Merge #423: docs: [#414] post-deployment manual steps for floating IPs and IPv6

2dda404 refactor: [#414] reorganize provider docs into per-provider subdirectories (Jose Celano)
fa73300 docs: [#414] post-deployment manual steps for floating IPs and IPv6 (Jose Celano)

Pull request description:

  ## Overview

  Closes #414

  Adds a new provider guide documenting the manual post-deployment steps required when using Hetzner floating IPs and/or IPv6 UDP tracker support. Also reorganizes provider documentation into per-provider subdirectories.

  ## Changes

  - **New**: `docs/user-guide/providers/hetzner/post-deployment.md` — step-by-step guide covering:
    - Step 1: Floating IP policy routing (netplan configuration for symmetric routing)
    - Step 2: Enable Docker ip6tables management
    - Step 3: Enable IPv6 on the Docker bridge network
    - Step 4: SNAT for IPv6 UDP replies via floating IP
    - Scenario matrix showing which steps apply to which setup
  - **Reorganized**: provider docs moved into per-provider subdirectories:
    - `docs/user-guide/providers/hetzner.md` → `docs/user-guide/providers/hetzner/README.md`
    - `docs/user-guide/providers/lxd.md` → `docs/user-guide/providers/lxd/README.md`
  - **Updated**: `docs/user-guide/providers/README.md` — updated links to new structure
  - **Updated**: all files referencing the old provider doc paths (13 files)
  - **Updated**: `project-words.txt` — added `SNAT` and `POSTROUTING` to the project dictionary

  ## References

  - Issue: #414
  - Reference implementation: [torrust/torrust-tracker-demo](https://github.com/torrust/torrust-tracker-demo)
  - Root-cause investigation: [torrust-tracker-demo#2](torrust/torrust-tracker-demo#2)

ACKs for top commit:
  josecelano:
    ACK 2dda404

Tree-SHA512: 86bce8f8d69e23609f002d45604f8a2af1ae7bb48ab6146579e71eb1012e6e5aaf13974a63f9117ed9018e506d417e069bf5e663653568262ba274768e52aa2d

Author: josecelano

.github/skills/dev/testing/troubleshoot-lxd-instances/skill.md

@@ -184,5 +184,5 @@ lxc info <instance>
 
 - Emergency cleanup: use the `clean-lxd-environments` skill
 - Expected test errors: use the `debug-test-errors` skill
-- LXD provider docs: [`docs/user-guide/providers/lxd.md`](../../../../docs/user-guide/providers/lxd.md)
+- LXD provider docs: [`docs/user-guide/providers/lxd/`](../../../../docs/user-guide/providers/lxd/)
 - E2E troubleshooting: [`docs/e2e-testing/troubleshooting.md`](../../../../docs/e2e-testing/troubleshooting.md)

docs/deployments/hetzner-demo-tracker/deployment-spec.md

@@ -160,7 +160,7 @@ The file is stored at `envs/torrust-tracker-demo.json` (git-ignored — contains
 
 ## Related Documentation
 
-- [Hetzner server types and pricing](../../user-guide/providers/hetzner.md#available-server-types)
+- [Hetzner server types and pricing](../../user-guide/providers/hetzner/#available-server-types)
 - [HTTPS/TLS configuration](../../user-guide/services/https.md)
 - [Grafana service](../../user-guide/services/grafana.md)
 - [Prometheus service](../../user-guide/services/prometheus.md)

docs/deployments/hetzner-demo-tracker/prerequisites.md

@@ -202,6 +202,6 @@ torrust-tracker-demo.com. 3600 IN SOA hydrogen.ns.hetzner.com. dns.hetzner.com.
 
 ## Related Documentation
 
-- [Hetzner Cloud Provider guide](../../user-guide/providers/hetzner.md)
+- [Hetzner Cloud Provider guide](../../user-guide/providers/hetzner/)
 - [Quick Start: Docker Deployment](../../user-guide/quick-start/docker.md)
 - [Quick Start: Native Installation](../../user-guide/quick-start/native.md)

docs/issues/405-deploy-hetzner-demo-tracker-and-document-process.md

@@ -2,7 +2,7 @@
 
 **Issue**: #405
 **Parent Epic**: None
-**Related**: [docs/user-guide/providers/hetzner.md](../user-guide/providers/hetzner.md), [docs/user-guide/quick-start/docker.md](../user-guide/quick-start/docker.md)
+**Related**: [docs/user-guide/providers/hetzner/](../user-guide/providers/hetzner/), [docs/user-guide/quick-start/docker.md](../user-guide/quick-start/docker.md)
 
 ## Overview
 
@@ -118,7 +118,7 @@ See [`docs/deployments/hetzner-demo-tracker/post-provision/`](../deployments/het
 
