jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleanup: Remove Pi-hole, add AdGuard Home Sync, add Uptime Kuma monitors
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details

Browse Source 
- Removed Pi-hole container (using MikroTik AdGuard Home as primary)
- Removed nebula-sync container (not in use)
- Added adguardhome-sync for rule syncing between MikroTik and Unraid AdGuard
- Added 27 monitors to Uptime Kuma for all services
- Updated container IP assignments
- Migrated NetBox to shared postgresql17

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
XTRM-Unraid
2026-01-22 23:22:42 +02:00
parent fa15bec2d6
commit 682aceb8e0
3 changed files with 13 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/06-CHANGELOG.md
View File

@@ -165,3 +165,13 @@
## Previous Changes
See git history for earlier changes.
## 2026-01-22
- [CLEANUP] Removed Pi-hole container (binhex-official-pihole) from Unraid - using AdGuard Home on MikroTik as primary DNS
- [CLEANUP] Removed nebula-sync container - not in use
- [CLEANUP] Removed Traefik routes for ph1.xtrm-lab.org
- [SERVICE] adguardhome-sync: Added for syncing rules between MikroTik AdGuard Home and Unraid AdGuard
- [MONITORING] Added 27 monitors to Uptime Kuma covering all web services and infrastructure
- [ORGANIZATION] Updated Unraid container categories for better organization
- [NETBOX] Migrated NetBox to shared postgresql17 database and dockerproxy network

