diff --git a/docs/00-CURRENT-STATE.md b/docs/00-CURRENT-STATE.md index 35fbb9a..57d7edc 100644 --- a/docs/00-CURRENT-STATE.md +++ b/docs/00-CURRENT-STATE.md @@ -2,7 +2,7 @@ ## Current Infrastructure State -**Document Updated:** 2026-01-18 +**Document Updated:** 2026-01-21 **Target Domain:** xtrm-lab.org --- @@ -29,7 +29,6 @@ - `docker-bridge` - Container network (172.17.0.1/24) - `back-to-home-vpn` - WireGuard VPN (192.168.216.1/24) - **SNMP Configuration:** | Device | Community | Access | Status | |--------|-----------|--------|--------| @@ -52,10 +51,6 @@ | Ports | 24x Gigabit + 2x SFP | | OS | SwOS (MikroTik Switch OS) | | Web UI | http://192.168.31.9/index.html | -| Username | admin | -| Password | M0stW4nt3d@xtrm | - -**Uplink:** Connected to hAP ax³ via eth4_CCS324_Uplink ### MikroTik cAP ac (192.168.31.6) @@ -64,142 +59,111 @@ | Role | CAPsMAN Managed Access Point | | RouterOS Version | 7.20.1 (stable) | | Identity | CAP XL ac | -| Board | RBcAPGi-5acD2nD | -| SSH Access | `ssh -p 2222 xtrm@192.168.31.6` | -| SSH Password | M0stW4nt3d@xtrm | -**Note:** SSH key (id_ed25519 from Desktop) installed for key-based auth. +--- -### WiFi Networks - -| SSID | Password | Bands | Security | Purpose | -|------|----------|-------|----------|---------| -| XTRM | M0stW4nt3d@home | 2.4GHz + 5GHz | WPA/WPA2 (2.4GHz), WPA2/WPA3 (5GHz) | Main network | -| XTRM2 | M0stW4nt3d@IoT | 2.4GHz | WPA/WPA2 | Legacy/IoT devices | - -**CAPsMAN:** hAP ax³ manages cAP ac via CAPsMAN (WiFi controller). See [09-MIKROTIK-WIFI-CAPSMAN.md](./09-MIKROTIK-WIFI-CAPSMAN.md) for full configuration. - -### Unraid Server (192.168.31.2) +## Unraid Server (192.168.31.2) **Tailscale IP:** 100.100.208.70 +**SSH Access:** `ssh -i ~/.ssh/id_ed25519_unraid root@192.168.31.2 -p 422` -**Key Services:** +### Docker Networks -| Service | Container Name | Port(s) | Network | External URL | -|---------|---------------|---------|---------|--------------| -| Portainer | portainer | 9002→9000, 9444→9443 | bridge | http://100.100.208.70:9002 (Tailscale) | -| Pi-hole | binhex-official-pihole | 53, 80, 67 | br0 (192.168.31.4) | ph1.xtrm-lab.org | -| Unbound | unbound | 53 | br0 (192.168.31.5) | - | -| Traefik | traefik | 8001→80, 44301→443 | dockerproxy | traefik.xtrm-lab.org | -| Authentik | authentik | 9000, 9443 | dockerproxy | auth.xtrm-lab.org | -| Authentik Worker | authentik-worker | - | authentik | - | -| Vaultwarden | vaultwarden | 4743→80 | bridge | vault.xtrm-lab.org | -| Plex | plex | 32400 | host | plex.xtrm-lab.org | -| Home Assistant | HomeAssistant_inabox | 8123 | host (192.168.31.15) | ha.xtrm-lab.org | -| Transmission | transmission | 9091, 51413 | bridge | - | -| Nextcloud | Nextcloud | 8666→80 | bridge | - | -| PostgreSQL | postgresql17 | 5432 | bridge | - | -| Redis | Redis | 6379 | bridge | - | -| Uptime Kuma | UptimeKuma | 3001 | bridge | - | -| NetAlertX | NetAlertX | 20211 | host | netalert.xtrm-lab.org | -| UrBackup | UrBackup | 55414 | host | urbackup.xtrm-lab.org | -| Homarr | homarr | 10004→7575 | bridge | - | -| NetBox | netbox | 8090→8080 | dockerproxy | netbox.xtrm-lab.org | -| NetBox Worker | netbox-worker | - | netbox | - | -| NetBox