 ## Related Documentation
 
-- [Hetzner Cloud Provider](../user-guide/providers/hetzner.md)
+- [Hetzner Cloud Provider](../user-guide/providers/hetzner/)
 - [Quick Start: Docker Deployment](../user-guide/quick-start/docker.md)
 - [Deployment Overview](../deployment-overview.md)
 - [User Guide](../user-guide/README.md)

docs/issues/411-bug-ssh-key-passphrase-breaks-automated-deployment.md

@@ -210,7 +210,7 @@ Create `docs/user-guide/ssh-keys.md` covering:
 
 #### Update: Hetzner provider guide
 
-`docs/user-guide/providers/hetzner.md` — add a "SSH Key Requirements" section or
+`docs/user-guide/providers/hetzner/` — add a "SSH Key Requirements" section or
 callout box noting that Docker-based deployments require a passphrase-free key (or agent
 forwarding) and linking to the new SSH keys page.
 
@@ -246,7 +246,7 @@ configured private key appears to be passphrase-protected.
 ### Phase 3: Documentation
 
 - [ ] Create `docs/user-guide/ssh-keys.md` covering all workflows and security notes
-- [ ] Update `docs/user-guide/providers/hetzner.md` with an SSH key requirements note
+- [ ] Update `docs/user-guide/providers/hetzner/` with an SSH key requirements note
 - [ ] Update `docs/user-guide/commands/create.md` to mention the passphrase warning
 - [ ] Update `docs/user-guide/README.md` to link to the new `ssh-keys.md` page
 
@@ -276,11 +276,11 @@ configured private key appears to be passphrase-protected.
       forwarding, separate key)
 - [ ] `docs/user-guide/ssh-keys.md` exists and covers key requirements, workflows, and
       security notes
-- [ ] `docs/user-guide/providers/hetzner.md` references the SSH key requirements
+- [ ] `docs/user-guide/providers/hetzner/` references the SSH key requirements
 
 ## Related Documentation
 
 - [docs/deployments/hetzner-demo-tracker/commands/provision/problems.md](../deployments/hetzner-demo-tracker/commands/provision/problems.md) — root cause analysis and resolution for the Hetzner deployment failure
 - [src/adapters/ssh/ssh/credentials.rs](../../src/adapters/ssh/ssh/credentials.rs) — `SshCredentials` struct
 - [src/presentation/cli/controllers/create/subcommands/environment/handler.rs](../../src/presentation/cli/controllers/create/subcommands/environment/handler.rs) — where the warning is added
-- [docs/user-guide/providers/hetzner.md](../user-guide/providers/hetzner.md) — Hetzner provider guide
+- [docs/user-guide/providers/hetzner/](../user-guide/providers/hetzner/) — Hetzner provider guide

docs/security/ssh-root-access-hetzner.md

@@ -131,5 +131,5 @@ Consider disabling root access after successful deployment:
 ## Related Documentation
 
 - [ADR: Hetzner SSH Key Dual Injection Pattern](../decisions/hetzner-ssh-key-dual-injection.md)
-- [Hetzner Provider Documentation](../user-guide/providers/hetzner.md)
+- [Hetzner Provider Documentation](../user-guide/providers/hetzner/)
 - [SSH Keys Guide](../tech-stack/ssh-keys.md)

docs/tools/lxd-cleanup.md

@@ -240,4 +240,4 @@ cargo run --bin lxd_cleanup -- environment-name
 
 - [E2E Testing Documentation](../e2e-testing/README.md)
 - [Preflight Cleanup Implementation](../../src/testing/e2e/tasks/virtual_machine/preflight_cleanup.rs)
-- [LXD Provider Documentation](../user-guide/providers/lxd.md)
+- [LXD Provider Documentation](../user-guide/providers/lxd/)

docs/user-guide/providers/README.md

@@ -4,10 +4,10 @@ This directory contains provider-specific configuration guides.
 
 ## Available Providers
 
-| Provider                    | Status    | Description                                |
-| --------------------------- | --------- | ------------------------------------------ |
-| [LXD](lxd.md)               | ✅ Stable | Local development using LXD containers/VMs |
-| [Hetzner Cloud](hetzner.md) | 🆕 New    | Cost-effective European cloud provider     |
+| Provider                  | Status    | Description                                |
+| ------------------------- | --------- | ------------------------------------------ |
+| [LXD](lxd/)               | ✅ Stable | Local development using LXD containers/VMs |
+| [Hetzner Cloud](hetzner/) | 🆕 New    | Cost-effective European cloud provider     |
 
 ## Choosing a Provider
 
@@ -30,7 +30,7 @@ To add a new provider:
 1. Create OpenTofu templates in `templates/tofu/<provider>/`
 2. Add provider configuration types in `src/domain/provider/`
 3. Update the template renderer for provider-specific logic
-4. Add documentation in `docs/user-guide/providers/<provider>.md`
+4. Add documentation in `docs/user-guide/providers/<provider>/README.md`
 
 See the [contributing guide](../../contributing/README.md) for more details.
 
