Reorganize repo: compartmentalize scripts by client/project

Move 150+ scripts from root and scripts/ into client/project directories:
- clients/dataforth/scripts/ (110 files: AD2, sync, SSH, DB, DOS scripts)
- clients/bg-builders/scripts/ (14 files: Lesley mgmt, Exchange, termination)
- clients/internal-infrastructure/scripts/ (10 files: GDAP, Gitea, backups)
- projects/msp-tools/scripts/ (9 files: CIPP, MSP onboarding, Datto)
- projects/gururmm-agent/scripts/ (3 files: API test, JWT, record counts)
- clients/glaztech/scripts/ (1 file: CentraStage removal)

Also reorganized:
- VPN scripts → infrastructure/vpn-configs/
- Retrieved API/JS files → api/
- Forum posts → projects/community-forum/forum-posts/
- SSH docs → clients/internal-infrastructure/docs/
- NWTOC/CTONW docs → projects/wrightstown-smarthome/docs/
- ACG website files → projects/internal/acg-website-2025/
- Dataforth docs → clients/dataforth/docs/
- schema-retrieved.sql → docs/database/

Deleted 24 tmp_*.ps1 one-off debug scripts (preserved in git history).
Root reduced from 220+ files to 62 items (docs + directories only).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

clients/dataforth/scripts/setup-openssh-sync.ps1

@@ -0,0 +1,151 @@
+# Setup OpenSSH-based sync for AD2 -> NAS transfers
+# This replaces PuTTY (pscp/plink) with OpenSSH (scp/ssh)
+
+$password = ConvertTo-SecureString "Paper123!@#" -AsPlainText -Force
+$cred = New-Object System.Management.Automation.PSCredential("INTRANET\sysadmin", $password)
+
+Write-Host "=== Setting Up OpenSSH Sync (AD2 -> NAS) ===" -ForegroundColor Cyan
+Write-Host ""
+
+Invoke-Command -ComputerName 192.168.0.6 -Credential $cred -ScriptBlock {
+    $NAS_IP = "192.168.0.9"
+    $NAS_USER = "root"
+    $SCRIPTS_DIR = "C:\Shares\test\scripts"
+    $SSH_DIR = "$SCRIPTS_DIR\.ssh"
+    $KNOWN_HOSTS = "$SSH_DIR\known_hosts"
+
+    Write-Host "[1] Creating SSH directory for sync keys" -ForegroundColor Yellow
+    Write-Host "=" * 80 -ForegroundColor Gray
+
+    if (-not (Test-Path $SSH_DIR)) {
+        New-Item -ItemType Directory -Path $SSH_DIR -Force | Out-Null
+        Write-Host "[OK] Created: $SSH_DIR" -ForegroundColor Green
+    } else {
+        Write-Host "[OK] Directory exists: $SSH_DIR" -ForegroundColor Green
+    }
+
+    # Set permissions (only SYSTEM and Administrators)
+    $acl = Get-Acl $SSH_DIR
+    $acl.SetAccessRuleProtection($true, $false)
+    $acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null }
+
+    # Add SYSTEM
+    $systemRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
+        "SYSTEM", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
+    )
+    $acl.AddAccessRule($systemRule)
+
+    # Add Administrators
+    $adminRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
+        "Administrators", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow"
+    )
+    $acl.AddAccessRule($adminRule)
+
+    Set-Acl -Path $SSH_DIR -AclObject $acl
+    Write-Host "[OK] Set secure permissions on SSH directory" -ForegroundColor Green
+    Write-Host ""
+
+    Write-Host "[2] Generating SSH key for NAS sync (ED25519)" -ForegroundColor Yellow
+    Write-Host "=" * 80 -ForegroundColor Gray
+
+    $keyPath = "$SSH_DIR\id_ed25519_nas"
+
+    if (Test-Path $keyPath) {
+        Write-Host "[SKIP] Key already exists: $keyPath" -ForegroundColor Yellow
+        Write-Host "       Using existing key" -ForegroundColor Gray
+    } else {
+        # Generate SSH key without passphrase
+        & "C:\Program Files\OpenSSH\ssh-keygen.exe" -t ed25519 -f $keyPath -N '""' -C "AD2-NAS-Sync"
+
+        if (Test-Path $keyPath) {
+            Write-Host "[OK] Generated SSH key: $keyPath" -ForegroundColor Green
+        } else {
+            Write-Host "[ERROR] Failed to generate SSH key" -ForegroundColor Red
+            return
+        }
