Major documentation restructure - consolidated docs

New Structure: - 01-NETWORK-MAP.md - Network topology, IPs, Docker networks, services - 02-SERVICES-CRITICAL.md - DNS, Auth, Routing (P0/P1 services) - 03-SERVICES-OTHER.md - All non-critical services - 04-HARDWARE-INVENTORY.md - Physical devices and specs - 05-CHANGELOG.md - Major events only New Folders: - docs/archive/ - Legacy docs (read-only reference) - docs/wip/ - Planned changes and ideas - UPGRADE-2026-HARDWARE.md - N5 Air + N100 migration plan - GITOPS-CONTAINERS.md - Phase 2 container GitOps Changes: - Moved all 22 legacy docs to archive/ - Consolidated container IPs, physical map, and services into single network map - Extracted critical vs non-critical service classification - Simplified changelog to major events only Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-25 11:17:33 +02:00
parent ed17dea2d6
commit b250493d5a
31 changed files with 1585 additions and 23 deletions
--- a/docs/archive/00-CURRENT-STATE.md
+++ b/docs/archive/00-CURRENT-STATE.md
@@ -0,0 +1,306 @@
+# Infrastructure Current State: xtrm-lab.org
+
+## Document Updated: 2026-01-23
+## Target Domain: xtrm-lab.org
+
+---
+
+## Network Topology Diagram
+
+```mermaid
+graph TB
+    subgraph Internet
+        WAN["WAN: 62.73.120.142"]
+    end
+
+    subgraph MikroTik["MikroTik hAP ax³ (192.168.31.1)"]
+        ROUTER["RouterOS 7.20.6"]
+        subgraph MK_Containers["Docker Containers"]
+            AGH_MK["AdGuard Home<br/>172.17.0.5:5355<br/>dns.xtrm-lab.org"]
+            TS["Tailscale<br/>172.17.0.4"]
+        end
+    end
+
+    subgraph Switch["CSS326-24G-2S+ (192.168.31.9)"]
+        SW["24-Port Managed Switch"]
+    end
+
+    subgraph AP["cAP ac (192.168.31.6)"]
+        WIFI["CAPsMAN AP"]
+    end
+
+    subgraph Unraid["Unraid Server (192.168.31.2)"]
+        subgraph SharedServices["Shared Services"]
+            POSTGRES["PostgreSQL 17<br/>172.18.0.13"]
+            REDIS["Redis<br/>172.18.0.14"]
+        end
+        subgraph Core["Core Services"]
+            TRAEFIK["Traefik<br/>172.18.0.3"]
+            HOMARR["Homarr<br/>172.18.0.4"]
+        end
+        subgraph Security["Security"]
+            AUTH["Authentik<br/>172.18.0.11"]
+            VAULT["Vaultwarden<br/>172.18.0.15"]
+        end
+        subgraph DNS_Unraid["DNS Services"]
+            AGH_UR["AdGuard Home<br/>192.168.31.4<br/>dns2.xtrm-lab.org"]
+        end
+        subgraph DevOps["DevOps"]
+            GITEA["Gitea<br/>172.18.0.31"]
+            WOODPECKER["Woodpecker CI<br/>172.18.0.32"]
+        end
+        subgraph NetBoxStack["Network Inventory"]
+            NETBOX["NetBox<br/>172.18.0.61"]
+            DIODE["Diode Stack<br/>172.18.0.70-74"]
+            NETDISCO["NetDisco<br/>172.18.0.41-42"]
+        end
+    end
+
+    WAN --> ROUTER
+    ROUTER --> AGH_MK
+    ROUTER --> SW
+    SW --> Unraid
+    SW --> AP
+    AGH_MK -.->|sync| AGH_UR
+```
+
+---
+
+## Service Architecture Diagram
+
+```mermaid
+flowchart TB
+    subgraph SharedServices["Shared Infrastructure"]
+        PG[("PostgreSQL 17<br/>172.18.0.13")]
+        RD[("Redis<br/>172.18.0.14")]
+    end
+
+    subgraph NetBoxStack["Network Inventory Stack"]
+        NB["NetBox<br/>172.18.0.61"]
+        NBW["NetBox Worker<br/>172.18.0.62"]
