diff --git a/docs/01-NETWORK-MAP.md b/docs/01-NETWORK-MAP.md
index 4f94bbc..f823aa2 100644
--- a/docs/01-NETWORK-MAP.md
+++ b/docs/01-NETWORK-MAP.md
@@ -1,6 +1,6 @@
# Network Map - xtrm-lab.org
-**Last Updated:** 2026-02-06
+**Last Updated:** 2026-02-14
**Domain:** xtrm-lab.org
**WAN IP:** 62.73.120.142
@@ -39,7 +39,7 @@ flowchart TB
end
subgraph Wireless["WiFi"]
- CAP["CAP | cAP XL ac
192.168.10.6"]
+ CAP["CAP | cAP XL ac
192.168.10.2"]
end
ISP -->|"ether1 WAN"| HAP1
@@ -116,9 +116,10 @@ flowchart TB
| 192.168.10.1 | HAP1 \| hAP ax³ | Router |
| 192.168.10.3 | CSS1 \| CSS326-24G-2S+ | Switch |
| 192.168.10.4 | ZX1 \| ZX-SWTGW218AS | Switch |
-| 192.168.10.6 | CAP \| cAP XL ac | Access Point |
+| 192.168.10.2 | CAP \| cAP XL ac | Access Point |
| 192.168.10.10 | AdGuard Home (Unraid macvlan) | DNS Secondary |
| 192.168.10.20 | XTRM-U | Server |
+| 192.168.10.103 | XTRM-Nobara | Failover Node |
| 192.168.10.200 | NanoKVM | Remote KVM |
For complete device-to-VLAN mapping, see `06-VLAN-DEVICE-ASSIGNMENT.md`.
@@ -301,10 +302,9 @@ flowchart TB
| SSID | Band | Security | Purpose |
|------|------|----------|---------|
| XTRM | 5GHz | WPA2/WPA3 | Primary devices |
-| XTRM | 2.4GHz | WPA/WPA2 | Legacy support |
| XTRM2 | 2.4GHz | WPA/WPA2 | IoT devices |
-**CAPsMAN:** HAP1 manages CAP access point
+**CAPsMAN:** HAP1 manages CAP XL ac (192.168.10.2) - both 2.4GHz and 5GHz radios active
---
@@ -356,6 +356,14 @@ flowchart TB
---
+## SMB Shares
+
+| Share | Path | Size | Access | Consumers |
+|-------|------|------|--------|-----------|
+| roms | /mnt/user/roms | 2.3 TB | Guest (read-only) | Nobara (/mnt/roms), Recalbox (network mount) |
+
+---
+
## Shared Databases
### PostgreSQL 17 (172.18.0.13)
diff --git a/docs/03-SERVICES-OTHER.md b/docs/03-SERVICES-OTHER.md
index e1ca755..c6845e8 100644
--- a/docs/03-SERVICES-OTHER.md
+++ b/docs/03-SERVICES-OTHER.md
@@ -1,6 +1,6 @@
# Other Services
-**Last Updated:** 2026-02-06
+**Last Updated:** 2026-02-14
Non-critical services that enhance functionality but don't affect core network operation.
@@ -130,6 +130,23 @@ Non-critical services that enhance functionality but don't affect core network o
**Purpose:** Torrent client
+### Roms (SMB Share)
+
+| Property | Value |
+|----------|-------|
+| Share Path | /mnt/user/roms |
+| Protocol | SMB (guest access, read-only) |
+| Size | 2.3 TB (49 systems) |
+
+**Consumers:**
+
+| Device | Mount Point | Method |
+|--------|-------------|--------|
+| Nobara | /mnt/roms | fstab (CIFS, guest, systemd.automount) |
+| Recalbox | /recalbox/share/roms_network | custom.sh boot script (CIFS) |
+
+**Recalbox:** Network roms are bind-mounted over local rom directories at boot via `/recalbox/share/system/custom.sh`. Local roms were deleted from SD card to save space.
