docs(all): fix markdown syntax and snippets

docs/services/app/affine.md

@@ -54,8 +54,8 @@ CREATE EXTENSION IF NOT EXISTS vector;
 ### About community edition limitation
 
 - Workspace seats
-  - The number of members itself \(account\) are unlimited.
-  - However the number of members who work on the same workspace simultaneously \(seats\) are designated as 10 members.
+  - The number of members itself (account) are unlimited.
+  - However the number of members who work on the same workspace simultaneously (seats) are designated as 10 members.
 - Workspace storage quota
   - Originally, self-hosted version has no limitation in storage quota and uploading file size.
   - Now, there is some limitation even in the self-hosted version.
@@ -85,8 +85,8 @@ CREATE EXTENSION IF NOT EXISTS vector;
 
 #### Auth
 
-- [ ] Whether allow new registrations
-- [x] Whether allow new registration via configured oauth
+- `[ ]` Whether allow new registrations
+- `[x]` Whether allow new registration via configured oauth
 - Minimum length requirement of password: 8
 - Maximum length requirement of password: 50
 - save
@@ -117,5 +117,5 @@ Environment="AFFINE_SERVER_HTTPS=true"
 
 #### Flags
 
-- [x] Whether allow guest users to create demo workspaces
+- `[x]` Whether allow guest users to create demo workspaces
 - save

docs/services/app/immich.md

@@ -61,7 +61,7 @@ CREATE EXTENSION IF NOT EXISTS earthdistance CASCADE;
   - map
   - version check
 - User privacy
-  - google cast \(disable\)
+  - google cast (disable)
 - Storage template
   - `{{y}}/{{MM}}/{{y}}{{MM}}{{dd}}_{{hh}}{{mm}}{{ss}}`
 - Backups

docs/services/app/opencloud.md

@@ -13,8 +13,8 @@
 
 ## Configuration
 
-- **!CAUTION!** OpenCloud application \(Android, IOS, Desktop\) doesn't support standard OIDC. Every scopes and client id is hardcoded.
-  - WEBFINGER_\[DESKTOP|ANDROID|IOS\]_OIDC_CLIENT_ID, WEBFINGER_\[DESKTOP|ANDROID|IOS\]_OIDC_CLIENT_SCOPES don't work on official app.
+- **!CAUTION!** OpenCloud application (Android, IOS, Desktop) doesn't support standard OIDC. Every scopes and client id is hardcoded.
+  - `WEBFINGER_[DESKTOP|ANDROID|IOS]_OIDC_CLIENT_ID`, `WEBFINGER_[DESKTOP|ANDROID|IOS]_OIDC_CLIENT_SCOPES` don't work on official app.
   - It is impossible to set group claim in scopes. Therefore, it is hard to control roles with token including group claim.
 - When authelia doesn't work, annotate `OC_EXCLUDE_RUN_SERVICES=idp` and restart to container to use local admin.
 - This app doesn't support regex on role_assignment mapping.

docs/services/app/paperless-ngx.md

@@ -67,8 +67,8 @@ ALTER DATABASE paperless_db OWNER TO paperless;
   - Mode: skip
     - When the archive file has broken ocr text, then conduct replcae command manually
   - Skip archive File: never
-  - Deskew: disable \(toggle to enable and once more to active disable option\)
-  - rotate: disable \(toggle to enable and once more to active disable option\)
+  - Deskew: disable (toggle to enable and once more to active disable option)
+  - rotate: disable (toggle to enable and once more to active disable option)
 
 ## The non-standard pdf file
 

docs/services/app/sure.md

@@ -52,7 +52,7 @@ ALTER DATABASE sure_db OWNER TO sure;
 - Setup: 
   - First name and last name
   - Will be using sure with
-    - [x] Family members
+    - `[x]` Family members
   - Country: South Korea
 - Preference: 
   - South Korean Won (KRW)

docs/services/common/alloy.md

@@ -2,7 +2,7 @@
 
 ## Communication
 
-Alloy runs on systemd \(host\), and postgresql runs as container \(rootless podman\). When host system and container communicate, container recognizes host system as host-gateway \(Link local address\).
+Alloy runs on systemd (host), and postgresql runs as container (rootless podman). When host system and container communicate, container recognizes host system as host-gateway (Link local address).
 
