fix: harmonize stats across all pages

- SSO Authentik: 8 → 6 (actual: Forgejo, Immich, Semaphore, Proxmox×2, Jellyfin)
- Ansible playbooks: 13 → 12 (actual Semaphore template count)
- HTTPS services: 20+ → 25+ (28 traefik conf.d files)
- Defensive layers: 6 → 7 (7 sections on security page)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: ferr079

src/pages/fr/index.astro

@@ -42,7 +42,7 @@ const cards = [
   {
     icon: '⚙',
     title: 'IaC, CI/CD & Automatisation',
-    description: 'Ansible via Semaphore pour le déploiement — 13 playbooks couvrent du hardening SSH au déploiement d\'agents. CI/CD sur Forgejo Runner (Podman). Configs versionnées. Unattended upgrades partout.',
+    description: 'Ansible via Semaphore pour le déploiement — 12 playbooks couvrent du hardening SSH au déploiement d\'agents. CI/CD sur Forgejo Runner (Podman). Configs versionnées. Unattended upgrades partout.',
     tags: ['Ansible', 'Semaphore', 'Forgejo Runner', 'CI/CD'],
   },
   {

src/pages/fr/infrastructure.astro

@@ -9,7 +9,7 @@ const serviceSlides = [
   { src: '/images/services/traefik.webp', alt: 'Dashboard Traefik — routers, services, middlewares', title: 'Traefik — Reverse Proxy' },
   { src: '/images/services/authentik.webp', alt: 'Admin Authentik — dashboard SSO avec stats connexion', title: 'Authentik — SSO / IdP' },
   { src: '/images/services/technitium.webp', alt: 'TechnitiumDNS — stats requêtes et top clients', title: 'TechnitiumDNS — Serveur DNS' },
-  { src: '/images/services/semaphore.webp', alt: 'Semaphore — 13 templates de tâches Ansible', title: 'Semaphore — UI Ansible' },
+  { src: '/images/services/semaphore.webp', alt: 'Semaphore — 12 templates de tâches Ansible', title: 'Semaphore — UI Ansible' },
   { src: '/images/services/netbox.webp', alt: 'NetBox — inventaire IPAM et changelog', title: 'NetBox — IPAM / DCIM' },
   { src: '/images/services/immich.webp', alt: 'Immich — galerie photo avec classification IA', title: 'Immich — Photothèque' },
   { src: '/images/services/bytestash.webp', alt: 'ByteStash — gestionnaire de snippets', title: 'ByteStash — Snippets' },
@@ -171,7 +171,7 @@ const monitoringSlides = [
               <div class="tech-card-body">
                 <p class="tech-why"><strong>Pourquoi :</strong> Config dynamique en YAML rechargee a chaud — j'ajoute un service HTTPS en deposant un fichier dans <code>conf.d/</code>, sans restart. ACME natif avec step-ca.</p>
                 <p class="tech-alt"><span class="alt-label">Ecartes :</span> Nginx Proxy Manager (UI-only, pas IaC), Caddy (moins d'integrations reverse proxy)</p>
-                <p class="tech-result"><span class="result-label">Resultat :</span> 20+ services HTTPS, certificats auto-renouveles, zero intervention manuelle</p>
+                <p class="tech-result"><span class="result-label">Resultat :</span> 25+ services HTTPS, certificats auto-renouveles, zero intervention manuelle</p>
               </div>
             </div>
 
@@ -207,7 +207,7 @@ const monitoringSlides = [
               <div class="tech-card-body">
                 <p class="tech-why"><strong>Pourquoi :</strong> OAuth2/OIDC universel — chaque service a son propre provider. Forward-auth proxy pour les services sans SSO natif. WebAuthn (YubiKey) pour le MFA.</p>
                 <p class="tech-alt"><span class="alt-label">Ecartes :</span> Keycloak (Java lourd, 1 Go+ RAM), Authelia (moins flexible sur les flows custom)</p>
-                <p class="tech-result"><span class="result-label">Resultat :</span> SSO sur 8 services hétérogènes, un seul login pour tout le homelab</p>
+                <p class="tech-result"><span class="result-label">Resultat :</span> SSO sur 6 services hétérogènes, un seul login pour tout le homelab</p>
               </div>
             </div>
 
