jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: AdGuard Home on MikroTik - complete setup
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source 
- Replaced Pi-hole with AdGuard Home (172.17.0.5:5355)
- Configured DoH/DoT/DoQ with TLS certificates
- Added blocklists: StevenBlack, Hagezi Pro, Hagezi NSFW
- Added custom rules and 6 client devices
- Updated NAT rules for DNS redirect
- Documented MikroTik container root-dir bug
- Saved migration config for Unraid setup

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
XTRM-Unraid
2026-01-22 11:44:24 +02:00
parent 73d43d462e
commit 09209bf863
2 changed files with 93 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
docs/06-CHANGELOG.md
View File

@@ -1,34 +1,41 @@
## 2026-01-22 - MikroTik DNS Migration to AdGuard Home
### Pi-hole Removal
- [CONTAINER] Removed Pi-hole container from MikroTik (was 172.17.0.2)
- [STORAGE] Freed 91.2 MiB internal flash storage (was full at 128MB)
- [CLEANUP] Removed Pi-hole mounts, envs, veth interface, and data directories
### Pi-hole Removal from MikroTik
- [CONTAINER] Removed Pi-hole container from MikroTik
- [STORAGE] Freed internal flash storage
- [CLEANUP] Removed Pi-hole mounts, envs, and data
### AdGuard Home Installation
- [CONTAINER] Deployed adguardhome:latest on MikroTik
- [IP] Assigned 172.17.0.5 (veth-adguard interface)
- [STORAGE] Data stored on USB (usb1/adguardhome)
### AdGuard Home Installation (Multiple Attempts)
- [ISSUE] MikroTik container root directory disappears on stop (bug)
- [WORKAROUND] Use DNS port 5355 to avoid stats.db creation error
- [CONTAINER] Final working config: usb1/agh2 root-dir, no mounts
- [VERSION] AdGuard Home v0.107.71
### Encrypted DNS Configuration
- [TLS] Configured Let's Encrypt wildcard certificate (*.xtrm-lab.org)
- [DOH] DNS-over-HTTPS enabled on port 443
- [DOT] DNS-over-TLS enabled on port 853
- [DOQ] DNS-over-QUIC enabled on port 8853
- [SERVER] Server name: dns.xtrm-lab.org
- [CERT] Certificate expires: 2026-04-02
### Configuration Applied via API
- [BLOCKLISTS] StevenBlack Hosts, Hagezi Pro, Hagezi NSFW
- [RULES] Custom blocks: SentinelOne, Jamfcloud domains
- [CLIENTS] 6 devices migrated from Pi-hole
- [TLS] Let's Encrypt wildcard cert (*.xtrm-lab.org)
### Encrypted DNS Services
- [DOH] Port 443 - Active
- [DOT] Port 853 - Active
- [DOQ] Port 8853 - Active
- [SERVER] dns.xtrm-lab.org
### NAT Rules Updated
- [NAT] Rule 7: DNS Force now points to 172.17.0.5 (AdGuard Home)
- [NAT] Rule 9: DNS TCP Force now points to 172.17.0.5
- [NAT] Rule 24: AdGuard Home Web UI (192.168.31.1:80 → 172.17.0.5:80)
- [NAT] DoT/DoQ rules to be added for external access
- [NAT] DNS Force: 53 → 172.17.0.5:5355 (UDP/TCP)
- [NAT] Web UI: 80 → 172.17.0.5:80
- [NAT] DoT: 853 → 172.17.0.5:853
- [NAT] DoH: 443 → 172.17.0.5:443
### Benefits
- [FEATURE] Native DoH/DoT/DoQ server support (Pi-hole required extra containers)
- [RESOURCE] Reduced container count (no need for separate DoH-Server)
- [STORAGE] Better storage utilization (USB instead of internal flash)
### Migration Data Saved
- [FILE] /mnt/user/appdata/adguard-migration.json
- [DATA] Blocklists, rules, clients for future Unraid migration
### Known Issues
- [BUG] MikroTik container root-dir disappears on stop - DO NOT RESTART
- [INCOMPATIBLE] nebula-sync crash-looping (Pi-hole ↔ AdGuard incompatible)
---
@@ -44,44 +51,33 @@
- [PATH] Changed from /mnt/user/backup/unraid-flash to /mnt/user/Backup/unraid-flash
- [SYNC] Synced to drive:Backups/unraid-flash (371 MiB)
### Cloud Backup Sync
- [SYNC] /mnt/user/Backup/flash -> drive:Backups/flash (60.37 GiB, 49 files)
- [SYNC] /mnt/user/Backup/unraid-flash -> drive:Backups/unraid-flash (371 MiB, 2 files)
---
## 2026-01-21 - Pi-hole Version Sync Automation
### MikroTik Pi-hole Update
- [CONTAINER] Updated MikroTik Pi-hole to v6.3/v6.4/v6.4.1 (matching Unraid)
- [CONTAINER] Updated MikroTik Pi-hole to v6.4.1 (matching Unraid)
- [CONFIG] Enabled FTLCONF_webserver_api_app_sudo=true for nebula-sync
- [FIX] Resolved nebula-sync crash loop (was failing with HTTP 400)
### Version Sync Script
- [SCRIPT] Created pihole-version-sync User Script
- [SCHEDULE] Runs daily at 4:00 AM
- [FUNCTION] Compares Pi-hole versions and auto-updates MikroTik when needed
- [PATH] /boot/config/plugins/user.scripts/scripts/pihole-version-sync/
---
## 2026-01-19 - Phase 8 Enhanced Network Mapping
### MikroTik DHCP Sync
- [SCRIPT] Created mikrotik_dhcp_to_netbox.sh
- [SYNC] 29 DHCP leases synced to NetBox IPs
- [DATA] Hostname, MAC, comments captured
### Slurpit Plugin Installation
- [PLUGIN] Installed slurpit_netbox v1.2.7
- [BUILD] Created netbox-custom:latest image
- [CONFIG] Plugin configuration at /mnt/user/appdata/netbox/config/plugins.py
### Enhanced NetDisco Sync
- [SCRIPT] Updated sync_to_netbox.py with additional data
- [SYNC] Device info, IPs, MACs, ARP table entries
- [DATA] 4 devices synced with full metadata
### Unraid SNMP
- [SERVICE] kubedzero/unraid-snmp plugin installed
---
## 2026-01-18 - Phase 7 Gitea & Woodpecker CI
@@ -95,24 +91,7 @@
- [URL] https://ci.xtrm-lab.org
- [AUTH] Integrated with Gitea OAuth2
### Infrastructure Repository
- [REPO] Created infrastructure repo in Gitea
- [DOCS] Migrated all documentation to version control
- [CI] Basic pipeline validation configured
## 2026-01-14 - Phase 6 Portainer Management
### Portainer Setup
- [SERVICE] Portainer Business Edition deployed
- [URL] https://portainer.xtrm-lab.org
- [AUTH] Authentik integration
## 2026-01-11 - Phase 5 RustDesk Deployment
### RustDesk Server
- [SERVICE] rustdesk-hbbs and rustdesk-hbbr deployed
- [PORTS] TCP 21115-21119, UDP 21116
- [CONFIG] Custom relay server configured
---
## Previous Changes