jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
134 Commits 1 Branch 0 Tags
main
Commit Graph

134 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Kaloyan Danchev
8757bccca0 Add VLAN migration plan with Unraid transition strategy
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-25 20:34:15 +02:00
Kaloyan Danchev
d931d607b0 Move unknown/unidentified devices to VLAN 50 (Guest)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-25 20:29:54 +02:00
Kaloyan Danchev
de65a69334 Fix LG TV WiFi MAC and IP (DC:03:98:6B:5A:3A @ .118)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-25 20:21:49 +02:00
XTRM-Unraid
359c0819c3 Add quick VLAN assignment table for identified devices
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-25 19:39:50 +02:00
XTRM-Unraid
27853d5581 Identify unknown devices via MAC OUI lookup
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- 50:2C:C6 = GREE Electric (AC/appliance) → VLAN 30
- 18:DE:50, 38:1F:8D = Tuya Smart (IoT) → VLAN 30
- D4:AD:FC = Shenzhen Intellirocks → VLAN 30
- AC:87:A3 = Apple Inc. → VLAN 20
- 22:4C:7F = Locally Administered (random MAC) → VLAN 20
- D0:C9:07 = Private vendor → VLAN 30 (assumed IoT)

All 35 devices now categorized.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:37:58 +02:00
XTRM-Unraid
7feabbbedf Add comment column to all tables in VLAN assignment doc
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:34:20 +02:00
XTRM-Unraid
f4f715d3f7 Add VLAN device assignment map with all IP/MAC addresses
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Complete inventory of 35 devices
- Organized by target VLAN (Mgmt, Trusted, IoT, Cameras, Servers)
- 8 unknown devices flagged for identification
- MAC address quick reference for switch configuration

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:31:04 +02:00
XTRM-Unraid
bdd8e210aa Fix ZX1 switch IP address in documentation
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Actual IP: 192.168.31.22 (was documented as .7)
- Verified via ARP table and web interface access

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:29:31 +02:00
XTRM-Unraid
9ff28b0da9 Enable 10G SFP backbone link between CSS326 and ZX1
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Enabled SFP1 on CSS326 (was disabled)
- 10G DAC link to ZX1-SFP1 now active
- Updated port utilization diagrams

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:22:22 +02:00
XTRM-Unraid
ec75bee323 Update DNS to Quad9 DoH, add port utilization diagrams
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Both AdGuard instances now use Quad9 DoH (dns.quad9.net)
- Bootstrap DNS: 9.9.9.9, 149.112.112.112
- New 02-PORT-UTILIZATION.md with ASCII diagrams for all devices
- Fixed Tailscale container DNS and route configuration

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 19:12:35 +02:00
XTRM-Unraid
4f5f9e786d Add changelog with VLAN implementation status
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-25 16:21:23 +02:00
XTRM-Unraid
84b3952891 Add VLAN implementation documentation and scripts
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details 
- docs/11-VLAN-IMPLEMENTATION.md: Complete VLAN setup documentation
- scripts/mikrotik-vlan-setup.rsc: Full VLAN configuration script
- scripts/mikrotik-vlan-enable.rsc: VLAN filtering activation script

VLAN configuration is prepared but NOT YET ACTIVE.
Requires CSS326 switch configuration before enabling VLAN filtering.

VLANs configured:
- VLAN 1: Legacy (192.168.31.0/24)
- VLAN 10: Management (192.168.10.0/24)
- VLAN 20: Trusted (192.168.20.0/24)
- VLAN 30: IoT (192.168.30.0/24)
- VLAN 35: Cameras (192.168.35.0/24)
- VLAN 40: Servers (192.168.40.0/24)
- VLAN 50: Guest (192.168.50.0/24)
 2026-01-25 16:20:59 +02:00
XTRM-Unraid
ca0af337c3 VLAN Phase 1: Infrastructure ready (filtering not yet enabled)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
Created without disruption:
- 6 VLANs (10,20,30,35,40,50) on bridge
- DHCP pools and servers for each VLAN
- Inter-VLAN firewall rules
- WiFi SSIDs: Home-Trusted, Home-IoT, Home-Guest
- Legacy 192.168.31.0/24 still active

