jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update configs after CAP recovery and roms share setup
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source 
- 07-WIFI-CAPSMAN: CAP both radios working, access list no VLAN assignment
- 01-NETWORK-MAP: fix CAP IP .6→.2, add Nobara and SMB shares section
- 04-HARDWARE-INVENTORY: CAP SSH/version details, add Recalbox device
- 06-VLAN-DEVICE-ASSIGNMENT: add Nobara (VLAN 10), Recalbox (VLAN 25)
- 03-SERVICES-OTHER: add Roms SMB share section with mount details
- CHANGELOG: add 2026-02-14 entries

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kaloyan Danchev
2026-02-14 16:50:01 +02:00
parent 4e726a4963
commit 2a522d56d2
6 changed files with 111 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
docs/01-NETWORK-MAP.md
View File

@@ -1,6 +1,6 @@
# Network Map - xtrm-lab.org
**Last Updated:** 2026-02-06
**Last Updated:** 2026-02-14
**Domain:** xtrm-lab.org
**WAN IP:** 62.73.120.142
@@ -39,7 +39,7 @@ flowchart TB
end
subgraph Wireless["WiFi"]
CAP["CAP | cAP XL ac<br/>192.168.10.6"]
CAP["CAP | cAP XL ac<br/>192.168.10.2"]
end
ISP -->|"ether1 WAN"| HAP1
@@ -116,9 +116,10 @@ flowchart TB
| 192.168.10.1 | HAP1 \| hAP ax³ | Router |
| 192.168.10.3 | CSS1 \| CSS326-24G-2S+ | Switch |
| 192.168.10.4 | ZX1 \| ZX-SWTGW218AS | Switch |
| 192.168.10.6 | CAP \| cAP XL ac | Access Point |
| 192.168.10.2 | CAP \| cAP XL ac | Access Point |
| 192.168.10.10 | AdGuard Home (Unraid macvlan) | DNS Secondary |
| 192.168.10.20 | XTRM-U | Server |
| 192.168.10.103 | XTRM-Nobara | Failover Node |
| 192.168.10.200 | NanoKVM | Remote KVM |
For complete device-to-VLAN mapping, see `06-VLAN-DEVICE-ASSIGNMENT.md`.
@@ -301,10 +302,9 @@ flowchart TB
| SSID | Band | Security | Purpose |
|------|------|----------|---------|
| XTRM | 5GHz | WPA2/WPA3 | Primary devices |
| XTRM | 2.4GHz | WPA/WPA2 | Legacy support |
| XTRM2 | 2.4GHz | WPA/WPA2 | IoT devices |
**CAPsMAN:** HAP1 manages CAP access point
**CAPsMAN:** HAP1 manages CAP XL ac (192.168.10.2) - both 2.4GHz and 5GHz radios active
---
@@ -356,6 +356,14 @@ flowchart TB
---
## SMB Shares
| Share | Path | Size | Access | Consumers |
|-------|------|------|--------|-----------|
| roms | /mnt/user/roms | 2.3 TB | Guest (read-only) | Nobara (/mnt/roms), Recalbox (network mount) |
---
## Shared Databases
### PostgreSQL 17 (172.18.0.13)

19
docs/03-SERVICES-OTHER.md
View File

@@ -1,6 +1,6 @@
# Other Services
**Last Updated:** 2026-02-06
**Last Updated:** 2026-02-14
Non-critical services that enhance functionality but don't affect core network operation.
@@ -130,6 +130,23 @@ Non-critical services that enhance functionality but don't affect core network o
**Purpose:** Torrent client
### Roms (SMB Share)
| Property | Value |
|----------|-------|
| Share Path | /mnt/user/roms |
| Protocol | SMB (guest access, read-only) |
| Size | 2.3 TB (49 systems) |
**Consumers:**
| Device | Mount Point | Method |
|--------|-------------|--------|
| Nobara | /mnt/roms | fstab (CIFS, guest, systemd.automount) |
| Recalbox | /recalbox/share/roms_network | custom.sh boot script (CIFS) |
**Recalbox:** Network roms are bind-mounted over local rom directories at boot via `/recalbox/share/system/custom.sh`. Local roms were deleted from SD card to save space.
---
## Productivity