@@ -39,3 +39,4 @@ See the [contributing guide](../../contributing/README.md) for more details.
 - [Quick Start Guides](../quick-start/README.md) - Docker and native installation guides
 - [Commands Reference](../commands/README.md) - Available commands
 - [SSH Keys](../../tech-stack/ssh-keys.md) - SSH key generation and management
+- [Hetzner Post-Deployment](hetzner/post-deployment.md) - Manual steps for floating IPs and IPv6

docs/user-guide/providers/hetzner.md …s/user-guide/providers/hetzner/README.mddocs/user-guide/providers/hetzner.md renamed to docs/user-guide/providers/hetzner/README.md docs/user-guide/providers/hetzner.md renamed to docs/user-guide/providers/hetzner/README.md

@@ -17,7 +17,7 @@ This guide covers Hetzner-specific configuration for cloud deployments.
 
 - Hetzner Cloud account ([sign up](https://www.hetzner.com/cloud))
 - API token with read/write permissions
-- SSH key pair (see [SSH keys guide](../../tech-stack/ssh-keys.md))
+- SSH key pair (see [SSH keys guide](../../../tech-stack/ssh-keys.md))
 
 ## Create API Token
 
@@ -143,7 +143,7 @@ cat /var/log/cloud-init-output.log
 2. **Restrict SSH access** - Consider using Hetzner Firewall
 3. **Use strong SSH keys** - Ed25519 or RSA 4096-bit minimum
 4. **Regular updates** - Keep server packages updated
-5. **Disable root SSH access** - For production, see [SSH Root Access Guide](../../security/ssh-root-access-hetzner.md)
+5. **Disable root SSH access** - For production, see [SSH Root Access Guide](../../../security/ssh-root-access-hetzner.md)
 
 ## SSH Key Requirements
 
@@ -163,13 +163,13 @@ private key will cause the `provision` step to fail with
    # Press Enter twice for an empty new passphrase
    ```
 
-2. **Forward your SSH agent** into the container (see [SSH Keys Guide](../ssh-keys.md#workflow-2--passphrase-protected-key-with-ssh-agent-forwarding-into-docker)).
+2. **Forward your SSH agent** into the container (see [SSH Keys Guide](../../ssh-keys.md#workflow-2--passphrase-protected-key-with-ssh-agent-forwarding-into-docker)).
 
 The `create environment` command will warn you if it detects a passphrase-protected key
 so you can resolve this before reaching `provision`.
 
 For more detail on generating keys, removing passphrases, and security considerations,
-see the [SSH Keys Guide](../ssh-keys.md).
+see the [SSH Keys Guide](../../ssh-keys.md).
 
 ## SSH Key Behavior
 
@@ -182,14 +182,15 @@ Hetzner deployments configure SSH access through two mechanisms:
 
 **Why both?** If cloud-init fails, root SSH access provides a debugging path. Without it, a failed cloud-init would leave the server completely inaccessible.
 
-**For stricter security**: You can disable root SSH access after deployment. See [SSH Root Access on Hetzner](../../security/ssh-root-access-hetzner.md) for instructions.
+**For stricter security**: You can disable root SSH access after deployment. See [SSH Root Access on Hetzner](../../../security/ssh-root-access-hetzner.md) for instructions.
 
 **Note**: The SSH key appears in your Hetzner Console under **Security** → **SSH Keys** with the name `torrust-tracker-vm-<environment>-ssh-key`.
 
 ## Related Documentation
 
-- [Quick Start: Docker](../quick-start/docker.md) - Deploy to Hetzner using Docker
-- [Quick Start: Native](../quick-start/native.md) - Deploy using native installation
-- [SSH Keys Guide](../../tech-stack/ssh-keys.md) - SSH key generation
-- [SSH Root Access Security](../../security/ssh-root-access-hetzner.md) - Disabling root access
-- [LXD Provider](lxd.md) - Local development alternative
+- [Quick Start: Docker](../../quick-start/docker.md) - Deploy to Hetzner using Docker
+- [Quick Start: Native](../../quick-start/native.md) - Deploy using native installation
+- [SSH Keys Guide](../../../tech-stack/ssh-keys.md) - SSH key generation
+- [SSH Root Access Security](../../../security/ssh-root-access-hetzner.md) - Disabling root access
+- [LXD Provider](../lxd/) - Local development alternative
+- [Post-Deployment: Floating IPs and IPv6](post-deployment.md) - Manual steps for floating IPs and IPv6 UDP