@@ -219,7 +219,7 @@ const monitoringSlides = [
               <div class="tech-card-body">
                 <p class="tech-why"><strong>Pourquoi :</strong> Agentless — SSH suffit, pas de daemon a installer sur 30+ CTs. Idempotent — je relance un playbook sans risque. Semaphore ajoute une UI web pour les lancements en 1 clic.</p>
                 <p class="tech-alt"><span class="alt-label">Ecartes :</span> Puppet/Chef (agents sur chaque hote), Terraform (provisioning, pas config management)</p>
-                <p class="tech-result"><span class="result-label">Resultat :</span> 13 playbooks operationnels, deploiement d'agent Wazuh/Beszel en 1 commande</p>
+                <p class="tech-result"><span class="result-label">Resultat :</span> 12 playbooks operationnels, deploiement d'agent Wazuh/Beszel en 1 commande</p>
               </div>
             </div>
 

src/pages/fr/securite.astro

@@ -41,7 +41,7 @@ import StatsBar from '../../components/StatsBar.astro';
               <span class="layer-icon">&#9678;</span>
               <div>
                 <h4>Couche identité</h4>
-                <p>Authentik SSO (8 services), YubiKey FIDO2, SSH key-only sur 30+ hôtes</p>
+                <p>Authentik SSO (6 services), YubiKey FIDO2, SSH key-only sur 30+ hôtes</p>
               </div>
             </div>
             <div class="defense-layer">
@@ -91,7 +91,7 @@ import StatsBar from '../../components/StatsBar.astro';
             </div>
             <div class="spec">
               <span class="spec-label">Résultat</span>
-              <span class="spec-value">20+ services en HTTPS valide, cadenas vert, zéro avertissement navigateur</span>
+              <span class="spec-value">25+ services en HTTPS valide, cadenas vert, zéro avertissement navigateur</span>
             </div>
           </div>
         </div>
@@ -106,7 +106,7 @@ import StatsBar from '../../components/StatsBar.astro';
           <h2>SSO Authentik — un login pour tout</h2>
         </div>
         <div class="layer-content">
-          <p>Authentik centralise l'authentification sur <strong>8 services</strong> via OAuth2/OIDC. Un seul couple identifiant/mot de passe, un seul point de contrôle, un seul endroit où révoquer un accès. La phase 2 supprimera les logins locaux — SSO-only + YubiKey WebAuthn.</p>
+          <p>Authentik centralise l'authentification sur <strong>6 services</strong> via OAuth2/OIDC. Un seul couple identifiant/mot de passe, un seul point de contrôle, un seul endroit où révoquer un accès. La phase 2 supprimera les logins locaux — SSO-only + YubiKey WebAuthn.</p>
           <div class="details-grid">
             <div class="detail">
               <h4>Services intégrés</h4>
@@ -263,8 +263,8 @@ import StatsBar from '../../components/StatsBar.astro';
 
     <StatsBar stats={[
       { number: '32', label: 'hosts SSH durci' },
-      { number: '8', label: 'services SSO' },
-      { number: '6', label: 'couches défensives' },
+      { number: '6', label: 'SSO' },
+      { number: '7', label: 'couches défensives' },
       { number: '0', label: 'mot de passe SSH' },
     ]} />
 

src/pages/fr/symbiose.astro

@@ -154,7 +154,7 @@ import StatsBar from '../../components/StatsBar.astro';
       { number: '1M', label: 'tokens de contexte' },
       { number: '6', label: 'serveurs MCP' },
       { number: '30+', label: 'conteneurs gérés' },
-      { number: '8', label: 'services SSO' },
+      { number: '6', label: 'SSO' },
     ]} />
 
     <!-- Crosslink projets -->

src/pages/index.astro

@@ -42,7 +42,7 @@ const cards = [
   {
     icon: '⚙',
     title: 'IaC, CI/CD & Automation',
-    description: 'Ansible via Semaphore for deployment — 13 playbooks covering everything from SSH hardening to agent deployment. CI/CD on Forgejo Runner (Podman). Version-controlled configs. Unattended upgrades everywhere.',
+    description: 'Ansible via Semaphore for deployment — 12 playbooks covering everything from SSH hardening to agent deployment. CI/CD on Forgejo Runner (Podman). Version-controlled configs. Unattended upgrades everywhere.',
     tags: ['Ansible', 'Semaphore', 'Forgejo Runner', 'CI/CD'],
   },
   {

src/pages/infrastructure.astro

@@ -9,7 +9,7 @@ const serviceSlides = [
   { src: '/images/services/traefik.webp', alt: 'Traefik dashboard — routers, services, middlewares', title: 'Traefik — Reverse Proxy' },
   { src: '/images/services/authentik.webp', alt: 'Authentik admin — SSO dashboard with login stats', title: 'Authentik — SSO / IdP' },
   { src: '/images/services/technitium.webp', alt: 'TechnitiumDNS — query stats and top clients', title: 'TechnitiumDNS — DNS Server' },
-  { src: '/images/services/semaphore.webp', alt: 'Semaphore — 13 Ansible task templates', title: 'Semaphore — Ansible UI' },
+  { src: '/images/services/semaphore.webp', alt: 'Semaphore — 12 Ansible task templates', title: 'Semaphore — Ansible UI' },
   { src: '/images/services/netbox.webp', alt: 'NetBox — IPAM inventory and changelog', title: 'NetBox — IPAM / DCIM' },
   { src: '/images/services/immich.webp', alt: 'Immich — photo gallery with AI classification', title: 'Immich — Photo Library' },
   { src: '/images/services/bytestash.webp', alt: 'ByteStash — code snippet manager', title: 'ByteStash — Snippets' },
@@ -171,7 +171,7 @@ const monitoringSlides = [
               <div class="tech-card-body">
                 <p class="tech-why"><strong>Why:</strong> Dynamic YAML config hot-reloaded — I add an HTTPS service by dropping a file in <code>conf.d/</code>, no restart needed. Native ACME with step-ca.</p>
                 <p class="tech-alt"><span class="alt-label">Rejected:</span> Nginx Proxy Manager (UI-only, not IaC), Caddy (fewer reverse proxy integrations)</p>
-                <p class="tech-result"><span class="result-label">Result:</span> 20+ HTTPS services, auto-renewed certificates, zero manual intervention</p>
+                <p class="tech-result"><span class="result-label">Result:</span> 25+ HTTPS services, auto-renewed certificates, zero manual intervention</p>
               </div>
             </div>
 
