# Infrastructure Current State: xtrm-lab.org ## Document Updated: 2026-01-23 ## Target Domain: xtrm-lab.org --- ## Network Topology Diagram ```mermaid graph TB subgraph Internet WAN["WAN: 62.73.120.142"] end subgraph MikroTik["MikroTik hAP ax³ (192.168.31.1)"] ROUTER["RouterOS 7.20.6"] subgraph MK_Containers["Docker Containers"] AGH_MK["AdGuard Home
172.17.0.5:5355
dns.xtrm-lab.org"] TS["Tailscale
172.17.0.4"] end end subgraph Switch["CSS326-24G-2S+ (192.168.31.9)"] SW["24-Port Managed Switch"] end subgraph AP["cAP ac (192.168.31.6)"] WIFI["CAPsMAN AP"] end subgraph Unraid["Unraid Server (192.168.31.2)"] subgraph SharedServices["Shared Services"] POSTGRES["PostgreSQL 17
172.18.0.13"] REDIS["Redis
172.18.0.14"] end subgraph Core["Core Services"] TRAEFIK["Traefik
172.18.0.3"] HOMARR["Homarr
172.18.0.4"] end subgraph Security["Security"] AUTH["Authentik
172.18.0.11"] VAULT["Vaultwarden
172.18.0.15"] end subgraph DNS_Unraid["DNS Services"] AGH_UR["AdGuard Home
192.168.31.4
dns2.xtrm-lab.org"] end subgraph DevOps["DevOps"] GITEA["Gitea
172.18.0.31"] WOODPECKER["Woodpecker CI
172.18.0.32"] end subgraph NetBoxStack["Network Inventory"] NETBOX["NetBox
172.18.0.61"] DIODE["Diode Stack
172.18.0.70-74"] NETDISCO["NetDisco
172.18.0.41-42"] end end WAN --> ROUTER ROUTER --> AGH_MK ROUTER --> SW SW --> Unraid SW --> AP AGH_MK -.->|sync| AGH_UR ``` --- ## Service Architecture Diagram ```mermaid flowchart TB subgraph SharedServices["Shared Infrastructure"] PG[("PostgreSQL 17
172.18.0.13")] RD[("Redis
172.18.0.14")] end subgraph NetBoxStack["Network Inventory Stack"] NB["NetBox
172.18.0.61"] NBW["NetBox Worker
172.18.0.62"] NBC[("Redis Cache
172.18.0.64")] subgraph Diode["Diode Discovery"] DI["Ingress
172.18.0.70"] DIN["Ingester
172.18.0.71"] DRE["Reconciler
172.18.0.72"] DHY["Hydra
172.18.0.73"] DAU["Auth
172.18.0.74"] DAG["Agent
host network"] end subgraph NetDisco["NetDisco"] NDW["Web
172.18.0.41"] NDB["Backend
172.18.0.42"] end end subgraph DevOps["DevOps Stack"] GIT["Gitea
172.18.0.31"] WPS["Woodpecker Server
172.18.0.32"] WPA["Woodpecker Agent
172.18.0.33"] end PG --> NB PG --> GIT PG --> NDW PG --> DRE PG --> DHY RD --> DIN RD --> DRE RD --> NBW NBC --> NB DAG -->|gRPC| DI DI --> DIN DIN --> RD DRE --> NB NDB --> NDW ``` --- ## DNS Architecture ```mermaid flowchart TB subgraph External["External Access"] DOH1["DoH: dns.xtrm-lab.org"] DOT1["DoT: dns.xtrm-lab.org:853"] DOH2["DoH: dns2.xtrm-lab.org"] DOT2["DoT: dns2.xtrm-lab.org:853"] end subgraph MikroTik["MikroTik Router"] NAT["NAT: 53 → 5355"] AGH1["AdGuard Home
PRIMARY"] end subgraph Unraid["Unraid Server"] AGH2["AdGuard Home
SECONDARY"] end subgraph Sync["Configuration Sync"] AGHSYNC["adguardhome-sync
Every 30 min"] end subgraph Upstream["Upstream DNS"] Q9["Quad9 DoH"] end DOH1 --> AGH1 DOT1 --> AGH1 DOH2 --> AGH2 DOT2 --> AGH2 NAT --> AGH1 AGH1 --> Q9 AGH2 --> Q9 AGH1 <-.->|sync| AGHSYNC AGHSYNC <-.->|sync| AGH2 ``` --- ## Container Summary ### Shared Services | Container | IP | Purpose | Consumers | |-----------|-----|---------|-----------| | postgresql17 | 172.18.0.13 | PostgreSQL 17 | NetBox, Gitea, NetDisco, Authentik, Diode | | Redis | 172.18.0.14 | Redis Queue | Diode, NetBox Worker | ### Network Inventory (NetBox & Discovery) | Container | IP | Purpose | |-----------|-----|---------| | netbox | 172.18.0.61 | Web UI | | netbox-worker | 172.18.0.62 | Background tasks | | netbox-redis-cache | 172.18.0.64 | Query cache | | diode-ingress | 172.18.0.70 | API Gateway (nginx) | | diode-ingester | 172.18.0.71 | Data ingestion | | diode-reconciler | 172.18.0.72 | NetBox sync | | diode-hydra | 172.18.0.73 | OAuth2 (Ory Hydra) | | diode-auth | 172.18.0.74 | Token service | | diode-agent | host | Network scanner | | netdisco-web | 172.18.0.41 | Web UI | | netdisco-backend | 172.18.0.42 | SNMP poller | ### Infrastructure | Container | IP | Purpose | |-----------|-----|---------| | traefik | 172.18.0.3 | Reverse proxy | | dockersocket | - | Docker socket proxy | | adguardhome | 192.168.31.4 | DNS (Secondary) | | adguardhome-sync | 172.18.0.65 | Config sync | ### DevOps | Container | IP | Purpose | |-----------|-----|---------| | gitea | 172.18.0.31 | Git hosting | | woodpecker-server | 172.18.0.32 | CI/CD server | | woodpecker-agent | 172.18.0.33 | CI/CD agent | ### Security | Container | IP | Purpose | |-----------|-----|---------| | authentik | 172.18.0.11 | Identity provider | | authentik-worker | - | Background tasks | | vaultwarden | 172.18.0.15 | Password manager | ### Monitoring | Container | IP | Purpose | |-----------|-----|---------| | UptimeKuma | 172.18.0.20 | Uptime monitoring | | Uptime-Kuma-API | 172.18.0.18 | REST API | | AutoKuma | 172.18.0.19 | Auto-monitor creation | | NetAlertX | - | Network alerting | | speedtest-tracker | - | Speed tests | --- ## RAM Usage (as of 2026-01-23) **Total: 15GB | Used: 12GB (80%) | Available: 2.7GB** | Container | RAM | % | |-----------|-----|---| | unimus | 1.62 GB | 10.5% | | karakeep | 664 MB | 4.2% | | netdisco-web | 534 MB | 3.4% | | n8n | 293 MB | 1.9% | | netdisco-backend | 281 MB | 1.8% | | netbox-worker | 230 MB | 1.5% | | plex | 161 MB | 1.0% | | postgresql17 | 136 MB | 0.9% | | All others | <130 MB each | <1% | --- ## Removed Services (2026-01-23) The following services were removed as redundant (AdGuard Home provides DoH/DoT natively): | Service | Reason | |---------|--------| | Unbound | AdGuard uses upstream DoH directly | | DoH-Server | AdGuard has built-in DoH | | stunnel-dot | AdGuard has built-in DoT | | Pangolin | Not in use | --- ## External URLs | Service | URL | |---------|-----| | Dashboard | https://xtrm-lab.org | | Traefik | https://traefik.xtrm-lab.org | | Authentik | https://auth.xtrm-lab.org | | Gitea | https://git.xtrm-lab.org | | Woodpecker CI | https://ci.xtrm-lab.org | | NetBox | https://netbox.xtrm-lab.org | | NetDisco | https://netdisco.xtrm-lab.org | | Uptime Kuma | https://uptime.xtrm-lab.org | | Plex | https://plex.xtrm-lab.org | | Nextcloud | https://cloud.xtrm-lab.org | | Vaultwarden | https://vault.xtrm-lab.org | | DNS (Primary) | dns.xtrm-lab.org (MikroTik) | | DNS (Secondary) | dns2.xtrm-lab.org (Unraid) | --- ## FolderView2 Categories | Category | Containers | |----------|------------| | Infrastructure | traefik, dockersocket, adguardhome, adguardhome-sync | | Security | authentik, authentik-worker, vaultwarden | | Monitoring | UptimeKuma, Uptime-Kuma-API, AutoKuma, NetAlertX, speedtest-tracker | | DevOps | gitea, woodpecker-server, woodpecker-agent, postgresql17, Redis | | Media | plex, Libation, transmission | | Storage/Backup | rustfs, UrBackup, TimeMachine, Nextcloud | | Productivity | actual-budget, n8n, karakeep, homarr | | Smart Home | HomeAssistant_inabox | | Remote Access | rustdesk-hbbs, rustdesk-hbbr | | Management | portainer, unimus | | Network Inventory | netbox, netbox-worker, netbox-redis-cache, diode-*, netdisco-* | --- ## NetBox Plugins (2026-01-25) | Plugin | Purpose | Status | |--------|---------|--------| | netbox_diode_plugin | Diode network discovery integration | ✅ Active | | nextbox_ui_plugin | Network topology visualization | ✅ Active | | netbox_dns | DNS zone and record management | ✅ Active | | netbox_inventory | Asset/inventory management | ✅ Active | | netbox_interface_synchronization | Interface sync between devices | ✅ Active | | netbox_routing | Routing protocol management (BGP, OSPF) | ✅ Active | **Topology View:** https://netbox.xtrm-lab.org/plugins/nextbox-ui/topology/