27
docs/04-HARDWARE-INVENTORY.md
View File

@@ -1,6 +1,6 @@
# Hardware Inventory
**Last Updated:** 2026-01-31
**Last Updated:** 2026-02-14
---
@@ -75,12 +75,15 @@
|----------|-------|
| **Role** | Wireless Access Point |
| **Location** | Corridor (ceiling) |
| **IP** | 192.168.10.6 |
| **IP** | 192.168.10.2 |
| **MAC** | 18:FD:74:54:3D:BC |
| **OS** | RouterOS 7.x |
| **OS** | RouterOS 7.21.1 |
| **Serial** | HCT085KBH8B |
| **SSH** | `ssh -i ~/.ssh/mikrotik_key -p 2222 xtrm@192.168.10.2` |
**Managed by:** HAP1 CAPsMAN
**Radios:** wifi1 (2.4GHz XTRM2), wifi2 (5GHz XTRM) - both active
**Factory reset:** 2026-02-13 (CAPsMAN certificate regenerated)
---
@@ -192,6 +195,24 @@
| Dancho | Boys Room | B1 | CSS1-18 | - |
| KVM Switch | - | Direct | CSS1-2 | - |
## End Devices (WiFi)
### Recalbox | Raspberry Pi 3
| Property | Value |
|----------|-------|
| **Role** | Retro Gaming Console |
| **Location** | Living Room |
| **IP** | 192.168.25.30 |
| **MAC** | B8:27:EB:32:B2:13 |
| **OS** | Recalbox |
| **VLAN** | 25 (Kids) |
| **SSID** | XTRM2 (2.4GHz) |
| **SSH** | `ssh root@192.168.25.30` (password: `recalboxroot`) |
**Roms:** Network-mounted from Unraid SMB share (//192.168.10.20/roms)
**Boot script:** `/recalbox/share/system/custom.sh` (mounts roms at boot)
---
## Future Hardware (Planned)

11
docs/06-VLAN-DEVICE-ASSIGNMENT.md
View File

@@ -1,6 +1,6 @@
# VLAN Device Assignment Map
**Last Updated:** 2026-02-06
**Last Updated:** 2026-02-14
**Purpose:** Complete inventory of all network devices with VLAN assignments
---
@@ -29,6 +29,7 @@
| 192.168.10.3 | F4:1E:57:C9:BD:09 | CSS326-24G-2S+ | 24-port switch | Room distribution |
| 192.168.10.4 | 1C:2A:A3:1E:78:67 | ZX1 (ZX-SWTGW218AS) | 8-port 2.5G switch | Server rack |
| 192.168.10.20 | A8:B8:E0:02:B6:15 | XTRM-U (Unraid) | Main server | Docker host, NAS |
| 192.168.10.103 | 08:92:04:C6:07:C5 | XTRM-Nobara | Failover node | Keepalived BACKUP |
| 192.168.10.200 | 48:DA:35:6F:BE:50 | NanoKVM | Remote KVM | IPMI alternative |
| 172.17.0.2 | 46:D0:27:F7:1F:CA | AdGuard (MikroTik) | DNS (Router) | Primary DNS, DoH/DoT |
| 172.17.0.3 | 0C:AB:39:8D:8C:FC | Tailscale (MikroTik) | VPN container | Remote access |
@@ -59,6 +60,7 @@
| 192.168.25.14 | 90:91:64:70:0D:86 | Notebook | Kimi | |
| 192.168.25.15 | 2A:2B:BA:86:D4:AF | iPhone | Kimi | |
| 192.168.25.18 | A4:D1:D2:7B:52:BE | iPad | Compusbg | Work tablet |
| 192.168.25.30 | B8:27:EB:32:B2:13 | Recalbox (RPi3) | Gaming | Retro gaming, WiFi XTRM2 |
---
@@ -124,6 +126,7 @@ A8:B8:E0:02:B6:15 XTRM-U
F4:1E:57:C9:BD:09 CSS326
1C:2A:A3:1E:78:67 ZX1
48:DA:35:6F:BE:50 NanoKVM
08:92:04:C6:07:C5 XTRM-Nobara (Failover)
```
**VLAN 20 - Trusted:**
@@ -182,14 +185,14 @@ D0:C9:07:8C:C9:46 Private Vendor 2
| VLAN | Device Count | Comment |
|------|--------------|---------|
| 10 - Mgmt | 9 | Infrastructure only |
| 10 - Mgmt | 10 | Infrastructure + failover |
| 20 - Trusted | 9 | Family devices |
| 25 - Kids | 4 | Kids devices (subset of 20) |
| 25 - Kids | 5 | Kids devices + Recalbox |
| 30 - IoT | 14 | Smart home devices |
| 35 - Cameras | 1 | Security |
| 40 - Servers | 1 | Services |
| 50 - Guest | 4 | Unknown/unidentified devices |
| **Total** | **38** | All devices categorized |
| **Total** | **40** | All devices categorized |
---

49
docs/07-WIFI-CAPSMAN-CONFIG.md
View File

@@ -1,6 +1,6 @@
# WiFi and CAPsMAN Configuration
**Last Updated:** 2026-02-02
**Last Updated:** 2026-02-14
**Purpose:** Document WiFi network settings, CAPsMAN configuration, and device compatibility requirements
---
@@ -104,41 +104,40 @@ If devices still can't connect, use WPA-only with TKIP-only:
|---------|-------|
| caps-man-addresses | 192.168.10.1 |
| certificate | request |
| RouterOS | 7.21.1 |
| SSH Port | 2222 |
| SSH | `ssh -i ~/.ssh/mikrotik_key -p 2222 xtrm@192.168.10.2` |
**Note:** CAP was factory reset on 2026-02-13. CAPsMAN certificate was regenerated and CAP re-enrolled with `certificate=request`.
### CAP Interfaces
| Interface | Radio | Band | SSID | Status |
|-----------|-------|------|------|--------|
| cap-wifi1 | wifi1 | 2.4GHz | XTRM2 | Working |
| cap-wifi2 | wifi2 | 5GHz | XTRM | Channel issues (disabled) |
| Interface | Radio | Band | SSID | Security | Status |
|-----------|-------|------|------|----------|--------|
| cap-wifi1 | wifi1 | 2.4GHz | XTRM2 | WPA2-PSK, CCMP | Working |
| cap-wifi2 | wifi2 | 5GHz | XTRM | WPA2/WPA3-PSK | Working (Ch 5220, 20/40MHz) |
### CAP Access List Rule
CAP clients bypass VLAN assignment (go to VLAN 10):
```routeros
/interface wifi access-list add \
interface=cap-wifi1 \
action=accept \
comment="CAP clients - no VLAN" \
place-before=0
```
**Note:** cap-wifi1 uses cfg-xtrm2 but with WPA2+CCMP only (not WPA+TKIP like the local wifi2). Legacy IoT devices requiring TKIP will only work on HAP1's local wifi2.
---
## WiFi Access List (VLAN Assignment)
## WiFi Access List
Devices are assigned to VLANs based on MAC address:
**Status:** VLAN assignment via access list is **not active** (rolled back 2026-01-27). All entries use `action=accept` without VLAN ID. Devices get their VLAN via DHCP static leases on the bridge.
| VLAN | Purpose | Example Devices |
|------|---------|-----------------||
| 20 | Trusted | MacBooks, iPhones, Samsung phones |
| 25 | Kids | Kids devices |
| 30 | IoT | Smart home devices, Chromecast, Bosch appliances |
| 40 | Catch-All | Unknown devices (default) |
**29 entries** configured (MAC-based accept rules + 1 default catch-all):
### Current Access List
| # | MAC | Device | Notes |
|---|-----|--------|-------|
| 0 | AA:ED:8B:2A:40:F1 | Samsung S25 Ultra - Kaloyan | |
| 1 | 82:6D:FB:D9:E0:47 | MacBook Air - Nora | |
| 12 | CE:B8:11:EA:8D:55 | MacBook - Kaloyan | |
| 13 | BE:A7:95:87:19:4A | MacBook 5GHz - Kaloyan | |
| 27 | B8:27:EB:32:B2:13 | RecalBox RPi3 | VLAN 25 (Kids) |
| 28 | CC:5E:F8:D3:37:D3 | ASUS ROG Ally - Kaloyan | |
| 29 | (any) | Default - VLAN40 | Catch-all |
### Show Full Access List
```routeros
/interface wifi access-list print

