Documents the Tailscale container setup on MikroTik hAP ax³:
- Userspace networking mode (TS_USERSPACE=true) required for RouterOS containers
- Container network configuration (172.17.0.0/24)
- NAT masquerade for internet access
- Environment variables and mount configuration
- Troubleshooting guide for common issues
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- docs/16-ADGUARD-VLAN-PLAN.md: Implementation plan for AdGuard on VLANs
- docs/17-DNS-ADGUARD-FAILOVER.md: Complete DNS architecture with:
- Dual AdGuard setup (MikroTik primary, Unraid secondary)
- Automatic failover via Netwatch monitoring
- NAT redirect rules for all VLANs
- Sync configuration between instances
- docs/wip/CONSOLE-PORT-ETHER5.md: WIP plan for dedicated console port
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Updated NAT port forwards to use 192.168.10.20 (Unraid on VLAN 10)
- Added hairpin NAT rules for internal access to WAN IP
- Updated SSH connection commands
- AdGuard DNS rules pending (not configured yet)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Deployed Ollama + Open WebUI on Unraid
- Created custom unraid-assistant model with full infrastructure knowledge:
- Network topology (8 VLANs, all IPs/gateways)
- 45+ Docker containers with ports and purposes
- RouterOS 7 commands and VLAN patterns
- Traefik labels and Authentik SSO middleware
- All xtrm-lab.org external URLs
- Added /usr/local/bin/ai terminal helper command
- Documented RAM optimization (stopped 5 containers)
- Added future upgrade notes for Mac Mini M4
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Ollama and Open WebUI deployed and running
- qwen2.5-coder:7b model installed (4.7GB)
- Intel GPU passthrough enabled
- Stopped non-critical containers for RAM
- Added docker commands and usage instructions
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Issues fixed after first activation attempt:
- DHCP DNS now points to each VLAN gateway
- DNS redirect rules cover all VLANs
- VLAN interfaces added to LAN firewall list
- NAT masquerade for VLAN→AdGuard traffic
CSS326 switch configured via SwOS.
MikroTik backup saved.
Ready to enable VLAN filtering when convenient.
- Actual IP: 192.168.31.22 (was documented as .7)
- Verified via ARP table and web interface access
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Enabled SFP1 on CSS326 (was disabled)
- 10G DAC link to ZX1-SFP1 now active
- Updated port utilization diagrams
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Both AdGuard instances now use Quad9 DoH (dns.quad9.net)
- Bootstrap DNS: 9.9.9.9, 149.112.112.112
- New 02-PORT-UTILIZATION.md with ASCII diagrams for all devices
- Fixed Tailscale container DNS and route configuration
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Created without disruption:
- 6 VLANs (10,20,30,35,40,50) on bridge
- DHCP pools and servers for each VLAN
- Inter-VLAN firewall rules
- WiFi SSIDs: Home-Trusted, Home-IoT, Home-Guest
- Legacy 192.168.31.0/24 still active
Next: Enable VLAN filtering to activate segmentation
- Phase 1: N100 Intel iGPU setup (Ollama, Open WebUI, Aider)
- Phase 2: Future migration to N5 Air AMD 780M
- Phase 3: Network topology for AI management
- Customized for current infrastructure (192.168.31.x)
- Added mikrotik-containers-bridge-setup.rsc for shared container networking
- Added mikrotik-tailscale-setup.rsc for Tailscale container
- Added docs/10-MIKROTIK-TAILSCALE.md with full documentation
- Both containers now use containers-br bridge (172.17.0.1/24)
- AdGuard: 172.17.0.2, Tailscale: 172.17.0.3
New Structure:
- 01-NETWORK-MAP.md - Network topology, IPs, Docker networks, services
- 02-SERVICES-CRITICAL.md - DNS, Auth, Routing (P0/P1 services)
- 03-SERVICES-OTHER.md - All non-critical services
- 04-HARDWARE-INVENTORY.md - Physical devices and specs
- 05-CHANGELOG.md - Major events only
New Folders:
- docs/archive/ - Legacy docs (read-only reference)
- docs/wip/ - Planned changes and ideas
- UPGRADE-2026-HARDWARE.md - N5 Air + N100 migration plan
- GITOPS-CONTAINERS.md - Phase 2 container GitOps
Changes:
- Moved all 22 legacy docs to archive/
- Consolidated container IPs, physical map, and services into single network map
- Extracted critical vs non-critical service classification
- Simplified changelog to major events only
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix ZX1-3 port reference (PP2-2, XU2)
- Fix CSS1-2 connection to KVM1
- Fix CSS326 PP1 port references (19-24)
- Fix CSS1-SFP1 to show ZX1 connection
- Fix CSS1-18 status (remove double check)
- Fix PP2 section title (U8)
- Add ZX1 to IP allocation table
- Regenerate topology diagram with backbone ports marked
- Add NetBox plugins documentation to current state