+
---
## Productivity
diff --git a/docs/04-HARDWARE-INVENTORY.md b/docs/04-HARDWARE-INVENTORY.md
index 3ff7f4c..6087760 100644
--- a/docs/04-HARDWARE-INVENTORY.md
+++ b/docs/04-HARDWARE-INVENTORY.md
@@ -1,6 +1,6 @@
# Hardware Inventory
-**Last Updated:** 2026-01-31
+**Last Updated:** 2026-02-14
---
@@ -75,12 +75,15 @@
|----------|-------|
| **Role** | Wireless Access Point |
| **Location** | Corridor (ceiling) |
-| **IP** | 192.168.10.6 |
+| **IP** | 192.168.10.2 |
| **MAC** | 18:FD:74:54:3D:BC |
-| **OS** | RouterOS 7.x |
+| **OS** | RouterOS 7.21.1 |
| **Serial** | HCT085KBH8B |
+| **SSH** | `ssh -i ~/.ssh/mikrotik_key -p 2222 xtrm@192.168.10.2` |
**Managed by:** HAP1 CAPsMAN
+**Radios:** wifi1 (2.4GHz XTRM2), wifi2 (5GHz XTRM) - both active
+**Factory reset:** 2026-02-13 (CAPsMAN certificate regenerated)
---
@@ -192,6 +195,24 @@
| Dancho | Boys Room | B1 | CSS1-18 | - |
| KVM Switch | - | Direct | CSS1-2 | - |
+## End Devices (WiFi)
+
+### Recalbox | Raspberry Pi 3
+
+| Property | Value |
+|----------|-------|
+| **Role** | Retro Gaming Console |
+| **Location** | Living Room |
+| **IP** | 192.168.25.30 |
+| **MAC** | B8:27:EB:32:B2:13 |
+| **OS** | Recalbox |
+| **VLAN** | 25 (Kids) |
+| **SSID** | XTRM2 (2.4GHz) |
+| **SSH** | `ssh root@192.168.25.30` (password: `recalboxroot`) |
+
+**Roms:** Network-mounted from Unraid SMB share (//192.168.10.20/roms)
+**Boot script:** `/recalbox/share/system/custom.sh` (mounts roms at boot)
+
---
## Future Hardware (Planned)
diff --git a/docs/06-VLAN-DEVICE-ASSIGNMENT.md b/docs/06-VLAN-DEVICE-ASSIGNMENT.md
index 9475fb6..42035b6 100644
--- a/docs/06-VLAN-DEVICE-ASSIGNMENT.md
+++ b/docs/06-VLAN-DEVICE-ASSIGNMENT.md
@@ -1,6 +1,6 @@
# VLAN Device Assignment Map
-**Last Updated:** 2026-02-06
+**Last Updated:** 2026-02-14
**Purpose:** Complete inventory of all network devices with VLAN assignments
---
@@ -29,6 +29,7 @@
| 192.168.10.3 | F4:1E:57:C9:BD:09 | CSS326-24G-2S+ | 24-port switch | Room distribution |
| 192.168.10.4 | 1C:2A:A3:1E:78:67 | ZX1 (ZX-SWTGW218AS) | 8-port 2.5G switch | Server rack |
| 192.168.10.20 | A8:B8:E0:02:B6:15 | XTRM-U (Unraid) | Main server | Docker host, NAS |
+| 192.168.10.103 | 08:92:04:C6:07:C5 | XTRM-Nobara | Failover node | Keepalived BACKUP |
| 192.168.10.200 | 48:DA:35:6F:BE:50 | NanoKVM | Remote KVM | IPMI alternative |
| 172.17.0.2 | 46:D0:27:F7:1F:CA | AdGuard (MikroTik) | DNS (Router) | Primary DNS, DoH/DoT |
| 172.17.0.3 | 0C:AB:39:8D:8C:FC | Tailscale (MikroTik) | VPN container | Remote access |
@@ -59,6 +60,7 @@
| 192.168.25.14 | 90:91:64:70:0D:86 | Notebook | Kimi | |
| 192.168.25.15 | 2A:2B:BA:86:D4:AF | iPhone | Kimi | |
