diff --git a/admin/workspace-management/cvms/management.md b/admin/workspace-management/cvms/management.md
index 2d87de265..5aab64d23 100644
--- a/admin/workspace-management/cvms/management.md
+++ b/admin/workspace-management/cvms/management.md
@@ -9,7 +9,14 @@ a site manager must enable CVMs. To do so:
 1. Go to **Manage > Admin > Infrastructure**.
 1. Toggle the **Enable Container-Based Virtual Machines** option to **Enable**.
 
-## Cached CVMs
+This section also describes the customization features that Coder offers for
+CVMs:
+
+![CVM Settings](../../../assets/admin/cvm-settings.png)
+
+These settings will apply to workspaces **after** they have been rebuilt.
+
+## Caching
 
 > Cached CVMs are currently an **alpha** feature.
 
@@ -18,7 +25,7 @@ To improve the startup time for CVM-based workspaces, you can enable caching.
 Cached CVMs require the `shiftfs` kernel to be present on the node. Some
 distributions (such as Ubuntu) include `shiftfs`. If you're unsure if `shiftfs`
 is present on your nodes, you can check by running `modinfo shiftfs`. If no
-output is returned, then you do not have `shiftfs` installed.
+output is returned, you do not have `shiftfs` installed.
 
 If you don't want to install `shiftfs` yourself, you can have Coder install the
 module automatically for you. **It is important that you do not have secure boot
@@ -27,4 +34,78 @@ install `shiftfs` on your behalf.**
 
 > GPUs are not supported with cached CVMs at this time.
 
-![Cached CVMs](../../../assets/admin/cached-cvms.png)
+## Self-contained workspace builds
+
+> Self-contained workspace builds are currently an **alpha** feature.
+
+By default, Coder initializes workspaces by running commands inside the
+container. Workspaces, however, control the initialization sequence instead when
+you enable [self-contained workspace builds]. This enables cluster operations
+that restrict command execution inside containers using the Kubernetes API, such
+as the `kubectl exec` command.
+
+[self-contained workspace builds]: ../self-contained-builds.md
+
+## Workspace process logging
+
+> Workspace process logging is currently an **alpha** feature.
+
+[Workspace process logging] enables auditing of commands executed inside the
+workspace container.
+
+[workspace process logging]: ../process-logging.md
+
+## TUN device
+
+> TUN devices currently an **alpha** feature.
+
+Coder allows the creation of custom network interfaces using the Linux TUN
+device. When using the **Enable TUN device** setting, Coder workspaces will have
+a `/dev/net/tun` device mounted into the workspace at build time. VPN usage
+often requires a TUN device.
+
+Users may need root (or `sudo`) access within their workspace to use the TUN
+device and start a VPN client.
+
+> At this time, Coder does not support TUN devices for non-Kubernetes workspace
+> types, such as EC2 or Docker.
+>
+> If you're working with EC2 workspaces, we recommend enabling privileged mode
+> in the workspace provider settings, which will allow users to create their own
+> TUN device.
+
+We've tested this feature using the [Tailscale](https://tailscale.com/) VPN
+within Coder. Remember that you may have to change your VPN settings to keep any
+persistent files (such as configuration/identity) files in your home volume, as
+any data outside the home volume is cleared when the workspace is rebuilt.
+
+## FUSE device
+
+> FUSE devices are currently an **alpha** feature.
+
+Coder allows the creation of custom filesystems using the Linux FUSE userspace
+filesystem device. By enabling the **Enable FUSE device** setting, Coder
+workspaces will have a `/dev/fuse` device mounted into the workspace at build
+time. These devices are often used to mount specialized filesystems, such as
+Google Cloud Storage buckets, to your workspace.
+
+Users may need root (or `sudo`) access within their workspace to use the FUSE
+device and start a FUSE filesystem.
+
+> At this time, Coder does not support FUSE devices for non-Kubernetes workspace
+> types, such as EC2 or Docker.
+>
+> If you're working with EC2 workspaces, we recommend enabling privileged mode
+> in the workspace provider settings, which will allow users to create their own
+> FUSE device.
+
+For example, you can mount a directory from a remote SSH server using `sshfs`:
+
+```console
+mkdir /tmp/mnt
+sshfs user@host:/ /tmp/mnt
+```
+
+Then, in a second terminal, run `ls /tmp/mnt` to list the files from the remote
+host. You should also be able to see a `fuse.sshfs` entry in the output from the
+`mount` command.
diff --git a/admin/workspace-management/tun-device.md b/admin/workspace-management/tun-device.md
deleted file mode 100644
index 72de5d085..000000000
--- a/admin/workspace-management/tun-device.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: TUN device enablement
-description: Learn how to enable TUN devices for VPN usage within Coder.
-state: alpha
----
-
-By default, Coder workspaces do not contain a TUN device, making it difficult to
-run a VPN. However, Coder offers an admin configuration setting that, when
-enabled, automatically creates a TUN device within all Kubernetes [CVM-enabled
-workspaces](cvms/index.md).
-
-> At this time, Coder does not support TUN devices for other workspace types
-> (such as EC2 or Docker).
->
-> If you're working with EC2 workspaces, we recommend enabling privileged mode
-> in the workspace provider settings, which will allow users to create their own
-> TUN device.
-
-## Enable TUN devices in Coder
-
-To enable TUN devices for Kubernetes [CVM-enabled workspaces](cvms/index.md):
-
-1. Log into Coder, and go to **Manage** > **Admin**.
-1. On the **Infrastructure** page, scroll down to the **Workspace container
-   runtime** section.
-1. Under **Enable TUN device**, click the toggle to switch this feature **On**.
-1. Click **Save workspaces**.
-
-![Enabling TUN devices](../../assets/admin/tun.png)
-
-The new setting will apply to workspaces **after** you rebuild them.
-
-Users running workspaces with TUN devices should be able to run VPN clients
-within their workspace as long as they have root (or `sudo`) access within their
-workspace.
-
-> We've tested this feature using the [Tailscale](https://tailscale.com/) VPN
-> within Coder.
diff --git a/assets/admin/cached-cvms.png b/assets/admin/cached-cvms.png
deleted file mode 100644
index fd82b2a4c..000000000
Binary files a/assets/admin/cached-cvms.png and /dev/null differ
diff --git a/assets/admin/cvm-settings.png b/assets/admin/cvm-settings.png
new file mode 100644
index 000000000..f6f7f783b
Binary files /dev/null and b/assets/admin/cvm-settings.png differ
diff --git a/assets/admin/tun.png b/assets/admin/tun.png
deleted file mode 100644
index f7440a0cd..000000000
Binary files a/assets/admin/tun.png and /dev/null differ
diff --git a/manifest.json b/manifest.json
index f7ea007ce..a541ef765 100644
--- a/manifest.json
+++ b/manifest.json
@@ -312,9 +312,6 @@
             {
               "path": "./admin/workspace-management/ssh-access.md"
             },
-            {
-              "path": "./admin/workspace-management/tun-device.md"
-            },
             {
               "path": "./admin/workspace-management/process-logging.md"
             }