Housekeeping | netbox-housekeeping | - | netbox | - | -| NetBox PostgreSQL | netbox-postgres | 5432 | netbox | - | -| NetBox Redis | netbox-redis | 6379 | netbox | - | -| NetBox Redis Cache | netbox-redis-cache | 6379 | netbox | - | -| Nebula Sync | nebula-sync | - | - | Pi-hole sync | -| DoH Server | DoH-Server | 8053 | dockerproxy | doh.xtrm-lab.org | -| stunnel DoT | stunnel-dot | 853 | bridge | dns.xtrm-lab.org:853 | -| Pangolin | pangolin | 3003→3001, 3004→3002 | bridge | Fossorial controller | -| Gitea | gitea | 3005→3000, 2222→22 | dockerproxy | git.xtrm-lab.org | -| Woodpecker Server | woodpecker-server | 8008→8000 | dockerproxy | ci.xtrm-lab.org | -| Woodpecker Agent | woodpecker-agent | - | dockerproxy | - | -| RustDesk ID | rustdesk-hbbs | 21115-21116, 21118-21119 | bridge | rustdesk.xtrm-lab.org | -| RustDesk Relay | rustdesk-hbbr | 21117 | bridge | rustdesk.xtrm-lab.org | -| NetDisco Web | netdisco-web | 5000 | dockerproxy | https://netdisco.xtrm-lab.org | -| NetDisco Backend | netdisco-backend | - | dockerproxy | SNMP polling daemon | +| Network | Subnet | Purpose | +|---------|--------|---------| +| dockerproxy | 172.18.0.0/16 | Traefik-accessible services | +| netbox | 172.24.0.0/16 | NetBox stack | +| slurpit_slurpit-network | Auto | Slurp'it stack | +| br0 | 192.168.31.0/24 | LAN macvlan | +| bridge | 172.17.0.0/16 | Default Docker bridge | +| host | - | Host network stack | + +### Key Services + +| Service | Container | Static IP | External URL | +|---------|-----------|-----------|--------------| +| **Core Infrastructure** | +| Reverse Proxy | traefik | 172.18.0.3 | traefik.xtrm-lab.org | +| Docker Socket | dockersocket | 172.18.0.2 | - | +| Dashboard | homarr | 172.18.0.4 | xtrm-lab.org | +| **Security** | +| Identity Provider | authentik | 172.18.0.11 | auth.xtrm-lab.org | +| Authentik Worker | authentik-worker | 172.18.0.12 | - | +| Password Manager | vaultwarden | 172.18.0.15 | vault.xtrm-lab.org | +| **Databases** | +| PostgreSQL | postgresql17 | 172.18.0.13 | - | +| Redis | Redis | 172.18.0.14 | - | +| **DNS** | +| Pi-hole (Unraid) | binhex-official-pihole | 192.168.31.4 | ph1.xtrm-lab.org | +| Unbound (Unraid) | unbound | 192.168.31.5 | - | +| DoH Server | DoH-Server | 172.18.0.22 | doh.xtrm-lab.org | +| **DevOps** | +| Git Server | gitea | 172.18.0.31 | git.xtrm-lab.org | +| CI/CD Server | woodpecker-server | 172.18.0.32 | ci.xtrm-lab.org | +| CI/CD Agent | woodpecker-agent | 172.18.0.33 | - | +| **Network Management** | +| NetBox | netbox | 172.24.0.5 | netbox.xtrm-lab.org | +| NetBox Worker | netbox-worker | 172.24.0.6 | - | +| NetBox PostgreSQL | netbox-postgres | 172.24.0.4 | - | +| NetBox Redis | netbox-redis | 172.24.0.2 | - | +| NetBox Redis Cache | netbox-redis-cache | 172.24.0.3 | - | +| NetDisco Web | netdisco-web | 172.18.0.41 | netdisco.xtrm-lab.org | +| NetDisco Backend | netdisco-backend | 172.18.0.42 | - | +| Unimus | unimus | host | unimus.xtrm-lab.org | +| **Slurp'it Discovery** | +| Slurp'it Portal | slurpit-portal | dockerproxy | slurpit.xtrm-lab.org | +| Slurp'it Scanner | slurpit-scanner | slurpit-network | - | +| Slurp'it Scraper | slurpit-scraper | slurpit-network | - | +| Slurp'it Warehouse | slurpit-warehouse | slurpit-network | - | +| Slurp'it MariaDB | slurpit-mariadb | slurpit-network | - | +| Slurp'it MongoDB | slurpit-mongodb | slurpit-network | - | +| **Monitoring** | +| Uptime Kuma | UptimeKuma | 172.18.0.20 | uptime.xtrm-lab.org | +| Uptime Kuma API | Uptime-Kuma-API | 172.18.0.18 | - | +| AutoKuma | AutoKuma | 172.18.0.19 | - | +| NetAlertX | NetAlertX | host | netalert.xtrm-lab.org | +| Speedtest Tracker | speedtest-tracker | 172.18.0.21 | speedtest.xtrm-lab.org | +| **Productivity** | +| Actual Budget | actual-budget | 172.18.0.16 | actual.xtrm-lab.org | +| n8n | n8n | 172.18.0.17 | n8n.xtrm-lab.org | +| Karakeep | karakeep | 172.18.0.25 | karakeep.xtrm-lab.org | +| **Media & Storage** | +| Plex | plex | host | plex.xtrm-lab.org | +| Nextcloud | Nextcloud | 172.18.0.24 | nextcloud.xtrm-lab.org | +| Libation | Libation | 172.18.0.23 | - | +| Transmission | transmission | 172.18.0.26 | - | +| Time Machine | TimeMachine | 192.168.31.12 | - | +| **Remote Access** | +| RustDesk ID | rustdesk-hbbs | bridge | rustdesk.xtrm-lab.org | +| RustDesk Relay | rustdesk-hbbr | bridge | - | +| **Other** | +| Home Assistant | HomeAssistant_inabox | host | ha.xtrm-lab.org | +| UrBackup | UrBackup | host | urbackup.xtrm-lab.org | +| Portainer | portainer | bridge | 192.168.31.2:9002 | +| Pangolin | pangolin | 172.18.0.51 | - | --- -## Current NAT/Port Forwarding (MikroTik) +## Docker Compose Managed Stacks -| Rule | Protocol | WAN Port | Destination | Purpose | -|------|----------|----------|-------------|---------| -| Forward HTTP | TCP | 80 | 192.168.31.2:8001 | Traefik HTTP | -| Forward HTTPS | TCP | 443 | 192.168.31.2:44301 | Traefik HTTPS | -| Plex | TCP | 32400 | 192.168.31.2:32400 | Plex Media Server | -| Transmission | TCP/UDP | 51413 | 192.168.31.2:51413 | BitTorrent | -| DoT | TCP | 853 | 172.17.0.2:853 | DNS over TLS | -| DoH | TCP/UDP | 5443 | 172.17.0.2:443 | DNS over HTTPS | -| DNS Force | UDP/TCP | 53 | 172.17.0.2:53 | Force LAN DNS to Pi-hole | -| RustDesk NAT Test | TCP | 21115 | 192.168.31.2:21115 | RustDesk NAT Test | -| RustDesk ID TCP | TCP | 21116 | 192.168.31.2:21116 | RustDesk ID Server | -| RustDesk ID UDP | UDP | 21116 | 192.168.31.2:21116 | RustDesk ID Server | -| RustDesk Relay | TCP | 21117 | 192.168.31.2:21117 | RustDesk Relay | +| Stack | Location | Containers | +|-------|----------|------------| +| NetBox | `/mnt/user/appdata/netbox/docker-compose.yml` | netbox, netbox-worker, netbox-postgres, netbox-redis, netbox-redis-cache | +| NetDisco | `/mnt/user/appdata/netdisco/docker-compose.yml` | netdisco-web, netdisco-backend | +| Gitea | `/mnt/user/appdata/gitea/docker-compose.yml` | gitea | +| Woodpecker | `/mnt/user/appdata/woodpecker/docker-compose.yml` | woodpecker-server, woodpecker-agent | +| Pangolin | `/mnt/user/appdata/pangolin/docker-compose.yml` | pangolin | +| Slurp'it | `/mnt/user/appdata/slurpit/docker-compose.yml` | slurpit-portal, slurpit-scanner, slurpit-scraper, slurpit-warehouse, slurpit-mariadb, slurpit-mongodb | --- -## Current WireGuard Configuration +## NetBox Plugins -**Interface:** `back-to-home-vpn` -- Listen Port: 59188 -- Address: 