From 682aceb8e0b5fff3ced2cb5d6c8ece175fc1e6f1 Mon Sep 17 00:00:00 2001 From: XTRM-Unraid Date: Thu, 22 Jan 2026 23:22:42 +0200 Subject: [PATCH] Cleanup: Remove Pi-hole, add AdGuard Home Sync, add Uptime Kuma monitors - Removed Pi-hole container (using MikroTik AdGuard Home as primary) - Removed nebula-sync container (not in use) - Added adguardhome-sync for rule syncing between MikroTik and Unraid AdGuard - Added 27 monitors to Uptime Kuma for all services - Updated container IP assignments - Migrated NetBox to shared postgresql17 Co-Authored-By: Claude Opus 4.5 --- docs/06-CHANGELOG.md | 10 ++++ docs/13-CONTAINER-IP-ASSIGNMENTS.md | 6 +-- docs/INFRASTRUCTURE-DIAGRAM.md | 74 ----------------------------- 3 files changed, 13 insertions(+), 77 deletions(-) diff --git a/docs/06-CHANGELOG.md b/docs/06-CHANGELOG.md index 4115411..e742a07 100644 --- a/docs/06-CHANGELOG.md +++ b/docs/06-CHANGELOG.md @@ -165,3 +165,13 @@ ## Previous Changes See git history for earlier changes. + +## 2026-01-22 + +- [CLEANUP] Removed Pi-hole container (binhex-official-pihole) from Unraid - using AdGuard Home on MikroTik as primary DNS +- [CLEANUP] Removed nebula-sync container - not in use +- [CLEANUP] Removed Traefik routes for ph1.xtrm-lab.org +- [SERVICE] adguardhome-sync: Added for syncing rules between MikroTik AdGuard Home and Unraid AdGuard +- [MONITORING] Added 27 monitors to Uptime Kuma covering all web services and infrastructure +- [ORGANIZATION] Updated Unraid container categories for better organization +- [NETBOX] Migrated NetBox to shared postgresql17 database and dockerproxy network diff --git a/docs/13-CONTAINER-IP-ASSIGNMENTS.md b/docs/13-CONTAINER-IP-ASSIGNMENTS.md index 2d18dca..aab4dee 100644 --- a/docs/13-CONTAINER-IP-ASSIGNMENTS.md +++ b/docs/13-CONTAINER-IP-ASSIGNMENTS.md @@ -44,6 +44,7 @@ Static IP range: 172.18.0.2 - 172.18.0.99 | Nextcloud | 172.18.0.24 | Cloud storage | Template | | karakeep | 172.18.0.25 | Bookmark manager | Template | | transmission | 172.18.0.26 | Torrent client | Template | +| adguardhome-sync | 172.18.0.27 | AdGuard Home Sync | Compose | ### DevOps (172.18.0.31 - 172.18.0.40) @@ -101,7 +102,6 @@ These containers have direct LAN access via macvlan. | Container | Static IP | Purpose | Config | |-----------|-----------|---------|--------| -| binhex-official-pihole | 192.168.31.4 | DNS sinkhole | Template | | unbound | 192.168.31.5 | Recursive DNS | Template | | TimeMachine | 192.168.31.12 | Time Machine backup | Template | @@ -132,7 +132,6 @@ These containers share the host network stack. | plex | Media server | | HomeAssistant_inabox | Home automation | | stunnel-dot | DNS over TLS | -| nebula-sync | Nebula mesh sync | --- @@ -157,6 +156,7 @@ These containers share the host network stack. | Woodpecker | `/mnt/user/appdata/woodpecker/docker-compose.yml` | | Pangolin | `/mnt/user/appdata/pangolin/docker-compose.yml` | | Slurp'it | `/mnt/user/appdata/slurpit/docker-compose.yml` | +| AdGuard Home Sync | `/mnt/user/appdata/adguard-sync/docker-compose.yml` | --- @@ -175,7 +175,7 @@ Use Unraid Docker UI to update/recreate - static IP is preserved in template. ### Verify IPs ```bash # Check all IPs on a network -docker network inspect --format '{{range .Containers}}{{.Name}}: {{.IPv4Address}}{{"\\n"}}{{end}}' +docker network inspect --format '{{range .Containers}}{{.Name}}: {{.IPv4Address}}{{"\n"}}{{end}}' # Check specific container docker inspect | jq '.