 ## postgresql monitor
  

docs/services/common/caddy.md

@@ -6,10 +6,10 @@ This is not a perfect E2EE communication theorogically, however technically it i
 
 ### .com public domain
 
-WAN - \(Let's Encrypt certificate\) -> Caddy \(auth\) - \(ilnmors internal certificate\) -> Caddy \(app\) or https services - http -> app's local service
+WAN - (Let's Encrypt certificate) -> Caddy (auth) - (ilnmors internal certificate) -> Caddy (app) or https services - http -> app's local service
 
 ### .internal private domain
-client - \(ilnmors internal certificate\) -> Caddy \(Infra\) - http -> local services
+client - (ilnmors internal certificate) -> Caddy (Infra) - http -> local services
 
 ### DNS record
 

docs/services/common/crowdsec.md

@@ -3,16 +3,16 @@
 ## LAPI
 
 ### Detecting
-Host logs \> CrowdSec Agent\(parser\) > CrowdSec LAPI
+Host logs > CrowdSec Agent(parser) > CrowdSec LAPI
 
 ### Decision
-CrowdSec LAPI \(Decision + Register\)
+CrowdSec LAPI (Decision + Register)
 
 ### Block
-CrowdSec LAPI \> CrowdSec Bouncer \(Block\)
+CrowdSec LAPI > CrowdSec Bouncer (Block)
 
 ## CAPI
-CrowdSec CAPI \> crowdsec LAPI \(local\) \> CrowdSec Bouncer \(Block\)
+CrowdSec CAPI > crowdsec LAPI (local) > CrowdSec Bouncer (Block)
 
 ## Ansible Deployment
 
@@ -20,34 +20,34 @@ CrowdSec CAPI \> crowdsec LAPI \(local\) \> CrowdSec Bouncer \(Block\)
 
 - Deploy fw's config.yaml
 - Deploy crowdsec certificates
-- Register machines \(Agents\)
-- Register bouncers \(Bouncers\)
+- Register machines (Agents)
+- Register bouncers (Bouncers)
 
 ### Set Bouncer (fw/roles/tasks/set_crowdsec_bouncer.yaml)
 
 - Deploy crowdsec-firewall-bouncer.yaml
-- Install suricata collection \(parser\) with cscli
+- Install suricata collection (parser) with cscli
 - Set acquis.d for suricata
 - set-only: bouncer can't get metrics from the chain and rules count result which it doesn't make. - It means, it is impossible to use prometheus metric with set-only true option.
 - chain or rules matched count reasults are able to check on nftables. 
-  - use sudo nft list chain inet filter global to check packet blocked. \(counter command is required\)
+  - use sudo nft list chain inet filter global to check packet blocked. (counter command is required)
 
 ### Set Machines; agents (common/tasks/set_crowdsec_agent.yaml)
 
-- Deploy config.yaml except fw \(disable LAPI, online_api_credentials\)
+- Deploy config.yaml except fw (disable LAPI, online_api_credentials)
 - Deploy local_api_credentials.yaml
 
 ### Set caddy host (auth/tasks/set_caddy.yaml)
 
 - Set caddy CrowdSec module
 - Set caddy log directory
-- Install caddy collection \(parser\) with cscli
+- Install caddy collection (parser) with cscli
 - Set acquis.d for caddy
 
 ### Set whitelist (/etc/crowdsec/parser/s02-enrich/whitelists.yaml)
 
 - Set only local console IP address
-- This can block local VM to the other subnet, but the communication between vms is possible because they are in the same subnet\(L2\) - packets don't pass the fw.
+- This can block local VM to the other subnet, but the communication between vms is possible because they are in the same subnet(L2) - packets don't pass the fw.
 - Crowdsec bouncer only conducts blocks forward chain which pass Firewall, it is blocked by crowdsec bouncer based on lapi
 
 ## Test

docs/services/common/kopia.md

@@ -10,5 +10,5 @@ Kopia saves all information, even the users and policies on repository. Reposito
 
 When kopia is run as a kopia server, client can access to server with user and user password. The clients don't have to know master password. Kopia server decrypt the repository with the master password, and the client just access to the kopia server with their user account.
 
-Repository \<- Master password -\> Kopia server \<- User password -\> Kopia client
+Repository <- Master password -> Kopia server <- User password -> Kopia client
 

docs/services/fw/kea.md

@@ -3,20 +3,20 @@
 ## IPv4
 
 ### Subnet management
-- Static subnet \(manage without dhcp\)
-    - client \(for ipv4, set reservation\)
+- Static subnet (manage without dhcp)
+    - client (for ipv4, set reservation)
     - server
-- Dynamic subnet \(manage with dhcp\)
+- Dynamic subnet (manage with dhcp)
     - user
 
 ## IPv6
 
 ### Subnet management
-- Static subnet \(manage without RA - specific defination\)
-    - client \(Designated ULA with NAT66\)
-    - server \(Designated ULA with NAT66\)
-- Dynamic subnet \(manage with RA and SLAAC\)
-    - user \(Autogenerated GUA\)
+- Static subnet (manage without RA - specific defination)
+    - client (Designated ULA with NAT66)
+    - server (Designated ULA with NAT66)
+- Dynamic subnet (manage with RA and SLAAC)
+    - user (Autogenerated GUA)
 
 ## Firewall policy for each subnet
 
@@ -26,4 +26,4 @@ Make polices based on each specific designated IP address for nodes.
 