192.168.216.1/24 -- Public Key: `3e+p++SJ6f5EURt6WCKApOLMQHWpURm/vn/0s9+EKzs=` +| Plugin | Version | Status | +|--------|---------|--------| +| slurpit_netbox | 1.2.7 | Active | -**Existing Peers:** -1. hAP ax³ (secondary device) -2. Kaloyan's S25 Ultra (mobile) -3. Additional peer (unnamed) - ---- - -## Traefik Configuration - -**Entry Points:** -- HTTP (:80) → Redirects to HTTPS -- HTTPS (:443) - -**Certificate Resolver:** Cloudflare DNS Challenge -- Email: admin@xtrm-lab.org -- DNS Provider: Cloudflare - -**Existing Middlewares:** -- `default-headers` - Security headers (HSTS, XSS protection, etc.) -- `authentik-forward-auth` - Forward auth to Authentik (configured but not applied) -- `pihole1-redirect` / `pihole2-redirect` - Redirect root to /admin/ - ---- - -## Authentik Configuration - -| Parameter | Value | -|-----------|-------| -| Version | 2025.8.1 | -| URL | auth.xtrm-lab.org | -| PostgreSQL Host | postgresql17 | -| Database | authentik_db | -| Redis Host | redis | -| Network | dockerproxy | - -**Status:** Deployed but not yet integrated with services - ---- - -## Portainer Configuration (Phase 6) - -| Parameter | Value | -|-----------|-------| -| Version | CE Latest | -| HTTP Port | 9002 | -| HTTPS Port | 9444 | -| Data Path | /mnt/user/appdata/portainer | -| Tailscale URL | http://100.100.208.70:9002 | -| Local URL | http://192.168.31.2:9002 | - -**Status:** Deployed, awaiting initial setup and MikroTik connection (Phase 6.2/6.3) +**Note:** Plugin config mounted from `/mnt/user/appdata/netbox/config/plugins.py` --- @@ -241,113 +205,44 @@ --- -## Service Interruption Risk Assessment +## Current NAT/Port Forwarding (MikroTik) -| Phase | Component | Interruption Risk | Mitigation | -|-------|-----------|-------------------|------------| -| 1 | Tailscale Integration | LOW | Add-on service, no changes to existing | -| 1 | DoH Endpoint | LOW | New endpoint, existing DNS unaffected | -| 2 | Pangolin/Gerbil | MEDIUM | New containers, may conflict with WG port 51820 | -| 2 | Newt Connector | LOW | Outbound only | -| 3 | Authentik Forward Auth | HIGH | Will gate all services - test thoroughly | -| 4 | Sunshine/Moonlight | LOW | New service, Tailscale-only access | -| 5 | RustDesk | MEDIUM | New ports required on MikroTik | -| 6 | Portainer | LOW | Management tool only, no service impact | +| Rule | Protocol | WAN Port | Destination | Purpose | +|------|----------|----------|-------------|---------| +| Forward HTTP | TCP | 80 | 192.168.31.2:8001 | Traefik HTTP | +| Forward HTTPS | TCP | 443 | 192.168.31.2:44301 | Traefik HTTPS | +| Plex | TCP | 32400 | 192.168.31.2:32400 | Plex Media Server | +| Transmission | TCP/UDP | 51413 | 192.168.31.2:51413 | BitTorrent | +| DoT | TCP | 853 | 172.17.0.2:853 | DNS over TLS | +| DoH | TCP/UDP | 5443 | 172.17.0.2:443 | DNS over HTTPS | +| DNS Force | UDP/TCP | 53 | 172.17.0.2:53 | Force LAN DNS to Pi-hole | +| RustDesk | TCP/UDP | 21115-21119 | 192.168.31.2 | RustDesk Server | --- -## Ports Required for Full Implementation +## Traefik Configuration -### New MikroTik Port Forwards Needed: +**Entry Points:** +- HTTP (:80) → Redirects to HTTPS +- HTTPS (:443) -| Service | Protocol | Port(s) | Destination | Phase | -|---------|----------|---------|-------------|-------| -| WireGuard (Fossorial) | UDP | 51820 | 192.168.31.2:51820 | 2 | -| RustDesk ID TCP | TCP | 21115-21117 | 192.168.31.2:21115-21117 | 5 | -| RustDesk Relay | TCP | 21118-21119 | 192.168.31.2:21118-21119 | 5 | -| RustDesk NAT | UDP | 21116 | 192.168.31.2:21116 | 5 | +**Certificate Resolver:** Cloudflare DNS Challenge + +**Docker Provider Constraint:** `traefik.constraint=valid` +- Containers need this label to be auto-discovered +- Otherwise add routes to `/mnt/user/appdata/traefik/dynamic.yml` --- -## Next Steps +## Reference Documents -Proceed to individual phase documents: -1. [Phase 1: Global DNS Portability](./01-PHASE1-DNS-PORTABILITY.md) -2. [Phase 2: Fossorial Tunnel Stack](./02-PHASE2-FOSSORIAL-STACK.md) -3. [Phase 3: Identity & Zero Trust](./03-PHASE3-AUTHENTIK-ZEROTRUST.md) -4. [Phase 4: Remote Gaming](./04-PHASE4-REMOTE-GAMING.md) -5. [Phase 5: RustDesk Setup](./05-PHASE5-RUSTDESK.md) -6. [Phase 6: Portainer Management](./06-PHASE6-PORTAINER-MANAGEMENT.md) -7. [Phase 7: Gitea GitOps](./08-PHASE7-GITEA-GITOPS.md) -8. [Phase 8: NetDisco Integration](./12-PHASE8-NETDISCO-INTEGRATION.md) - -**Reference Documents:** -- [MikroTik WiFi & CAPsMAN Configuration](./09-MIKROTIK-WIFI-CAPSMAN.md) - ---- - -## Completed Infrastructure Tasks - -### Static IP Assignment for Critical Services - -**Status:** COMPLETED (2026-01-18) -**Priority:** High -**Reason:** Critical services should have static IPs outside DHCP/dynamic lease range to prevent IP conflicts and ensure reliable inter-container communication. - -#### dockerproxy Network (172.18.0.0/16) -Static IP range: 172.18.0.2 - 172.18.0.50 - -| Service | Static IP | -|---------|-----------| -| dockersocket | 172.18.0.2 | -| traefik | 172.18.0.3 | -| authentik | 172.18.0.11 | -| authentik-worker | 172.18.0.12 | -| postgresql17 | 172.18.0.13 | -| Redis | 172.18.0.14 | -| vaultwarden | 172.18.0.15 | - -#### bridge Network (172.17.0.0/16) -Static IP range: 172.17.0.2 - 172.17.0.50 - -| Service | Static IP | -|---------|-----------| -| portainer | 172.17.0.2 | -| rustdesk-hbbs | 172.17.0.3 | -| rustdesk-hbbr | 172.17.0.4 | - -#### Implementation Steps -1. [x] Update Docker network IPAM config to reserve static range -2. [x] Recreate critical containers with --ip flag or docker-compose static IP -3. [x] Update any hardcoded references to old IPs -4. [x] Test inter-container connectivity -5. [x] Document final IP assignments - -**Note:** IPs assigned via `docker network connect --ip`. To persist across container recreation, update Unraid Docker templates or use docker-compose. - ---- - -## Unraid Docker Organization - -### FolderView2 Plugin - -Docker containers are organized into categories using the FolderView2 plugin. - -**Icon Collection:** [Dazzle Line Icons](https://www.svgrepo.com/collection/dazzle-line-icons/) from SVGRepo - -**Categories:** - -| Category | Containers | Icon | -|----------|------------|------| -| Infrastructure | traefik, unbound, binhex-official-pihole, DoH-Server, stunnel-dot, pangolin, dockersocket, nebula-sync | network.svg | -| Security | authentik, authentik-worker, vaultwarden | shield-lock.svg | -| Monitoring | UptimeKuma, Uptime-Kuma-API, AutoKuma, NetAlertX, speedtest-tracker, netbox, netbox-worker, netbox-housekeeping | monitoring.svg | -| DevOps | gitea, woodpecker-server, woodpecker-agent, postgresql17, Redis, pgAdmin4, netbox-postgres, netbox-redis, netbox-redis-cache | database-03.svg | -| Media | plex, Libation, transmission | media-play-circle.svg | -| Storage/Backup | rustfs, UrBackup, TimeMachine, Nextcloud | clock-rewind.svg | -| Productivity | actual-budget, n8n, karakeep, homarr | dashboard.svg | -| Smart Home | HomeAssistant_inabox | smart-home.svg | -| Remote Access | rustdesk-hbbs, rustdesk-hbbr | remote.svg | -| Management | portainer, unimus | settings.svg | - -**Config Location:** `/boot/config/plugins/folder.view2/docker.json` +- [Phase 1: Global DNS Portability](./01-PHASE1-DNS-PORTABILITY.md) +- [Phase 2: Fossorial Tunnel Stack](./02-PHASE2-FOSSORIAL-STACK.md) +- [Phase 3: Identity & Zero Trust](./03-PHASE3-AUTHENTIK-ZEROTRUST.md) +- [Phase 4: Remote Gaming](./04-PHASE4-REMOTE-GAMING.md) +- [Phase 5: RustDesk Setup](./05-PHASE5-RUSTDESK.md) +- [Phase 6: Portainer Management](./06-PHASE6-PORTAINER-MANAGEMENT.md) +- [Phase 7: Gitea GitOps](./08-PHASE7-GITEA-GITOPS.md) +- [Phase 8: NetDisco Integration](./12-PHASE8-NETDISCO-INTEGRATION.md) +- [Container IP Assignments](./13-CONTAINER-IP-ASSIGNMENTS.md) +- [MikroTik WiFi & CAPsMAN](./09-MIKROTIK-WIFI-CAPSMAN.md) diff --git a/docs/06-CHANGELOG.md b/docs/06-CHANGELOG.md index 5e0e7dd..3acf397 100644 --- a/docs/06-CHANGELOG.md +++ b/docs/06-CHANGELOG.md @@ -42,3 +42,44 @@ ### NetBox Stack Rebuild - [FIX] Recreated netbox containers with correct Redis/Postgres IPs - [CONFIG] NetBox stack now uses static IPs (172.24.0.2-7) + + +## 2026-01-21 - Slurp'it Server Deployment & Fixes + +### Persistent Static IP Configuration +- [CONFIG] Updated Unraid Docker templates with MyIP and --ip flags +- [CONFIG] Created docker-compose files for compose-managed stacks: + - /mnt/user/appdata/netbox/docker-compose.yml + - /mnt/user/appdata/netdisco/docker-compose.yml + - /mnt/user/appdata/gitea/docker-compose.yml + - /mnt/user/appdata/woodpecker/docker-compose.yml + - /mnt/user/appdata/pangolin/docker-compose.yml +- [DOC] Updated 13-CONTAINER-IP-ASSIGNMENTS.md with compose locations + +### Slurp'it NetBox Plugin Fixes +- [FIX] Mounted plugins.py config to enable slurpit_netbox plugin +- [FIX] Added missing owner_id column to 6 slurpit tables (NetBox 4.5 compatibility) +- [FIX] Added missing cable_connector column to slurpitinterface table +- [STATUS] Plugin now fully functional at /plugins/slurpit/ + +### Slurp'it Server Deployment +- [DEPLOY] Full Slurp'it stack deployed (6 containers) +- [URL] https://slurpit.xtrm-lab.org +- [CONTAINERS]: + - slurpit-portal (Web UI) + - slurpit-scanner (Network scanner) + - slurpit-scraper (Device data collector) + - slurpit-warehouse (Data API) + - slurpit-mariadb (Portal database) + - slurpit-mongodb (Discovery database) +- [CONFIG] /mnt/user/appdata/slurpit/docker-compose.yml +- [CREDS] admin / 12345678 (change on first login) + +### NetBox Traefik Fix +- [FIX] Connected netbox