6
docs/13-CONTAINER-IP-ASSIGNMENTS.md
View File

@@ -44,6 +44,7 @@ Static IP range: 172.18.0.2 - 172.18.0.99
| Nextcloud | 172.18.0.24 | Cloud storage | Template |
| karakeep | 172.18.0.25 | Bookmark manager | Template |
| transmission | 172.18.0.26 | Torrent client | Template |
| adguardhome-sync | 172.18.0.27 | AdGuard Home Sync | Compose |
### DevOps (172.18.0.31 - 172.18.0.40)
@@ -101,7 +102,6 @@ These containers have direct LAN access via macvlan.
| Container | Static IP | Purpose | Config |
|-----------|-----------|---------|--------|
| binhex-official-pihole | 192.168.31.4 | DNS sinkhole | Template |
| unbound | 192.168.31.5 | Recursive DNS | Template |
| TimeMachine | 192.168.31.12 | Time Machine backup | Template |
@@ -132,7 +132,6 @@ These containers share the host network stack.
| plex | Media server |
| HomeAssistant_inabox | Home automation |
| stunnel-dot | DNS over TLS |
| nebula-sync | Nebula mesh sync |
---
@@ -157,6 +156,7 @@ These containers share the host network stack.
| Woodpecker | `/mnt/user/appdata/woodpecker/docker-compose.yml` |
| Pangolin | `/mnt/user/appdata/pangolin/docker-compose.yml` |
| Slurp'it | `/mnt/user/appdata/slurpit/docker-compose.yml` |
| AdGuard Home Sync | `/mnt/user/appdata/adguard-sync/docker-compose.yml` |
---
@@ -175,7 +175,7 @@ Use Unraid Docker UI to update/recreate - static IP is preserved in template.
### Verify IPs
```bash
# Check all IPs on a network
docker network inspect <network> --format '{{range .Containers}}{{.Name}}: {{.IPv4Address}}{{"\\n"}}{{end}}'
docker network inspect <network> --format '{{range .Containers}}{{.Name}}: {{.IPv4Address}}{{"\n"}}{{end}}'
# Check specific container
docker inspect <container> | jq '.[0].NetworkSettings.Networks'

74
docs/INFRASTRUCTURE-DIAGRAM.md
View File

@@ -1,19 +1,14 @@
# Infrastructure Diagram - xtrm-lab.org
**Generated:** 2026-01-22
**Domain:** xtrm-lab.org
**WAN IP:** 62.73.120.142
---
## Network Topology Overview
```mermaid
graph TB
subgraph Internet
WAN[/"🌐 Internet<br/>WAN: 62.73.120.142"/]
end
subgraph Router["MikroTik hAP ax³ (192.168.31.1)"]
direction TB
subgraph RouterContainers["Docker Containers"]
@@ -21,23 +16,18 @@ graph TB
TS["🔗 Tailscale<br/>172.17.0.4"]
end
end
subgraph LAN["LAN Network (192.168.31.0/24)"]
Switch["🔌 CSS326 Switch<br/>192.168.31.9"]
AP["📶 cAP ac<br/>192.168.31.6"]
Unraid["🖥️ Unraid Server<br/>192.168.31.2"]
end
WAN --> Router
Router --> Switch
Switch --> AP
Switch --> Unraid
```
---
## Port Forwarding / NAT Rules
```mermaid
flowchart LR
subgraph WAN["Internet (62.73.120.142)"]
@@ -49,7 +39,6 @@ flowchart LR
P51413[":51413"]
P21115[":21115-21119"]
end
subgraph Destinations
Traefik80["Traefik<br/>192.168.31.2:8001"]
Traefik443["Traefik<br/>192.168.31.2:44301"]
@@ -59,7 +48,6 @@ flowchart LR
Transmission["Transmission<br/>192.168.31.2:51413"]
RustDesk["RustDesk<br/>192.168.31.2"]
end
P80 --> Traefik80
P443 --> Traefik443
P853 --> DoT
@@ -68,13 +56,9 @@ flowchart LR
P51413 --> Transmission
P21115 --> RustDesk
```
---
## Unraid Docker Services
### Core Infrastructure & Security
```mermaid
flowchart TB
subgraph Core["Core Infrastructure"]
@@ -82,26 +66,21 @@ flowchart TB
traefik["🔀 traefik<br/>172.18.0.3<br/>:8001→80, :44301→443"]
homarr["🏠 homarr<br/>172.18.0.4<br/>xtrm-lab.org"]
end
subgraph Security["Security & Identity"]
authentik["🔐 authentik<br/>172.18.0.11<br/>auth.xtrm-lab.org"]
authentik_worker["⚙️ authentik-worker<br/>172.18.0.12"]
vaultwarden["🔑 vaultwarden<br/>172.18.0.15<br/>vault.xtrm-lab.org"]
end
subgraph Databases["Databases"]
postgresql["🐘 postgresql17<br/>172.18.0.13:5432"]
redis["📦 Redis<br/>172.18.0.14:6379"]
end
traefik --> dockersocket
authentik --> postgresql
authentik --> redis
authentik_worker --> authentik
```
### DevOps & CI/CD
```mermaid
flowchart TB
subgraph DevOps["DevOps Stack"]
@@ -109,31 +88,24 @@ flowchart TB
woodpecker_server["🪵 woodpecker-server<br/>172.18.0.32<br/>ci.xtrm-lab.org"]
woodpecker_agent["🤖 woodpecker-agent<br/>172.18.0.33"]
end
gitea --> woodpecker_server
woodpecker_server --> woodpecker_agent
```
### DNS Infrastructure
```mermaid
flowchart TB
subgraph RouterDNS["MikroTik Router DNS"]
adguard["🛡️ AdGuard Home<br/>172.17.0.5<br/>PRIMARY<br/>DoH/DoT/DoQ"]
end
subgraph UnraidDNS["Unraid DNS (Secondary)"]
pihole["🕳️ Pi-hole<br/>192.168.31.4<br/>ph1.xtrm-lab.org"]
unbound["🔄 Unbound<br/>192.168.31.5<br/>Recursive DNS"]
doh_server["🌐 DoH-Server<br/>172.18.0.22"]
end
adguard -->|Fallback| pihole
pihole --> unbound
```
### Network Management
```mermaid
flowchart TB
subgraph NetMgmt["Network Management"]
@@ -142,20 +114,16 @@ flowchart TB
unimus["💾 Unimus<br/>unimus.xtrm-lab.org<br/>Config Backup"]
slurpit["🔎 Slurp'it<br/>slurpit.xtrm-lab.org<br/>Network Discovery"]
end
subgraph NetBoxStack["NetBox Stack"]
nb_postgres["🐘 netbox-postgres<br/>172.24.0.4"]
nb_redis["📦 netbox-redis<br/>172.24.0.2"]
nb_worker["⚙️ netbox-worker<br/>172.24.0.6"]
end
netbox --> nb_postgres
netbox --> nb_redis
nb_worker --> netbox
```
### Monitoring
```mermaid
flowchart TB
subgraph Monitoring["Monitoring Stack"]