 ### Dynamic subnet
 
-Make polices based on subnet \(or interface itself\)
+Make polices based on subnet (or interface itself)

docs/services/infra/ca.md

@@ -142,5 +142,5 @@ podman exec -it ca step ca certificate test.com test.crt test_key --provisioner
 ### Firefox
 
 - Setting - Security - view certificates - Authority - add
-    - \[x\] trust this ca to identify website
-    - \[x\] trust this ca to identify email users
+    - `[x]` trust this ca to identify website
+    - `[x]` trust this ca to identify email users

docs/services/infra/grafana.md

@@ -2,14 +2,14 @@
 
 ## Operation
 Refer to Ansible playbook
-\(Postgresql user and DB is needed\)
-\(LDAP strict readonly account is needed\)
+(Postgresql user and DB is needed)
+(LDAP strict readonly account is needed)
 
 ## Verification
-- Check Caddyfile \(without caddy, use 3000 ports\)
+- Check Caddyfile (without caddy, use 3000 ports)
 - https://grafana.ilnmors.internal
 - login with LDAP user
-    - connection:data sources: \[prometheus|loki\]: provisioned
+    - connection:data sources: `[prometheus|loki]`: provisioned
         - https://prometheus.ilnmors.internal:9090
         - https://loki.ilnmors.internal:3100
 
@@ -17,4 +17,4 @@ Refer to Ansible playbook
 
 ## Dashboard
 
-- Dashboard isn't saved on local directory. They are saved on DB \(Postgresql\).
+- Dashboard isn't saved on local directory. They are saved on DB (Postgresql).

docs/services/infra/ldap.md

@@ -1,6 +1,6 @@
 ## Operation
 Refer to Ansible playbook
-\(Postgresql user and DB is needed\)
+(Postgresql user and DB is needed)
 
 Integrate configuration with various app: https://github.com/lldap/lldap/blob/main/example_configs
 
@@ -8,7 +8,7 @@ Integrate configuration with various app: https://github.com/lldap/lldap/blob/ma
 ### DB URL
 
 Jinja2 `urlencode` module doesn't replace `/` as `%2F`. replace('/', '%2F') is necessary.
-ex\) {{ var | urlencode | replace('/', '%2F') }}
+ex) {{ var | urlencode | replace('/', '%2F') }}
 
 ### Reset administrator password
 
@@ -28,56 +28,56 @@ systemctl --user restart ldap.service
 
 ### Access web UI and Login
 
-- URL: http://ldap.ilnmors.internal:17170 \(This is temporary access way before Caddy, which is reverse proxy, is set)
+- URL: http://ldap.ilnmors.internal:17170 (This is temporary access way before Caddy, which is reverse proxy, is set)
 - ID: admin
 - PW: $LLDAP_LDAP_USER_PASSWORD
 
 ### Create the groups
 
-- Groups - \[\+\] Create a group
+- Groups - `[+]` Create a group
 	- Group: admins
 	- Group: users
     
 It is necessary to manage ACL via authelia based on groups.
 
-### Create the authelia user for OCID \(OP\)
+### Create the authelia user for OCID (OP)
 
-- Users: \[\+\] Create a user
+- Users: `[+]` Create a user
 	- Username (cn; uid): authelia
 	- Display name: Authelia
 	- First Name: Authelia
 	- Last Name (sn): Service
 	- Email (mail): authelia@ilnmors.internal
 	- Password: "$(openssl rand -base64 32)"
-- Groups:lldap_strict_readonly: \[Add to group\]
+- Groups:lldap_strict_readonly: `[Add to group]`
 	- This group allow search authority.
-- Users: \[\+\] Create a user
+- Users: `[+]` Create a user
 	- Username (cn; uid): grafana
 	- Display name: Grafana
 	- First Name: Grafana
 	- Last Name (sn): Service
 	- Email (mail): grafana@ilnmors.internal
 	- Password: "$(openssl rand -base64 32)"
-- Groups:lldap_strict_readonly: \[Add to group\]
+- Groups:lldap_strict_readonly: `[Add to group]`
 	- This group allow search authority.
 > Save the password in .secret.yaml
 