| 192.168.25.18 | A4:D1:D2:7B:52:BE | iPad | Compusbg | Work tablet |
+| 192.168.25.30 | B8:27:EB:32:B2:13 | Recalbox (RPi3) | Gaming | Retro gaming, WiFi XTRM2 |
---
@@ -124,6 +126,7 @@ A8:B8:E0:02:B6:15 XTRM-U
F4:1E:57:C9:BD:09 CSS326
1C:2A:A3:1E:78:67 ZX1
48:DA:35:6F:BE:50 NanoKVM
+08:92:04:C6:07:C5 XTRM-Nobara (Failover)
```
**VLAN 20 - Trusted:**
@@ -182,14 +185,14 @@ D0:C9:07:8C:C9:46 Private Vendor 2
| VLAN | Device Count | Comment |
|------|--------------|---------|
-| 10 - Mgmt | 9 | Infrastructure only |
+| 10 - Mgmt | 10 | Infrastructure + failover |
| 20 - Trusted | 9 | Family devices |
-| 25 - Kids | 4 | Kids devices (subset of 20) |
+| 25 - Kids | 5 | Kids devices + Recalbox |
| 30 - IoT | 14 | Smart home devices |
| 35 - Cameras | 1 | Security |
| 40 - Servers | 1 | Services |
| 50 - Guest | 4 | Unknown/unidentified devices |
-| **Total** | **38** | All devices categorized |
+| **Total** | **40** | All devices categorized |
---
diff --git a/docs/07-WIFI-CAPSMAN-CONFIG.md b/docs/07-WIFI-CAPSMAN-CONFIG.md
index ed6f177..36f53d9 100644
--- a/docs/07-WIFI-CAPSMAN-CONFIG.md
+++ b/docs/07-WIFI-CAPSMAN-CONFIG.md
@@ -1,6 +1,6 @@
# WiFi and CAPsMAN Configuration
-**Last Updated:** 2026-02-02
+**Last Updated:** 2026-02-14
**Purpose:** Document WiFi network settings, CAPsMAN configuration, and device compatibility requirements
---
@@ -104,41 +104,40 @@ If devices still can't connect, use WPA-only with TKIP-only:
|---------|-------|
| caps-man-addresses | 192.168.10.1 |
| certificate | request |
+| RouterOS | 7.21.1 |
| SSH Port | 2222 |
+| SSH | `ssh -i ~/.ssh/mikrotik_key -p 2222 xtrm@192.168.10.2` |
+
+**Note:** CAP was factory reset on 2026-02-13. CAPsMAN certificate was regenerated and CAP re-enrolled with `certificate=request`.
### CAP Interfaces
-| Interface | Radio | Band | SSID | Status |
-|-----------|-------|------|------|--------|
-| cap-wifi1 | wifi1 | 2.4GHz | XTRM2 | Working |
-| cap-wifi2 | wifi2 | 5GHz | XTRM | Channel issues (disabled) |
+| Interface | Radio | Band | SSID | Security | Status |
+|-----------|-------|------|------|----------|--------|
+| cap-wifi1 | wifi1 | 2.4GHz | XTRM2 | WPA2-PSK, CCMP | Working |
+| cap-wifi2 | wifi2 | 5GHz | XTRM | WPA2/WPA3-PSK | Working (Ch 5220, 20/40MHz) |
-### CAP Access List Rule
-
-CAP clients bypass VLAN assignment (go to VLAN 10):
-
-```routeros
-/interface wifi access-list add \
- interface=cap-wifi1 \
- action=accept \
- comment="CAP clients - no VLAN" \
- place-before=0
-```
+**Note:** cap-wifi1 uses cfg-xtrm2 but with WPA2+CCMP only (not WPA+TKIP like the local wifi2). Legacy IoT devices requiring TKIP will only work on HAP1's local wifi2.