container to dockerproxy network +- [FIX] Added dockerproxy network to netbox docker-compose.yml +- [STATUS] https://netbox.xtrm-lab.org now accessible + +### Actual Budget Traefik Fix +- [FIX] Added actual-budget route to /mnt/user/appdata/traefik/dynamic.yml +- [STATUS] https://actual.xtrm-lab.org now accessible diff --git a/docs/13-CONTAINER-IP-ASSIGNMENTS.md b/docs/13-CONTAINER-IP-ASSIGNMENTS.md index 0dd282b..fc0839c 100644 --- a/docs/13-CONTAINER-IP-ASSIGNMENTS.md +++ b/docs/13-CONTAINER-IP-ASSIGNMENTS.md @@ -1,9 +1,9 @@ # Container Static IP Assignments -**Last Updated:** 2026-01-20 +**Last Updated:** 2026-01-21 This document lists all static IP assignments for Docker containers on Unraid. -Static IPs are now configured in docker-compose files and Unraid templates for persistence. +Static IPs are configured in docker-compose files and Unraid templates for persistence. --- @@ -80,6 +80,24 @@ Static IP range: 172.24.0.2 - 172.24.0.20 | netbox | 172.24.0.5 | NetBox web UI | Compose | | netbox-worker | 172.24.0.6 | NetBox worker | Compose | +**Note:** NetBox container is also on dockerproxy network for Traefik access. + +--- + +## slurpit_slurpit-network (Auto-assigned) + +Slurp'it stack uses its own internal network with auto-assigned IPs. +Portal is also connected to dockerproxy for Traefik access. + +| Container | Purpose | Config | +|-----------|---------|--------| +| slurpit-portal | Web UI | Compose | +| slurpit-scanner | Network scanner | Compose | +| slurpit-scraper | Device data collector | Compose | +| slurpit-warehouse | Data API | Compose | +| slurpit-mariadb | Portal database | Compose | +| slurpit-mongodb | Discovery database | Compose | + --- ## br0 Network (LAN Macvlan - 192.168.31.x) @@ -125,15 +143,14 @@ These containers share the host network stack. ## Docker Compose Files -Compose-managed stacks with persistent static IPs: - -| Stack | Location | Containers | -|-------|----------|------------| -| NetBox | `/mnt/user/appdata/netbox/docker-compose.yml` | netbox, netbox-worker, netbox-postgres, netbox-redis, netbox-redis-cache | -| NetDisco | `/mnt/user/appdata/netdisco/docker-compose.yml` | netdisco-web, netdisco-backend | -| Gitea | `/mnt/user/appdata/gitea/docker-compose.yml` | gitea | -| Woodpecker | `/mnt/user/appdata/woodpecker/docker-compose.yml` | woodpecker-server, woodpecker-agent | -| Pangolin | `/mnt/user/appdata/pangolin/docker-compose.yml` | pangolin | +| Stack | Location | +|-------|----------| +| NetBox | `/mnt/user/appdata/netbox/docker-compose.yml` | +| NetDisco | `/mnt/user/appdata/netdisco/docker-compose.yml` | +| Gitea | `/mnt/user/appdata/gitea/docker-compose.yml` | +| Woodpecker | `/mnt/user/appdata/woodpecker/docker-compose.yml` | +| Pangolin | `/mnt/user/appdata/pangolin/docker-compose.yml` | +| Slurp'it | `/mnt/user/appdata/slurpit/docker-compose.yml` | --- @@ -160,4 +177,7 @@ Use Unraid Docker UI to update/recreate - static IP is preserved in template. ```bash # Check all IPs on a network docker network inspect --format '{{range .Containers}}{{.Name}}: {{.IPv4Address}}{{"\n"}}{{end}}' + +# Check specific container +docker inspect | jq '.[0].NetworkSettings.Networks' ```