 ### Create the normal users
 
-- Users: \[\+\] Create a user
+- Users: `[+]` Create a user
 	- Username (cn; uid): il
 	- First Name: Il
 	- Last Name (sn): Lee
 	- Email (mail): il@ilnmors.internal
 	- Password: "$PASSWORD"
-- Groups:lldap_admin&admins&users: \[Add to group\]
-- Users: \[\+\] Create a user
+- Groups:lldap_admin&admins&users: `[Add to group]`
+- Users: `[+]` Create a user
 	- Username (cn; uid): user
 	- First Name: John
 	- Last Name (sn): Doe
 	- Email (mail): john_doe@ilnmors.internal
 	- Password: "$PASSWORD"
-- Groups:(admins|users): \[Add to group\]
+- Groups:(admins|users): `[Add to group]`
 
 > Custom schema in `User schema`, `Group schema` doesn't need to be added. This is for advanced function to add additional value such as `identity number` or `phone number`. Hardcoded schema, which means basic schema the lldap provides is enough to use Authelia.
 

docs/services/infra/loki.md

@@ -3,7 +3,7 @@
 ## Operation
 Refer to Ansible playbook
 ## Verification
-- fw@fw:/var/lib/bind$ curl -k https://loki.ilnmors.internal:3100/ready \(Node which is in NET_SERVER except infra itself\)
+- fw@fw:/var/lib/bind$ curl -k https://loki.ilnmors.internal:3100/ready (Node which is in NET_SERVER except infra itself)
     - ready
 - fw@fw:/var/lib/bind$ curl -k https://loki.ilnmors.internal:3100/metrics
     - metrics lists

docs/services/infra/prometheus.md

@@ -3,7 +3,7 @@
 ## Operation
 Refer to Ansible playbook
 ## Verification
-- Check Caddyfile \(without caddy, use 9090 ports\)
+- Check Caddyfile (without caddy, use 9090 ports)
 - https://prometheus.ilnmors.internal
 - Status:Target Health
     - Check `Endpoint localhost:9090 ` with green circle

docs/services/systemd/systemd-networkd.md

@@ -4,7 +4,7 @@
 - link file
     Link file links hardware interface and kernel while booting
 - netdev file
-    netdev file defines virtual interface \(port, bridge\)
+    netdev file defines virtual interface (port, bridge)
 - network file
     network file defines network option above interfaces
 
@@ -12,7 +12,7 @@
 
 - reload
   - networkctl reload
-  - networkctl reconfigure \[interface name\]
+  - networkctl reconfigure [interface name]
 
 ## references
 
@@ -24,10 +24,10 @@
 ## Plans
 
 - Hypervisor's linux bridges work as L2 switch
-  - br0 is completely L2 switch \(LinkLocalAddressing=no\)
+  - br0 is completely L2 switch (LinkLocalAddressing=no)
   - br1 has ip address for hypervisor itself, but basically works as L2 switch whitch can deal with VLAN tags; id=1,10
-- Firewall's port \(wan\) works as Gateway which can conduct NAT
-- Firewall's port \(clients\) works as trunk port which can deal with VLAN tags; id=1,10,20
+- Firewall's port (wan) works as Gateway which can conduct NAT
+- Firewall's port (clients) works as trunk port which can deal with VLAN tags; id=1,10,20
 - Firewall's port
   - client, id = 1
   - server, id = 10

docs/services/systemd/systemd-quadlet.md

@@ -4,7 +4,7 @@ Quadlet is for defining container configuration and lifecycle combining systemd
 
 ## Rootless container
 
-Containers should be isolated from host OS. However, docker runs with root permission on daemon \(dockerd\). This means when one docker container has vulnerability and it is taken over, all the host system authority is threatened. Rootless container, podman runs without root permission and daemon so that even if one of containers is taken over, prevent the damage in host's normal user authority.
+Containers should be isolated from host OS. However, docker runs with root permission on daemon (dockerd). This means when one docker container has vulnerability and it is taken over, all the host system authority is threatened. Rootless container, podman runs without root permission and daemon so that even if one of containers is taken over, prevent the damage in host's normal user authority.
 
 Rootless container maps UID/GID between host and its own following namespace. Host's user UID/GID is mapped with container's root, and host's subuid/subgid defined on `/etc/subuid`, `/etc/subgid` is mapped with container's user UID/GID by default.