Next: Enable VLAN filtering to activate segmentation
 2026-01-25 15:56:20 +02:00
XTRM-Unraid
2e58a3f663 Update VLAN proposal with decisions
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Added VLAN 35 for Cameras (isolated)
- Guest WiFi: password only, no captive portal
- Keep VLAN 1 (192.168.31.0/24) for transition
- Added camera geo-blocking rules
- Updated firewall matrix with camera view-only access
- Added rollback plan
 2026-01-25 15:51:01 +02:00
XTRM-Unraid
c1dca8526a Add WIP: VLAN Network Segmentation Proposal
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- 5 VLANs: Management, Trusted, IoT, Servers, Guest
- Complete firewall rules matrix
- MikroTik implementation commands
- DNS per-VLAN configuration
- WiFi SSID mapping
- Migration plan phases
 2026-01-25 15:47:15 +02:00
XTRM-Unraid
102fd101f3 Add WIP: Local AI Stack planning document
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Phase 1: N100 Intel iGPU setup (Ollama, Open WebUI, Aider)
- Phase 2: Future migration to N5 Air AMD 780M
- Phase 3: Network topology for AI management
- Customized for current infrastructure (192.168.31.x)
 2026-01-25 15:45:00 +02:00
XTRM-Unraid
e5e76871bb Add Tailscale container and bridge setup
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Added mikrotik-containers-bridge-setup.rsc for shared container networking
- Added mikrotik-tailscale-setup.rsc for Tailscale container
- Added docs/10-MIKROTIK-TAILSCALE.md with full documentation
- Both containers now use containers-br bridge (172.17.0.1/24)
- AdGuard: 172.17.0.2, Tailscale: 172.17.0.3
 2026-01-25 15:33:34 +02:00
XTRM-Unraid
7389a20595 Document container restart issue and fix
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-25 15:23:00 +02:00
XTRM-Unraid
ab5db7429a Add MikroTik AdGuard setup script and complete documentation
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Added scripts/mikrotik-adguard-setup.rsc with full setup commands
- Created docs/09-MIKROTIK-ADGUARD-DOT-DOH.md with:
  - Architecture diagram
  - Complete NAT/routing rules documentation
  - Container configuration details
  - TLS/DoT/DoH setup
  - Troubleshooting guide
- Removed WIP document (moved to completed docs)
 2026-01-25 14:55:04 +02:00
XTRM-Unraid
62450fdc7a MikroTik AdGuard Home with DoT/DoH - completed setup
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-25 14:51:07 +02:00
XTRM-Unraid
d44ffdbcff WIP: MikroTik AdGuard with DoT/DoH architecture
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-25 14:29:45 +02:00
XTRM-Unraid
9cf492c92f Update changelog: DNS incident resolution, MikroTik container cleanup
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-25 14:17:29 +02:00
XTRM-Unraid
40502c855d Root cause: asymmetric routing fixed with srcnat masquerade
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-25 13:49:46 +02:00
XTRM-Unraid
4bfbe63a38 Update debug: server-side tests pass, may be client caching 2026-01-25 13:48:57 +02:00
XTRM-Unraid
928c02c6f0 Update incident: Netflix domains whitelisted in AdGuard 2026-01-25 13:44:54 +02:00
XTRM-Unraid
a3a9b58377 Update incident: Fixed NAT redirect to correct AdGuard IP/port 2026-01-25 13:35:03 +02:00
XTRM-Unraid
b0f78c5022 Update incident: DHCP DNS fix for device connectivity 2026-01-25 13:27:26 +02:00
XTRM-Unraid
776372a0b9 Add incident report: DNS outbound blocked after MikroTik restart (2026-01-25) 2026-01-25 13:17:04 +02:00
XTRM-Unraid
de42738775 Add WIP docs for incomplete planned items
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
New WIP documents:
- FOSSORIAL-TUNNELS.md - Pangolin/Gerbil self-hosted tunnels (not deployed)
- VLAN-SEGMENTATION.md - Network segmentation plan (not implemented)
- REMOTE-GAMING.md - Sunshine/Moonlight streaming (in progress)

Changes:
- Renamed 05-CHANGELOG.md → 00-CHANGELOG.md
- Updated wip/README.md with all planned items

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 11:25:46 +02:00
XTRM-Unraid
b250493d5a Major documentation restructure - consolidated docs
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
New Structure:
- 01-NETWORK-MAP.md - Network topology, IPs, Docker networks, services
- 02-SERVICES-CRITICAL.md - DNS, Auth, Routing (P0/P1 services)
- 03-SERVICES-OTHER.md - All non-critical services
- 04-HARDWARE-INVENTORY.md - Physical devices and specs
- 05-CHANGELOG.md - Major events only

New Folders:
- docs/archive/ - Legacy docs (read-only reference)
- docs/wip/ - Planned changes and ideas
  - UPGRADE-2026-HARDWARE.md - N5 Air + N100 migration plan
  - GITOPS-CONTAINERS.md - Phase 2 container GitOps

Changes:
- Moved all 22 legacy docs to archive/
- Consolidated container IPs, physical map, and services into single network map
- Extracted critical vs non-critical service classification
- Simplified changelog to major events only

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 11:17:33 +02:00
XTRM-Unraid
ed17dea2d6 Add rack shelf entries for U9, U7 (10" rack) and U3 (19" rack)
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Added 10" Rack Shelf at U9 holding ISP Gateway
- Added 10" Rack Shelf at U7 holding ZX1
- Added 19" Rack Shelf at U3 holding HAP1
- Updated mermaid diagrams to show shelves
- Updated rack layout tables with shelf devices