[0].NetworkSettings.Networks' diff --git a/docs/INFRASTRUCTURE-DIAGRAM.md b/docs/INFRASTRUCTURE-DIAGRAM.md index c3d3aa7..e039f1f 100644 --- a/docs/INFRASTRUCTURE-DIAGRAM.md +++ b/docs/INFRASTRUCTURE-DIAGRAM.md @@ -1,19 +1,14 @@ # Infrastructure Diagram - xtrm-lab.org - **Generated:** 2026-01-22 **Domain:** xtrm-lab.org **WAN IP:** 62.73.120.142 - --- - ## Network Topology Overview - ```mermaid graph TB subgraph Internet WAN[/"🌐 Internet
WAN: 62.73.120.142"/] end - subgraph Router["MikroTik hAP ax³ (192.168.31.1)"] direction TB subgraph RouterContainers["Docker Containers"] @@ -21,23 +16,18 @@ graph TB TS["🔗 Tailscale
172.17.0.4"] end end - subgraph LAN["LAN Network (192.168.31.0/24)"] Switch["🔌 CSS326 Switch
192.168.31.9"] AP["📶 cAP ac
192.168.31.6"] Unraid["🖥️ Unraid Server
192.168.31.2"] end - WAN --> Router Router --> Switch Switch --> AP Switch --> Unraid ``` - --- - ## Port Forwarding / NAT Rules - ```mermaid flowchart LR subgraph WAN["Internet (62.73.120.142)"] @@ -49,7 +39,6 @@ flowchart LR P51413[":51413"] P21115[":21115-21119"] end - subgraph Destinations Traefik80["Traefik
192.168.31.2:8001"] Traefik443["Traefik
192.168.31.2:44301"] @@ -59,7 +48,6 @@ flowchart LR Transmission["Transmission
192.168.31.2:51413"] RustDesk["RustDesk
192.168.31.2"] end - P80 --> Traefik80 P443 --> Traefik443 P853 --> DoT @@ -68,13 +56,9 @@ flowchart LR P51413 --> Transmission P21115 --> RustDesk ``` - --- - ## Unraid Docker Services - ### Core Infrastructure & Security - ```mermaid flowchart TB subgraph Core["Core Infrastructure"] @@ -82,26 +66,21 @@ flowchart TB traefik["🔀 traefik
172.18.0.3
:8001→80, :44301→443"] homarr["🏠 homarr
172.18.0.4
xtrm-lab.org"] end - subgraph Security["Security & Identity"] authentik["🔐 authentik
172.18.0.11
auth.xtrm-lab.org"] authentik_worker["⚙️ authentik-worker
172.18.0.12"] vaultwarden["🔑 vaultwarden
172.18.0.15
vault.xtrm-lab.org"] end - subgraph Databases["Databases"] postgresql["🐘 postgresql17
172.18.0.13:5432"] redis["📦 Redis
172.18.0.14:6379"] end - traefik --> dockersocket authentik --> postgresql authentik --> redis authentik_worker --> authentik ``` - ### DevOps & CI/CD - ```mermaid flowchart TB subgraph DevOps["DevOps Stack"] @@ -109,31 +88,24 @@ flowchart TB woodpecker_server["🪵 woodpecker-server
172.18.0.32
ci.xtrm-lab.org"] woodpecker_agent["🤖 woodpecker-agent
172.18.0.33"] end - gitea --> woodpecker_server woodpecker_server --> woodpecker_agent ``` - ### DNS Infrastructure - ```mermaid flowchart TB subgraph RouterDNS["MikroTik Router DNS"] adguard["🛡️ AdGuard Home
172.17.0.5
PRIMARY
DoH/DoT/DoQ"] end - subgraph UnraidDNS["Unraid DNS (Secondary)"] pihole["🕳️ Pi-hole
192.168.31.4
