From 50c56ad5f754a0a4e2efec7b62537f73c7763797 Mon Sep 17 00:00:00 2001
From: Dominik Roth <mail@dominik-roth.eu>
Date: Sun, 24 Aug 2025 18:47:00 +0200
Subject: [PATCH] README h3 -> h2

---
 README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 79be151..4d37e64 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
 
 Secure AlmaLinux (RHEL) Server setup with LUKS encryption, Tang, TPM and RAID1 for Hetzner Dedicated Servers.
 
-### Features
+## Features
 
 - AlmaLinux Server base
 - Full disk encryption with LUKS
@@ -16,7 +16,7 @@ Secure AlmaLinux (RHEL) Server setup with LUKS encryption, Tang, TPM and RAID1 f
 - SSH key-only access with early boot SSH via dropbear
 - Best-in-class terminal: zsh + powerlevel10k + evil tmux
 
-### Unlock Strategy
+## Unlock Strategy
 
 1. **Automatic unlock via Tang/TPM** (default):
    - Configure TPM2 and/or Tang servers in post-install.sh
@@ -28,7 +28,7 @@ Secure AlmaLinux (RHEL) Server setup with LUKS encryption, Tang, TPM and RAID1 f
    - Enter LUKS passphrase when prompted (twice, once per disk)
    - Used when automatic unlock fails or is not configured
 
-### Install
+## Install
 
 Boot your Hetzner server into rescue mode and run:
 
@@ -53,14 +53,14 @@ The installer will:
 
 Encrypted network and storage pool using [Nebula](https://github.com/slackhq/nebula) mesh VPN and [GlusterFS](https://www.gluster.org/) distributed filesystem.
 
-### Features
+## Features
 
 - **Encrypted mesh network** - All traffic encrypted via Nebula overlay (192.168.100.0/24)
 - **Distributed storage** - Data replicated across all storage nodes
 - **Simple joining** - Single preshared secret + lighthouse endpoint
 - **Flexible nodes** - Full nodes (replicate data) or remote nodes (no storage)
 
-### Setup
+## Setup
 
 ```bash
 wget -qO- https://git.dominik-roth.eu/dodox/nullpoint/raw/branch/master/cluster-setup.sh | sudo bash