@@ -165,13 +133,10 @@ flowchart TB
netalert["🚨 NetAlertX<br/>netalert.xtrm-lab.org"]
speedtest["📈 Speedtest<br/>172.18.0.21<br/>speedtest.xtrm-lab.org"]
end
autokuma --> uptime
uptime_api --> uptime
```
### Media & Storage
```mermaid
flowchart TB
subgraph Media["Media & Storage"]
@@ -182,9 +147,7 @@ flowchart TB
libation["📚 Libation<br/>172.18.0.23<br/>Audiobooks"]
end
```
### Productivity
```mermaid
flowchart TB
subgraph Productivity["Productivity Apps"]
@@ -193,42 +156,32 @@ flowchart TB
karakeep["📝 Karakeep<br/>172.18.0.25<br/>karakeep.xtrm-lab.org"]
end
```
### Remote Access & Home Automation
```mermaid
flowchart TB
subgraph Remote["Remote Access"]
rustdesk_hbbs["🖥️ RustDesk ID<br/>:21115-21119<br/>rustdesk.xtrm-lab.org"]
rustdesk_hbbr["📡 RustDesk Relay"]
end
subgraph Home["Home Automation"]
ha["🏡 Home Assistant<br/>ha.xtrm-lab.org"]
urbackup["💾 UrBackup<br/>urbackup.xtrm-lab.org"]
end
rustdesk_hbbs --> rustdesk_hbbr
```
---
## Complete Service Flow
```mermaid
flowchart TB
subgraph Internet["🌐 Internet"]
User["👤 User"]
end
subgraph MikroTik["MikroTik Router"]
NAT["NAT/Firewall"]
AGH["AdGuard Home<br/>DNS/DoH/DoT"]
end
subgraph Unraid["Unraid Server"]
Traefik["Traefik<br/>Reverse Proxy"]
subgraph Services["Services"]
Auth["Authentik"]
Git["Gitea"]
@@ -240,7 +193,6 @@ flowchart TB
HA["Home Assistant"]
end
end
User -->|HTTPS :443| NAT
User -->|DoH/DoT| AGH
NAT -->|:44301| Traefik
@@ -253,11 +205,8 @@ flowchart TB
NAT -->|:32400| PX
Traefik --> HA
```
---
## Docker Networks
```mermaid
flowchart TB
subgraph dockerproxy["dockerproxy (172.18.0.0/16)"]
@@ -268,19 +217,16 @@ flowchart TB
dp_uptime["UptimeKuma"]
dp_more["...40+ services"]
end
subgraph netbox_net["netbox (172.24.0.0/16)"]
nb_main["netbox"]
nb_pg["netbox-postgres"]
nb_redis["netbox-redis"]
end
subgraph br0["br0 macvlan (192.168.31.0/24)"]
br_pihole["Pi-hole<br/>192.168.31.4"]
br_unbound["Unbound<br/>192.168.31.5"]
br_tm["TimeMachine<br/>192.168.31.12"]
end
subgraph host_net["host network"]
h_plex["plex"]
h_netalert["NetAlertX"]
@@ -288,37 +234,29 @@ flowchart TB
h_ha["HomeAssistant"]
end
```
---
## Service Summary Tables
### Core Infrastructure
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Reverse Proxy | traefik | 172.18.0.3 | 8001→80, 44301→443 | traefik.xtrm-lab.org |
| Docker Socket | dockersocket | 172.18.0.2 | 2375 | - |
| Dashboard | homarr | 172.18.0.4 | 10004→7575 | xtrm-lab.org |
### Security & Identity
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Identity Provider | authentik | 172.18.0.11 | 9000, 9443 | auth.xtrm-lab.org |
| Password Manager | vaultwarden | 172.18.0.15 | 4743→80 | vault.xtrm-lab.org |
### DNS Infrastructure
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| AdGuard Home | adguardhome | 172.17.0.5 | 5355, 443, 853, 8853 | dns.xtrm-lab.org |
| Pi-hole | binhex-official-pihole | 192.168.31.4 | 53, 80 | ph1.xtrm-lab.org |
| Unbound | unbound | 192.168.31.5 | 53 | - |
### DevOps & CI/CD
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Git Server | gitea | 172.18.0.31 | 2222→22, 3005→3000 | git.xtrm-lab.org |
| CI/CD Server | woodpecker-server | 172.18.0.32 | 80, 443, 8000 | ci.xtrm-lab.org |
### Network Management
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
@@ -326,58 +264,46 @@ flowchart TB
| NetDisco | netdisco-web | 172.18.0.41 | 5000 | netdisco.xtrm-lab.org |
| Unimus | unimus | host | - | unimus.xtrm-lab.org |
| Slurpit | slurpit-portal | dockerproxy | 80 | slurpit.xtrm-lab.org |
### Monitoring
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Uptime Kuma | UptimeKuma | 172.18.0.20 | 3001 | uptime.xtrm-lab.org |
| NetAlertX | NetAlertX | host | - | netalert.xtrm-lab.org |
| Speedtest | speedtest-tracker | 172.18.0.21 | 1180→80 | speedtest.xtrm-lab.org |
### Media & Storage
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Plex | plex | host | 32400 | plex.xtrm-lab.org |
| Nextcloud | Nextcloud | 172.18.0.24 | 8666→80 | nextcloud.xtrm-lab.org |
| Transmission | transmission | bridge | 9091, 51413 | - |
### Productivity
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Actual Budget | actual-budget | 172.18.0.16 | 5006 | actual.xtrm-lab.org |
| n8n | n8n | 172.18.0.17 | 5678 | n8n.xtrm-lab.org |
| Karakeep | karakeep | 172.18.0.25 | 3000 | karakeep.xtrm-lab.org |
### Remote Access & Backup
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| RustDesk | rustdesk-hbbs | bridge | 21115-21119 | rustdesk.xtrm-lab.org |
| Home Assistant | HomeAssistant_inabox | host | - | ha.xtrm-lab.org |
| UrBackup | UrBackup | host | - | urbackup.xtrm-lab.org |
---
## Encrypted DNS Endpoints
| Protocol | Endpoint | Port |
|----------|----------|------|
| DoH | https://dns.xtrm-lab.org/dns-query | 443 |
| DoT | tls://dns.xtrm-lab.org | 853 |
| DoQ | quic://dns.xtrm-lab.org | 8853 |
---
## Quick Reference
**SSH Access:**
```bash
# Unraid
ssh -i ~/.ssh/id_ed25519_unraid root@192.168.31.2 -p 422
# MikroTik
ssh -i /root/.ssh/mikrotik_key -p 2222 unraid@192.168.31.1
```
**Key URLs:**
- 🏠 Dashboard: https://xtrm-lab.org
- 🔐 Auth: https://auth.xtrm-lab.org