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-25 10:07:51 +02:00
XTRM-Unraid
8c553107f9 Update device names to match NetBox naming convention
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- HAP → HAP1 | hAP ax³
- CSS326 → CSS1 | CSS326-24G-2S+
- 2.5GbE Switch → ZX1 | ZX-SWTGW218AS
- ISP Gateway → IGP Fiber Gateway (Vivacom)
- CAP-XL-ac → CAP | cAP XL ac
- Updated all tables, topology diagram, and IP allocation
 2026-01-25 09:40:07 +02:00
XTRM-Unraid
7cf54805b5 Fix network map inconsistencies, add detailed topology diagram, document NetBox plugins
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Fix ZX1-3 port reference (PP2-2, XU2)
- Fix CSS1-2 connection to KVM1
- Fix CSS326 PP1 port references (19-24)
- Fix CSS1-SFP1 to show ZX1 connection
- Fix CSS1-18 status (remove double check)
- Fix PP2 section title (U8)
- Add ZX1 to IP allocation table
- Regenerate topology diagram with backbone ports marked
- Add NetBox plugins documentation to current state
 2026-01-25 09:28:55 +02:00
XTRM-Unraid
397c9a1db9 Add network physical map documentation
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-24 23:28:19 +02:00
XTRM-Unraid
d8307cfdf3 docs: Update infrastructure state with diagrams and cleanup
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-23 21:51:35 +02:00
XTRM-Unraid
58cbc0d6a8 docs: NetBox Redis consolidation to shared service
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-23 19:21:30 +02:00
XTRM-Unraid
375758a1dd docs: Diode stack consolidation to shared services
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-23 19:00:39 +02:00
XTRM-Unraid
e870bddac8 docs: Update for NetBox Discovery (Diode) setup and Slurpit removal 
- Removed Slurpit section from current state (stack removed)
- Added NetBox Discovery (Diode) architecture documentation
- Added NetDisco to NetBox sync script documentation
- Updated network diagram with Diode components
- Added changelog entries for 2026-01-23

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-23 17:46:56 +02:00
XTRM-Unraid
682aceb8e0 Cleanup: Remove Pi-hole, add AdGuard Home Sync, add Uptime Kuma monitors
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Removed Pi-hole container (using MikroTik AdGuard Home as primary)
- Removed nebula-sync container (not in use)
- Added adguardhome-sync for rule syncing between MikroTik and Unraid AdGuard
- Added 27 monitors to Uptime Kuma for all services
- Updated container IP assignments
- Migrated NetBox to shared postgresql17

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-22 23:22:42 +02:00
XTRM-Unraid
fa15bec2d6 Migrate NetBox to shared postgresql17 and dockerproxy network
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Move NetBox database to shared postgresql17
- Move all NetBox containers to dockerproxy network
- Assign static IPs (172.18.0.61-64)
- Remove dedicated netbox network
- Update IP assignments documentation
 2026-01-22 22:29:58 +02:00
XTRM-Unraid
01e8519639 Add switch web UI via Traefik at sw.xtrm-lab.org
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-22 21:43:24 +02:00
XTRM-Unraid
ac9038a189 Add Slurp'it network discovery setup and agent service accounts
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Enable SNMP on MikroTik router
- Configure SNMP v2c credentials (public, netdisco)
- Create agent service account on Unraid, router, AP
- Document network discovery stack (Slurp'it, NetDisco, NetBox)
- Update changelog with configuration changes
 2026-01-22 20:08:16 +02:00
XTRM-Unraid
b19a777fad Update agent credentials - add AP with password auth
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-22 19:56:59 +02:00
XTRM-Unraid
ee25a44a2f Add agent service account credentials for Slurp'it
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-22 18:27:03 +02:00
XTRM-Unraid
9226e1494b docs: AdGuard Home migration - MikroTik persistence fix, Unraid replaces Pi-hole
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Fixed MikroTik AdGuard container persistence (disk1 root + usb1 mount)
- Deployed AdGuard Home on Unraid at 192.168.31.4 (replacing Pi-hole)
- Synced configuration: 6 clients, Quad9 DoH, TLS certs, filtering rules
- Added Mermaid diagrams for network topology and DNS architecture
 2026-01-22 15:38:14 +02:00
XTRM-Unraid
4cd8caa27e Update infrastructure diagram with Mermaid diagrams 2026-01-22 14:28:26 +02:00
XTRM-Unraid
6b14a4dd9f Add comprehensive infrastructure diagram with all services, ports, and network topology
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-22 14:08:05 +02:00
XTRM-Unraid
09209bf863 docs: AdGuard Home on MikroTik - complete setup
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Replaced Pi-hole with AdGuard Home (172.17.0.5:5355)
- Configured DoH/DoT/DoQ with TLS certificates
- Added blocklists: StevenBlack, Hagezi Pro, Hagezi NSFW
- Added custom rules and 6 client devices
- Updated NAT rules for DNS redirect
- Documented MikroTik container root-dir bug
- Saved migration config for Unraid setup

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-22 11:44:24 +02:00
XTRM-Unraid
73d43d462e docs: migrate MikroTik DNS from Pi-hole to AdGuard Home
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
- Replaced Pi-hole container with AdGuard Home (172.17.0.5)
- Configured native DoH/DoT/DoQ with TLS certificates
- Updated DNS architecture diagram
- Updated NAT rules documentation
- Added encrypted DNS endpoints

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-22 07:53:02 +02:00
XTRM-Unraid
c85724f308 Add rclone cloud backup configuration and update flash backup path
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
2026-01-21 21:44:05 +02:00