9–11 | AWS SAA-C03 |
+| Months 12–14 | AWS SysOps Associate |
+| Months 15–18 | CKA (or CompTIA Cloud+) |
+| Months 18+ | AI/ML certs |
+
+---
+
+## Why This Order Matters
+
+**Networking before cloud:** AWS, Azure, and GCP are all just managed networking + compute. If you don't understand subnets, routing, and DNS, cloud will be confusing. CCNA first makes cloud certs 3x easier.
+
+**Associate before specialty:** Don't skip to advanced certs. The associate level forces you to learn breadth. You'll encounter scenarios in the SysOps exam that directly map to what broke in your homelab.
+
+**Hands-on alongside study:** The fastest way to pass any of these is to *build the thing* while you study. You already have a homelab. Use it. Every AWS service you study — ask yourself: "what's the equivalent in my homelab?"
+
+---
+
+## What These Certs Say to a Hiring Manager
+
+| You Have | They Hear |
+|----------|-----------|
+| A+ | You know how hardware and OS work |
+| CCNA | You understand networking deeply, not just surface level |
+| AWS SAA | You can architect solutions in the cloud |
+| AWS SysOps | You can keep cloud infrastructure running in production |
+| CKA | You can manage container workloads at scale |
+| Homelab project | You do this for fun, not just for a paycheck |
+
+The last row is the most important one.