+        NBC[("Redis Cache<br/>172.18.0.64")]
+        
+        subgraph Diode["Diode Discovery"]
+            DI["Ingress<br/>172.18.0.70"]
+            DIN["Ingester<br/>172.18.0.71"]
+            DRE["Reconciler<br/>172.18.0.72"]
+            DHY["Hydra<br/>172.18.0.73"]
+            DAU["Auth<br/>172.18.0.74"]
+            DAG["Agent<br/>host network"]
+        end
+        
+        subgraph NetDisco["NetDisco"]
+            NDW["Web<br/>172.18.0.41"]
+            NDB["Backend<br/>172.18.0.42"]
+        end
+    end
+
+    subgraph DevOps["DevOps Stack"]
+        GIT["Gitea<br/>172.18.0.31"]
+        WPS["Woodpecker Server<br/>172.18.0.32"]
+        WPA["Woodpecker Agent<br/>172.18.0.33"]
+    end
+
+    PG --> NB
+    PG --> GIT
+    PG --> NDW
+    PG --> DRE
+    PG --> DHY
+    RD --> DIN
+    RD --> DRE
+    RD --> NBW
+    NBC --> NB
+    
+    DAG -->|gRPC| DI
+    DI --> DIN
+    DIN --> RD
+    DRE --> NB
+    NDB --> NDW
+```
+
+---
+
+## DNS Architecture
+
+```mermaid
+flowchart TB
+    subgraph External["External Access"]
+        DOH1["DoH: dns.xtrm-lab.org"]
+        DOT1["DoT: dns.xtrm-lab.org:853"]
+        DOH2["DoH: dns2.xtrm-lab.org"]
+        DOT2["DoT: dns2.xtrm-lab.org:853"]
+    end
+
+    subgraph MikroTik["MikroTik Router"]
+        NAT["NAT: 53 → 5355"]
+        AGH1["AdGuard Home<br/>PRIMARY"]
+    end
+
+    subgraph Unraid["Unraid Server"]
+        AGH2["AdGuard Home<br/>SECONDARY"]
+    end
+
+    subgraph Sync["Configuration Sync"]
+        AGHSYNC["adguardhome-sync<br/>Every 30 min"]
+    end
+
+    subgraph Upstream["Upstream DNS"]
+        Q9["Quad9 DoH"]
+    end
+
+    DOH1 --> AGH1
+    DOT1 --> AGH1
+    DOH2 --> AGH2
+    DOT2 --> AGH2
+    NAT --> AGH1
+    AGH1 --> Q9
+    AGH2 --> Q9
+    AGH1 <-.->|sync| AGHSYNC
+    AGHSYNC <-.->|sync| AGH2
+```
+
+---
+
+## Container Summary
+
+### Shared Services
+
+| Container | IP | Purpose | Consumers |
+|-----------|-----|---------|-----------|
+| postgresql17 | 172.18.0.13 | PostgreSQL 17 | NetBox, Gitea, NetDisco, Authentik, Diode |
+| Redis | 172.18.0.14 | Redis Queue | Diode, NetBox Worker |
+
+### Network Inventory (NetBox & Discovery)
+
+| Container | IP | Purpose |
+|-----------|-----|---------|
+| netbox | 172.18.0.61 | Web UI |
+| netbox-worker | 172.18.0.62 | Background tasks |
+| netbox-redis-cache | 172.18.0.64 | Query cache |
+| diode-ingress | 172.18.0.70 | API Gateway (nginx) |
+| diode-ingester | 172.18.0.71 | Data ingestion |
+| diode-reconciler | 172.18.0.72 | NetBox sync |
+| diode-hydra | 172.18.0.73 | OAuth2 (Ory Hydra) |
+| diode-auth | 172.18.0.74 | Token service |
+| diode-agent | host | Network scanner |
+| netdisco-web | 172.18.0.41 | Web UI |
+| netdisco-backend | 172.18.0.42 | SNMP poller |
+
+### Infrastructure
+
+| Container | IP | Purpose |
+|-----------|-----|---------|
+| traefik | 172.18.0.3 | Reverse proxy |
+| dockersocket | - | Docker socket proxy |
+| adguardhome | 192.168.31.4 | DNS (Secondary) |
+| adguardhome-sync | 172.18.0.65 | Config sync |
+
+### DevOps
+
+| Container | IP | Purpose |
+|-----------|-----|---------|
+| gitea | 172.18.0.31 | Git hosting |
+| woodpecker-server | 172.18.0.32 | CI/CD server |
+| woodpecker-agent | 172.18.0.33 | CI/CD agent |
+
+### Security
+
+| Container | IP | Purpose |