ph1.xtrm-lab.org"] unbound["🔄 Unbound
192.168.31.5
Recursive DNS"] doh_server["🌐 DoH-Server
172.18.0.22"] end - adguard -->|Fallback| pihole pihole --> unbound ``` - ### Network Management - ```mermaid flowchart TB subgraph NetMgmt["Network Management"] @@ -142,20 +114,16 @@ flowchart TB unimus["💾 Unimus
unimus.xtrm-lab.org
Config Backup"] slurpit["🔎 Slurp'it
slurpit.xtrm-lab.org
Network Discovery"] end - subgraph NetBoxStack["NetBox Stack"] nb_postgres["🐘 netbox-postgres
172.24.0.4"] nb_redis["📦 netbox-redis
172.24.0.2"] nb_worker["⚙️ netbox-worker
172.24.0.6"] end - netbox --> nb_postgres netbox --> nb_redis nb_worker --> netbox ``` - ### Monitoring - ```mermaid flowchart TB subgraph Monitoring["Monitoring Stack"] @@ -165,13 +133,10 @@ flowchart TB netalert["🚨 NetAlertX
netalert.xtrm-lab.org"] speedtest["📈 Speedtest
172.18.0.21
speedtest.xtrm-lab.org"] end - autokuma --> uptime uptime_api --> uptime ``` - ### Media & Storage - ```mermaid flowchart TB subgraph Media["Media & Storage"] @@ -182,9 +147,7 @@ flowchart TB libation["📚 Libation
172.18.0.23
Audiobooks"] end ``` - ### Productivity - ```mermaid flowchart TB subgraph Productivity["Productivity Apps"] @@ -193,42 +156,32 @@ flowchart TB karakeep["📝 Karakeep
172.18.0.25
karakeep.xtrm-lab.org"] end ``` - ### Remote Access & Home Automation - ```mermaid flowchart TB subgraph Remote["Remote Access"] rustdesk_hbbs["🖥️ RustDesk ID
:21115-21119
rustdesk.xtrm-lab.org"] rustdesk_hbbr["📡 RustDesk Relay"] end - subgraph Home["Home Automation"] ha["🏡 Home Assistant
ha.xtrm-lab.org"] urbackup["💾 UrBackup
urbackup.xtrm-lab.org"] end - rustdesk_hbbs --> rustdesk_hbbr ``` - --- - ## Complete Service Flow - ```mermaid flowchart TB subgraph Internet["🌐 Internet"] User["👤 User"] end - subgraph MikroTik["MikroTik Router"] NAT["NAT/Firewall"] AGH["AdGuard Home
DNS/DoH/DoT"] end - subgraph Unraid["Unraid Server"] Traefik["Traefik
Reverse Proxy"] - subgraph Services["Services"] Auth["Authentik"] Git["Gitea"] @@ -240,7 +193,6 @@ flowchart TB HA["Home Assistant"] end end - User -->|HTTPS :443| NAT User -->|DoH/DoT| AGH NAT -->|:44301| Traefik @@ -253,11 +205,8 @@ flowchart TB NAT -->|:32400| PX Traefik --> HA ``` - --- - ## Docker Networks - ```mermaid flowchart TB subgraph dockerproxy["dockerproxy (172.18.0.0/16)"] @@ -268,19 +217,16 @@ flowchart TB dp_uptime["UptimeKuma"] dp_more["...40+ services"] end - subgraph netbox_net["netbox (172.24.0.0/16)"] nb_main["netbox"] nb_pg["netbox-postgres"] nb_redis["netbox-redis"] end - subgraph br0["br0 macvlan (192.168.31.0/24)"] br_pihole["Pi-hole
192.168.31.4"] br_unbound["Unbound
192.168.31.5"] br_tm["TimeMachine