+    }
+
+    # Read public key
+    $pubKey = Get-Content "$keyPath.pub"
+    Write-Host ""
+    Write-Host "Public key to add to NAS:" -ForegroundColor Cyan
+    Write-Host $pubKey -ForegroundColor White
+    Write-Host ""
+
+    Write-Host "[3] Adding NAS host key to known_hosts" -ForegroundColor Yellow
+    Write-Host "=" * 80 -ForegroundColor Gray
+
+    # Get NAS host key using ssh-keyscan
+    $nasHostKey = & "C:\Program Files\OpenSSH\ssh-keyscan.exe" -H $NAS_IP 2>$null
+
+    if ($nasHostKey) {
+        $nasHostKey | Out-File -FilePath $KNOWN_HOSTS -Encoding ASCII -Append
+        Write-Host "[OK] Added NAS host key to known_hosts" -ForegroundColor Green
+    } else {
+        Write-Host "[WARNING] Could not retrieve NAS host key" -ForegroundColor Yellow
+        Write-Host "          Will use StrictHostKeyChecking=accept-new" -ForegroundColor Gray
+    }
+    Write-Host ""
+
+    Write-Host "[4] Testing SSH connection to NAS (with password first)" -ForegroundColor Yellow
+    Write-Host "=" * 80 -ForegroundColor Gray
+    Write-Host "Attempting to copy public key to NAS..." -ForegroundColor White
+    Write-Host ""
+
+    # Note: We need to manually add the public key to NAS /root/.ssh/authorized_keys
+    Write-Host "[ACTION REQUIRED] Add public key to NAS" -ForegroundColor Yellow
+    Write-Host "=" * 80 -ForegroundColor Gray
+    Write-Host ""
+    Write-Host "Run this on the NAS (192.168.0.9) as root:" -ForegroundColor Cyan
+    Write-Host ""
+    Write-Host "mkdir -p ~/.ssh" -ForegroundColor White
+    Write-Host "chmod 700 ~/.ssh" -ForegroundColor White
+    Write-Host "echo '$pubKey' >> ~/.ssh/authorized_keys" -ForegroundColor White
+    Write-Host "chmod 600 ~/.ssh/authorized_keys" -ForegroundColor White
+    Write-Host ""
+    Write-Host "Or from AD2 (requires NAS password):" -ForegroundColor Cyan
+    Write-Host "ssh root@$NAS_IP 'mkdir -p ~/.ssh && chmod 700 ~/.ssh'" -ForegroundColor White
+    Write-Host "ssh root@$NAS_IP 'echo `"$pubKey`" >> ~/.ssh/authorized_keys'" -ForegroundColor White
+    Write-Host "ssh root@$NAS_IP 'chmod 600 ~/.ssh/authorized_keys'" -ForegroundColor White
+    Write-Host ""
+
+    Write-Host "[5] Backing up current sync script" -ForegroundColor Yellow
+    Write-Host "=" * 80 -ForegroundColor Gray
+
+    $scriptPath = "$SCRIPTS_DIR\Sync-FromNAS.ps1"
+    $backupPath = "$SCRIPTS_DIR\Sync-FromNAS.ps1.backup-$(Get-Date -Format 'yyyyMMdd-HHmmss')"
+
+    if (Test-Path $scriptPath) {
+        Copy-Item -Path $scriptPath -Destination $backupPath -Force
+        Write-Host "[OK] Backup created: $backupPath" -ForegroundColor Green
+    } else {
+        Write-Host "[WARNING] Original script not found: $scriptPath" -ForegroundColor Yellow
+    }
+    Write-Host ""
+
+    Write-Host "[6] Configuration Summary" -ForegroundColor Yellow
+    Write-Host "=" * 80 -ForegroundColor Gray
+    Write-Host "SSH Directory: $SSH_DIR" -ForegroundColor White
+    Write-Host "Private Key: $keyPath" -ForegroundColor White
+    Write-Host "Public Key: $keyPath.pub" -ForegroundColor White
+    Write-Host "Known Hosts: $KNOWN_HOSTS" -ForegroundColor White
+    Write-Host "NAS IP: $NAS_IP" -ForegroundColor White
+    Write-Host "NAS User: $NAS_USER" -ForegroundColor White
+    Write-Host ""
+
+    # Return the public key for NAS setup
+    return @{
+        PublicKey = $pubKey
+        KeyPath = $keyPath
+        KnownHosts = $KNOWN_HOSTS
+    }
+}
+
+Write-Host ""
+Write-Host "=== Setup Phase 1 Complete ===" -ForegroundColor Cyan
+Write-Host ""
+Write-Host "Next steps:" -ForegroundColor Yellow
+Write-Host "1. Add the public key to NAS (shown above)" -ForegroundColor White
+Write-Host "2. Test SSH key authentication" -ForegroundColor White
+Write-Host "3. Update Sync-FromNAS.ps1 to use OpenSSH" -ForegroundColor White
+Write-Host ""