diff --git a/lessons_learned.md b/lessons_learned.md
index 7778001..5e28a7f 100644
--- a/lessons_learned.md
+++ b/lessons_learned.md
@@ -36,4 +36,5 @@
 
 *   **Networking & Cloud Considerations:**
     *   Host firewall (`firewalld`) rules are separate from cloud provider security rules (e.g., Oracle Cloud Network Security Groups/Security Lists). Both layers must be correctly configured.
-    *   Ansible playbooks typically cannot manage cloud provider firewalls without specific cloud collections (e.g., `oracle.oci`).
\ No newline at end of file
+    *   Ansible playbooks typically cannot manage cloud provider firewalls without specific cloud collections (e.g., `oracle.oci`).
+*   **Combined Networking Stack:** For services that are tightly coupled (like Nginx and Wireguard in a reverse proxy/VPN setup), it is often best to manage them within a single Ansible role and a single Podman Compose stack. Separating them can break intended network sharing and complicate debugging.
\ No newline at end of file