25
docs/CHANGELOG.md
View File

@@ -4,6 +4,31 @@
---
## 2026-02-14
### CAP XL ac Recovery
- **[WIRELESS]** Factory reset CAP XL ac (lost credentials)
- **[WIRELESS]** Reconfigured CAPsMAN: regenerated certificate, CAP re-enrolled with `certificate=request`
- **[WIRELESS]** Both CAP radios now active: wifi1 (2.4GHz XTRM2) + wifi2 (5GHz XTRM)
- **[WIRELESS]** CAP now running RouterOS 7.21.1
- **[WIRELESS]** Enabled SSH on CAP port 2222 for user xtrm with mikrotik key
- **[WIRELESS]** Confirmed WiFi access list has no VLAN assignment (rolled back Jan 27)
### Roms Network Share
- **[SERVICE]** Shared /mnt/user/roms (2.3TB, 49 systems) via SMB from Unraid
- **[SERVICE]** Mounted on Nobara at /mnt/roms (fstab, CIFS guest, systemd.automount)
- **[SERVICE]** Mounted on Recalbox via custom.sh boot script (CIFS bind mounts)
- **[SERVICE]** Deleted local roms from Recalbox SD card (~12.5GB freed)
### Documentation Updates
- **[DOCS]** Updated 07-WIFI-CAPSMAN-CONFIG.md: CAP both radios working, access list status
- **[DOCS]** Updated 01-NETWORK-MAP.md: Fixed CAP IP (.6→.2), added Nobara and SMB shares
- **[DOCS]** Updated 04-HARDWARE-INVENTORY.md: CAP details, added Recalbox device
- **[DOCS]** Updated 06-VLAN-DEVICE-ASSIGNMENT.md: Added Nobara (VLAN 10) and Recalbox (VLAN 25)
- **[DOCS]** Updated 03-SERVICES-OTHER.md: Added Roms SMB share section
---
## 2026-02-13
### Failover Infrastructure Deployed