192.168.31.12"] end - subgraph host_net["host network"] h_plex["plex"] h_netalert["NetAlertX"] @@ -288,37 +234,29 @@ flowchart TB h_ha["HomeAssistant"] end ``` - --- - ## Service Summary Tables - ### Core Infrastructure | Service | Container | IP | Ports | URL | |---------|-----------|-----|-------|-----| | Reverse Proxy | traefik | 172.18.0.3 | 8001→80, 44301→443 | traefik.xtrm-lab.org | | Docker Socket | dockersocket | 172.18.0.2 | 2375 | - | | Dashboard | homarr | 172.18.0.4 | 10004→7575 | xtrm-lab.org | - ### Security & Identity | Service | Container | IP | Ports | URL | |---------|-----------|-----|-------|-----| | Identity Provider | authentik | 172.18.0.11 | 9000, 9443 | auth.xtrm-lab.org | | Password Manager | vaultwarden | 172.18.0.15 | 4743→80 | vault.xtrm-lab.org | - ### DNS Infrastructure | Service | Container | IP | Ports | URL | |---------|-----------|-----|-------|-----| | AdGuard Home | adguardhome | 172.17.0.5 | 5355, 443, 853, 8853 | dns.xtrm-lab.org | -| Pi-hole | binhex-official-pihole | 192.168.31.4 | 53, 80 | ph1.xtrm-lab.org | | Unbound | unbound | 192.168.31.5 | 53 | - | - ### DevOps & CI/CD | Service | Container | IP | Ports | URL | |---------|-----------|-----|-------|-----| | Git Server | gitea | 172.18.0.31 | 2222→22, 3005→3000 | git.xtrm-lab.org | | CI/CD Server | woodpecker-server | 172.18.0.32 | 80, 443, 8000 | ci.xtrm-lab.org | - ### Network Management | Service | Container | IP | Ports | URL | |---------|-----------|-----|-------|-----| @@ -326,58 +264,46 @@ flowchart TB | NetDisco | netdisco-web | 172.18.0.41 | 5000 | netdisco.xtrm-lab.org | | Unimus | unimus | host | - | unimus.xtrm-lab.org | | Slurpit | slurpit-portal | dockerproxy | 80 | slurpit.xtrm-lab.org | - ### Monitoring | Service | Container | IP | Ports | URL | |---------|-----------|-----|-------|-----| | Uptime Kuma | UptimeKuma | 172.18.0.20 | 3001 | uptime.xtrm-lab.org | | NetAlertX | NetAlertX | host | - | netalert.xtrm-lab.org | | Speedtest | speedtest-tracker | 172.18.0.21 | 1180→80 | speedtest.xtrm-lab.org | - ### Media & Storage | Service | Container | IP | Ports | URL | |---------|-----------|-----|-------|-----| | Plex | plex | host | 32400 | plex.xtrm-lab.org | | Nextcloud | Nextcloud | 172.18.0.24 | 8666→80 | nextcloud.xtrm-lab.org | | Transmission | transmission | bridge | 9091, 51413 | - | - ### Productivity | Service | Container | IP | Ports | URL | |---------|-----------|-----|-------|-----| | Actual Budget | actual-budget | 172.18.0.16 | 5006 | actual.xtrm-lab.org | | n8n | n8n | 172.18.0.17 | 5678 | n8n.xtrm-lab.org | | Karakeep | karakeep | 172.18.0.25 | 3000 | karakeep.xtrm-lab.org | - ### Remote Access & Backup | Service | Container | IP | Ports | URL | |---------|-----------|-----|-------|-----| | RustDesk | rustdesk-hbbs | bridge | 21115-21119 | rustdesk.xtrm-lab.org | | Home Assistant | HomeAssistant_inabox | host | - | ha.xtrm-lab.org | | UrBackup | UrBackup | host | - | urbackup.xtrm-lab.org | - --- - ## Encrypted DNS Endpoints - | Protocol | Endpoint | Port | |----------|----------|------| | DoH | https://dns.xtrm-lab.org/dns-query | 443 | | DoT | tls://dns.xtrm-lab.org | 853 | | DoQ | quic://dns.xtrm-lab.org | 8853 | - --- - ## Quick Reference - **SSH Access:** ```bash # Unraid ssh -i ~/.ssh/id_ed25519_unraid root@192.168.31.2 -p 422 - # MikroTik ssh -i /root/.ssh/mikrotik_key -p 2222 unraid@192.168.31.1 ``` - **Key URLs:** - 🏠 Dashboard: https://xtrm-lab.org - 🔐 Auth: https://auth.xtrm-lab.org