+|-----------|-----|---------|
+| authentik | 172.18.0.11 | Identity provider |
+| authentik-worker | - | Background tasks |
+| vaultwarden | 172.18.0.15 | Password manager |
+
+### Monitoring
+
+| Container | IP | Purpose |
+|-----------|-----|---------|
+| UptimeKuma | 172.18.0.20 | Uptime monitoring |
+| Uptime-Kuma-API | 172.18.0.18 | REST API |
+| AutoKuma | 172.18.0.19 | Auto-monitor creation |
+| NetAlertX | - | Network alerting |
+| speedtest-tracker | - | Speed tests |
+
+---
+
+## RAM Usage (as of 2026-01-23)
+
+**Total: 15GB | Used: 12GB (80%) | Available: 2.7GB**
+
+| Container | RAM | % |
+|-----------|-----|---|
+| unimus | 1.62 GB | 10.5% |
+| karakeep | 664 MB | 4.2% |
+| netdisco-web | 534 MB | 3.4% |
+| n8n | 293 MB | 1.9% |
+| netdisco-backend | 281 MB | 1.8% |
+| netbox-worker | 230 MB | 1.5% |
+| plex | 161 MB | 1.0% |
+| postgresql17 | 136 MB | 0.9% |
+| All others | <130 MB each | <1% |
+
+---
+
+## Removed Services (2026-01-23)
+
+The following services were removed as redundant (AdGuard Home provides DoH/DoT natively):
+
+| Service | Reason |
+|---------|--------|
+| Unbound | AdGuard uses upstream DoH directly |
+| DoH-Server | AdGuard has built-in DoH |
+| stunnel-dot | AdGuard has built-in DoT |
+| Pangolin | Not in use |
+
+---
+
+## External URLs
+
+| Service | URL |
+|---------|-----|
+| Dashboard | https://xtrm-lab.org |
+| Traefik | https://traefik.xtrm-lab.org |
+| Authentik | https://auth.xtrm-lab.org |
+| Gitea | https://git.xtrm-lab.org |
+| Woodpecker CI | https://ci.xtrm-lab.org |
+| NetBox | https://netbox.xtrm-lab.org |
+| NetDisco | https://netdisco.xtrm-lab.org |
+| Uptime Kuma | https://uptime.xtrm-lab.org |
+| Plex | https://plex.xtrm-lab.org |
+| Nextcloud | https://cloud.xtrm-lab.org |
+| Vaultwarden | https://vault.xtrm-lab.org |
+| DNS (Primary) | dns.xtrm-lab.org (MikroTik) |
+| DNS (Secondary) | dns2.xtrm-lab.org (Unraid) |
+
+---
+
+## FolderView2 Categories
+
+| Category | Containers |
+|----------|------------|
+| Infrastructure | traefik, dockersocket, adguardhome, adguardhome-sync |
+| Security | authentik, authentik-worker, vaultwarden |
+| Monitoring | UptimeKuma, Uptime-Kuma-API, AutoKuma, NetAlertX, speedtest-tracker |
+| DevOps | gitea, woodpecker-server, woodpecker-agent, postgresql17, Redis |
+| Media | plex, Libation, transmission |
+| Storage/Backup | rustfs, UrBackup, TimeMachine, Nextcloud |
+| Productivity | actual-budget, n8n, karakeep, homarr |
+| Smart Home | HomeAssistant_inabox |
+| Remote Access | rustdesk-hbbs, rustdesk-hbbr |
+| Management | portainer, unimus |
+| Network Inventory | netbox, netbox-worker, netbox-redis-cache, diode-*, netdisco-* |
+
+---
+
+## NetBox Plugins (2026-01-25)
+
+| Plugin | Purpose | Status |
+|--------|---------|--------|
+| netbox_diode_plugin | Diode network discovery integration | ✅ Active |
+| nextbox_ui_plugin | Network topology visualization | ✅ Active |
+| netbox_dns | DNS zone and record management | ✅ Active |
+| netbox_inventory | Asset/inventory management | ✅ Active |
+| netbox_interface_synchronization | Interface sync between devices | ✅ Active |
+| netbox_routing | Routing protocol management (BGP, OSPF) | ✅ Active |
+
+**Topology View:** https://netbox.xtrm-lab.org/plugins/nextbox-ui/topology/