Renumber PXE LAN from 10.9.100.0/24 to 172.16.9.0/24

Single-site bay-stuck issue at WJ: GE Intune Report IP script filters
Get-NetIPAddress on StartsWith("10.") and posts everything matching
to the GE Tines webhook. Bays at WJ get the PXE LAN 10.9.100.x IP
captured and reported -> GE backend tags bays as on a non-corp 10.x
subnet -> dynamic group eligibility for SFLD policy never matches.
Other GE sites work because their PXE LANs aren't on 10.x at all.

Renumber PXE LAN to RFC1918 172.16.9.0/24 so the GE filter naturally
skips wired PXE addresses without any disable-NIC dance.

Server-side already in flight (netplan dual-bound, dnsmasq scope +
boot URL repointed, blancco preferences + grub.cfg + iPXE GetPxeScript
all sed'd to 172.16.9.1). This commit is the playbook / scripts /
docs side: 109 hits across 35 files sed'd in one shot.

After this lands + boot.wim is rebuilt + bays renumber off DHCP,
the 10.9.100.1 binding will be dropped from netplan as the final
cleanup step.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

webapp/static/qr-render.js

@@ -0,0 +1,42 @@
+// QR render helper. Scans for any element with data-qr="<text>" and renders
+// a Kazuhiko Arase qrcode-generator QR into it as inline <img>. Size is
+// controlled via data-qr-size="N" (px square, default 96). Error-correction
+// level via data-qr-ec="L|M|Q|H" (default M).
+//
+// The qrcode-generator lib (loaded before this script) exposes a global
+// `qrcode()` factory: typeNumber 0 = auto, ec = 'L'|'M'|'Q'|'H'.
+(function () {
+  function render(el) {
+    var text = el.getAttribute('data-qr') || '';
+    if (!text) return;
+    if (el.dataset.qrRendered === '1') return;
+    var size = parseInt(el.getAttribute('data-qr-size') || '96', 10);
+    var ec   = el.getAttribute('data-qr-ec') || 'M';
+    try {
+      var qr = qrcode(0, ec);
+      qr.addData(text);
+      qr.make();
+      // createImgTag(cellSize, margin)
+      // 4-cell margin keeps the QR scannable per spec; cell size derived from
+      // requested pixel size and module count.
+      var modules = qr.getModuleCount();
+      var cellSize = Math.max(1, Math.floor(size / (modules + 8)));
+      el.innerHTML = qr.createImgTag(cellSize, 4);
+      el.dataset.qrRendered = '1';
+      el.title = 'Scan: ' + text;
+    } catch (e) {
+      el.textContent = '[QR error]';
+    }
+  }
+
+  function scan() {
+    var nodes = document.querySelectorAll('[data-qr]');
+    for (var i = 0; i < nodes.length; i++) render(nodes[i]);
+  }
+
+  if (document.readyState === 'loading') {
+    document.addEventListener('DOMContentLoaded', scan);
+  } else {
+    scan();
+  }
+})();

webapp/templates/base.html

@@ -221,6 +221,8 @@
 
   <script src="{{ url_for('static', filename='bootstrap.bundle.min.js') }}"></script>
   <script src="{{ url_for('static', filename='app.js') }}"></script>
+  <script src="{{ url_for('static', filename='qrcode.min.js') }}"></script>
+  <script src="{{ url_for('static', filename='qr-render.js') }}"></script>
   {% block extra_scripts %}{% endblock %}
 </body>
 </html>

webapp/templates/imaging.html

@@ -116,7 +116,7 @@
 <div class="card mt-3">
   <div class="card-body small text-muted">
     <strong>How to push status from an imaging client:</strong>
-    <pre class="mb-0 mt-2">POST http://10.9.100.1:9009/imaging/status
+    <pre class="mb-0 mt-2">POST http://172.16.9.1:9009/imaging/status
 Content-Type: application/json
 
 {

webapp/templates/import.html

@@ -25,7 +25,7 @@
               {% endfor %}
             </select>
             <div class="form-text">
-              Files uploaded via SMB to <code>\\10.9.100.1\image-upload</code>
+              Files uploaded via SMB to <code>\\172.16.9.1\image-upload</code>
             </div>
           </div>
 
@@ -66,7 +66,7 @@
         <div class="text-center py-4">
           <h5 class="mt-3 text-muted">No Upload Content Found</h5>
           <p class="text-muted mb-0">
-            Map <code>\\10.9.100.1\image-upload</code> on your Windows PC and copy
+            Map <code>\\172.16.9.1\image-upload</code> on your Windows PC and copy
             the Deploy directory contents there.
           </p>
           <button class="btn btn-outline-secondary btn-sm mt-3" onclick="location.reload()">

webapp/templates/reports.html

@@ -70,7 +70,7 @@
     <h6 class="card-title">Report Storage</h6>
     <p class="card-text mb-1">
       Blancco Drive Eraser saves erasure certificates to the network share
-      <code>\\10.9.100.1\blancco-reports</code>.
+      <code>\\172.16.9.1\blancco-reports</code>.
     </p>
     <p class="card-text mb-0 text-muted">
       Reports are generated automatically after each drive wipe and contain proof of erasure for compliance and audit purposes.

webapp/templates/startnet_editor.html

@@ -75,7 +75,7 @@
           <div class="col-md-6">
             <code class="d-block mb-1">wpeinit</code>
             <small class="text-muted d-block mb-2">Initialize WinPE networking</small>
-            <code class="d-block mb-1">net use Z: \\10.9.100.1\winpeapps</code>
+            <code class="d-block mb-1">net use Z: \\172.16.9.1\winpeapps</code>
             <small class="text-muted d-block mb-2">Map Samba share for deployment</small>
           </div>
           <div class="col-md-6">