@@ -207,7 +207,7 @@ const monitoringSlides = [
               <div class="tech-card-body">
                 <p class="tech-why"><strong>Why:</strong> Universal OAuth2/OIDC — each service gets its own provider. Forward-auth proxy for services without native SSO. WebAuthn (YubiKey) for MFA.</p>
                 <p class="tech-alt"><span class="alt-label">Rejected:</span> Keycloak (heavy Java, 1 GB+ RAM), Authelia (less flexible on custom flows)</p>
-                <p class="tech-result"><span class="result-label">Result:</span> SSO across 8 heterogeneous services, single login for the entire homelab</p>
+                <p class="tech-result"><span class="result-label">Result:</span> SSO across 6 heterogeneous services, single login for the entire homelab</p>
               </div>
             </div>
 
@@ -219,7 +219,7 @@ const monitoringSlides = [
               <div class="tech-card-body">
                 <p class="tech-why"><strong>Why:</strong> Agentless — SSH is enough, no daemon to install on 30+ CTs. Idempotent — I rerun a playbook without risk. Semaphore adds a web UI for one-click launches.</p>
                 <p class="tech-alt"><span class="alt-label">Rejected:</span> Puppet/Chef (agents on every host), Terraform (provisioning, not config management)</p>
-                <p class="tech-result"><span class="result-label">Result:</span> 13 operational playbooks, Wazuh/Beszel agent deployment in 1 command</p>
+                <p class="tech-result"><span class="result-label">Result:</span> 12 operational playbooks, Wazuh/Beszel agent deployment in 1 command</p>
               </div>
             </div>
 

src/pages/securite.astro

@@ -41,7 +41,7 @@ import StatsBar from '../components/StatsBar.astro';
               <span class="layer-icon">&#9678;</span>
               <div>
                 <h4>Identity layer</h4>
-                <p>Authentik SSO (8 services), YubiKey FIDO2, SSH key-only on 30+ hosts</p>
+                <p>Authentik SSO (6 services), YubiKey FIDO2, SSH key-only on 30+ hosts</p>
               </div>
             </div>
             <div class="defense-layer">
@@ -91,7 +91,7 @@ import StatsBar from '../components/StatsBar.astro';
             </div>
             <div class="spec">
               <span class="spec-label">Result</span>
-              <span class="spec-value">20+ services with valid HTTPS, green padlock, zero browser warnings</span>
+              <span class="spec-value">25+ services with valid HTTPS, green padlock, zero browser warnings</span>
             </div>
           </div>
         </div>
@@ -106,7 +106,7 @@ import StatsBar from '../components/StatsBar.astro';
           <h2>SSO Authentik — one login for everything</h2>
         </div>
         <div class="layer-content">
-          <p>Authentik centralizes authentication across <strong>8 services</strong> via OAuth2/OIDC. One set of credentials, one control point, one place to revoke access. Phase 2 will remove local logins — SSO-only + YubiKey WebAuthn.</p>
+          <p>Authentik centralizes authentication across <strong>6 services</strong> via OAuth2/OIDC. One set of credentials, one control point, one place to revoke access. Phase 2 will remove local logins — SSO-only + YubiKey WebAuthn.</p>
           <div class="details-grid">
             <div class="detail">
               <h4>Integrated services</h4>
@@ -263,8 +263,8 @@ import StatsBar from '../components/StatsBar.astro';
 
     <StatsBar stats={[
       { number: '32', label: 'hardened SSH hosts' },
-      { number: '8', label: 'SSO services' },
-      { number: '6', label: 'defensive layers' },
+      { number: '6', label: 'SSO services' },
+      { number: '7', label: 'defensive layers' },
       { number: '0', label: 'SSH passwords' },
     ]} />
 

src/pages/symbiose.astro

@@ -154,7 +154,7 @@ import StatsBar from '../components/StatsBar.astro';
       { number: '1M', label: 'context tokens' },
       { number: '6', label: 'MCP servers' },
       { number: '30+', label: 'managed containers' },
-      { number: '8', label: 'SSO services' },
+      { number: '6', label: 'SSO services' },
     ]} />
 
     <!-- Crosslink projects -->