---
-## WiFi Access List (VLAN Assignment)
+## WiFi Access List
-Devices are assigned to VLANs based on MAC address:
+**Status:** VLAN assignment via access list is **not active** (rolled back 2026-01-27). All entries use `action=accept` without VLAN ID. Devices get their VLAN via DHCP static leases on the bridge.
-| VLAN | Purpose | Example Devices |
-|------|---------|-----------------||
-| 20 | Trusted | MacBooks, iPhones, Samsung phones |
-| 25 | Kids | Kids devices |
-| 30 | IoT | Smart home devices, Chromecast, Bosch appliances |
-| 40 | Catch-All | Unknown devices (default) |
+**29 entries** configured (MAC-based accept rules + 1 default catch-all):
-### Current Access List
+| # | MAC | Device | Notes |
+|---|-----|--------|-------|
+| 0 | AA:ED:8B:2A:40:F1 | Samsung S25 Ultra - Kaloyan | |
+| 1 | 82:6D:FB:D9:E0:47 | MacBook Air - Nora | |
+| 12 | CE:B8:11:EA:8D:55 | MacBook - Kaloyan | |
+| 13 | BE:A7:95:87:19:4A | MacBook 5GHz - Kaloyan | |
+| 27 | B8:27:EB:32:B2:13 | RecalBox RPi3 | VLAN 25 (Kids) |
+| 28 | CC:5E:F8:D3:37:D3 | ASUS ROG Ally - Kaloyan | |
+| 29 | (any) | Default - VLAN40 | Catch-all |
+
+### Show Full Access List
```routeros
/interface wifi access-list print
diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
index cf593d1..19e396d 100644
--- a/docs/CHANGELOG.md
+++ b/docs/CHANGELOG.md
@@ -4,6 +4,31 @@
---
+## 2026-02-14
+
+### CAP XL ac Recovery
+- **[WIRELESS]** Factory reset CAP XL ac (lost credentials)
+- **[WIRELESS]** Reconfigured CAPsMAN: regenerated certificate, CAP re-enrolled with `certificate=request`
+- **[WIRELESS]** Both CAP radios now active: wifi1 (2.4GHz XTRM2) + wifi2 (5GHz XTRM)
+- **[WIRELESS]** CAP now running RouterOS 7.21.1
+- **[WIRELESS]** Enabled SSH on CAP port 2222 for user xtrm with mikrotik key
+- **[WIRELESS]** Confirmed WiFi access list has no VLAN assignment (rolled back Jan 27)
+
+### Roms Network Share
+- **[SERVICE]** Shared /mnt/user/roms (2.3TB, 49 systems) via SMB from Unraid
+- **[SERVICE]** Mounted on Nobara at /mnt/roms (fstab, CIFS guest, systemd.automount)
+- **[SERVICE]** Mounted on Recalbox via custom.sh boot script (CIFS bind mounts)
+- **[SERVICE]** Deleted local roms from Recalbox SD card (~12.5GB freed)
+
+### Documentation Updates
+- **[DOCS]** Updated 07-WIFI-CAPSMAN-CONFIG.md: CAP both radios working, access list status
+- **[DOCS]** Updated 01-NETWORK-MAP.md: Fixed CAP IP (.6→.2), added Nobara and SMB shares
+- **[DOCS]** Updated 04-HARDWARE-INVENTORY.md: CAP details, added Recalbox device
+- **[DOCS]** Updated 06-VLAN-DEVICE-ASSIGNMENT.md: Added Nobara (VLAN 10) and Recalbox (VLAN 25)
+- **[DOCS]** Updated 03-SERVICES-OTHER.md: Added Roms SMB share section
+
+---
+
## 2026-02-13
### Failover Infrastructure Deployed