Syncs the Vaultwarden database, RSA key, and config from Unraid
to the MikroTik container standby instance via a temporary PHP
HTTP server. Designed for manual daily runs before maintenance.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Oven (HRG7784B1) and Washing Machine (WGB24400BY) added via OAuth2.
Both dashboards updated with Bosch appliance sections.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Covers HAOS VM setup, Xiaomi/Gree/Tuya integrations, visionOS theme,
Mushroom Cards dashboards (mobile + desktop), and known issues.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Flash drive on XTRM-U is failing. Created incident doc with complete
step-by-step procedure: backup retrieval (4 options), new USB prep via
Flash Creator, license transfer via Tools→Registration, post-migration
verification checklist, and prevention measures.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Major documentation cleanup after VLAN migration completion:
- Archive 12 VLAN project docs to archive/vlan-migration/
- Archive 5 done WIP docs (VLAN proposals, AI stack, Fossorial, DNS backup)
- Create standing reference docs 08-DNS-ARCHITECTURE and 09-TAILSCALE-VPN
- Renumber docs to clean 01-09 sequence with merged CHANGELOG
- Update all active docs from stale 192.168.31.x to current VLAN 10 IPs
- Fix CSS1 (.10.9→.10.3) and ZX1 (.10.7→.10.4) IPs in hardware inventory
- Clean 06-VLAN-DEVICE-ASSIGNMENT: remove migration columns/sections, fix VLAN 25 subnet
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Remove Portainer, add Dockge on port 5001
- Add project-specific CLAUDE.md with infrastructure instructions
- Update services documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixed XTRM2 WiFi by enabling WPA-PSK + WPA2-PSK and setting
fixed channel 2412 MHz (channel 1) with 20MHz width.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Configured VLANs 10, 20, 25, 30 on CSS326 via SwOS API
- Added port labels: HAP-Trunk, KVM-V10, Kids-B1/B2/G1, Main-M1/M2/M3, LR-L1/L2/L3, ZX1-10G
- Updated port assignments table with detailed per-port configuration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- USB Hub: 34:0A:33:2C:1E:28
- MacBook Pro WiFi 5GHz: BE:A7:95:87:19:4A
- MacBook Pro WiFi 2.4GHz: CE:B8:11:EA:8D:55
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- 38:1F:8D:04:6F:E4 is the Tuya Smart Gateway, not Xiaomi
- New IP: 192.168.30.5
- Requires WPA+TKIP for connectivity
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- VLAN 20 (Trusted): Kaloyan's devices only (S25, MacBook, Gaming PC, USB Hub)
- VLAN 25 (Family): All other family members (Nora, Dancho, Kimi, Compusbg)
- Dell Monitor LAN moved to VLAN 10 (connected to HAP ether5)
- Added TBD section for USB Hub and Gaming PC WiFi MACs
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Renamed MacBook Pro LAN to Dell Monitor LAN
- Assigned to VLAN 10 (Management) with IP 192.168.20.100
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Includes columns for new VLAN and new IP planning:
- 36 devices across 7 VLANs
- Organized by VLAN section and flat list views
- Ready for migration planning
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Created docs/19-WIFI-CAPSMAN-CONFIG.md documenting working WiFi settings
- Fixed 38:1F:8D:04:6F:E4 OUI - was incorrectly labeled as Tuya, is actually Xiaomi
- XTRM2 (2.4GHz) requires WPA+WPA2 with TKIP for legacy device compatibility
- CAPsMAN working with CAP XL ac on 2.4GHz
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Discovered correct HID++ feature indices per device
- Updated to_mac.sh with working hidapitester commands
- Updated docs with complete setup instructions
- Mac → Nobara direction still needs work (TODO)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- to_mac.sh: Switch from Nobara to Mac (monitor USB-C, peripherals Ch3)
- to_nobara.sh: Switch from Mac to Nobara (monitor HDMI2, peripherals Ch2)
- README.md: Setup instructions for both machines
Uses DDC/CI for monitor and HID++ for Logitech Bolt peripherals.
Documents the Tailscale container setup on MikroTik hAP ax³:
- Userspace networking mode (TS_USERSPACE=true) required for RouterOS containers
- Container network configuration (172.17.0.0/24)
- NAT masquerade for internet access
- Environment variables and mount configuration
- Troubleshooting guide for common issues
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- docs/16-ADGUARD-VLAN-PLAN.md: Implementation plan for AdGuard on VLANs
- docs/17-DNS-ADGUARD-FAILOVER.md: Complete DNS architecture with:
- Dual AdGuard setup (MikroTik primary, Unraid secondary)
- Automatic failover via Netwatch monitoring
- NAT redirect rules for all VLANs
- Sync configuration between instances
- docs/wip/CONSOLE-PORT-ETHER5.md: WIP plan for dedicated console port
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Updated NAT port forwards to use 192.168.10.20 (Unraid on VLAN 10)
- Added hairpin NAT rules for internal access to WAN IP
- Updated SSH connection commands
- AdGuard DNS rules pending (not configured yet)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Deployed Ollama + Open WebUI on Unraid
- Created custom unraid-assistant model with full infrastructure knowledge:
- Network topology (8 VLANs, all IPs/gateways)
- 45+ Docker containers with ports and purposes
- RouterOS 7 commands and VLAN patterns
- Traefik labels and Authentik SSO middleware
- All xtrm-lab.org external URLs
- Added /usr/local/bin/ai terminal helper command
- Documented RAM optimization (stopped 5 containers)
- Added future upgrade notes for Mac Mini M4
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Ollama and Open WebUI deployed and running
- qwen2.5-coder:7b model installed (4.7GB)
- Intel GPU passthrough enabled
- Stopped non-critical containers for RAM
- Added docker commands and usage instructions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Issues fixed after first activation attempt:
- DHCP DNS now points to each VLAN gateway
- DNS redirect rules cover all VLANs
- VLAN interfaces added to LAN firewall list
- NAT masquerade for VLAN→AdGuard traffic
CSS326 switch configured via SwOS.
MikroTik backup saved.
Ready to enable VLAN filtering when convenient.
- Actual IP: 192.168.31.22 (was documented as .7)
- Verified via ARP table and web interface access
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Enabled SFP1 on CSS326 (was disabled)
- 10G DAC link to ZX1-SFP1 now active
- Updated port utilization diagrams
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Both AdGuard instances now use Quad9 DoH (dns.quad9.net)
- Bootstrap DNS: 9.9.9.9, 149.112.112.112
- New 02-PORT-UTILIZATION.md with ASCII diagrams for all devices
- Fixed Tailscale container DNS and route configuration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
