From dd9571d83a2867e84ca1e953482f8461819c3109 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Sun, 8 Feb 2026 14:45:37 +0100
Subject: [PATCH] docs: add home directory and enabled hosts info

- Document UUID-based home directories with symlinks
- List currently enabled hosts (testvm01-03)
- Add cache-invalidate command to troubleshooting

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 docs/user-management.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/docs/user-management.md b/docs/user-management.md
index e3c82c6..e2334dc 100644
--- a/docs/user-management.md
+++ b/docs/user-management.md
@@ -89,6 +89,12 @@ This configures:
 - `services.kanidm.enablePam = true`
 - Client connection to auth.home.2rjus.net
 - Login authorization for `ssh-users` group
+- Short usernames (`torjus` instead of `torjus@home.2rjus.net`)
+- Home directory symlinks (`/home/torjus` → UUID-based directory)
+
+### Enabled Hosts
+
+- testvm01, testvm02, testvm03 (test tier)
 
 ### Options
 
@@ -100,6 +106,17 @@ homelab.kanidm = {
 };
 ```
 
+### Home Directories
+
+Home directories use UUID-based paths for stability (so renaming a user doesn't
+require moving their home directory). Symlinks provide convenient access:
+
+```
+/home/torjus -> /home/e4f4c56c-4aee-4c20-846f-90cb69807733
+```
+
+The symlinks are created by `kanidm-unixd-tasks` on first login.
+
 ## Testing
 
 ### Verify NSS Resolution
@@ -174,6 +191,11 @@ kanidm group posix set ssh-users --gidnumber 68000
    systemctl restart nscd
    ```
 
+6. Invalidate kanidm cache:
+   ```bash
+   kanidm-unix cache-invalidate
+   ```
+
 ### Changes not taking effect after deployment
 
 NixOS uses nsncd (a Rust reimplementation of nscd) for NSS caching. After deploying