# Infrastructure Diagram - xtrm-lab.org
**Generated:** 2026-01-22
**Domain:** xtrm-lab.org
**WAN IP:** 62.73.120.142
---
## Network Topology Overview
```mermaid
graph TB
subgraph Internet
WAN[/"🌐 Internet
WAN: 62.73.120.142"/]
end
subgraph Router["MikroTik hAP ax³ (192.168.31.1)"]
direction TB
subgraph RouterContainers["Docker Containers"]
AGH["🛡️ AdGuard Home
172.17.0.5
DNS/DoH/DoT/DoQ"]
TS["🔗 Tailscale
172.17.0.4"]
end
end
subgraph LAN["LAN Network (192.168.31.0/24)"]
Switch["🔌 CSS326 Switch
192.168.31.9"]
AP["📶 cAP ac
192.168.31.6"]
Unraid["🖥️ Unraid Server
192.168.31.2"]
end
WAN --> Router
Router --> Switch
Switch --> AP
Switch --> Unraid
```
---
## Port Forwarding / NAT Rules
```mermaid
flowchart LR
subgraph WAN["Internet (62.73.120.142)"]
P80[":80"]
P443[":443"]
P853[":853"]
P8853[":8853"]
P32400[":32400"]
P51413[":51413"]
P21115[":21115-21119"]
end
subgraph Destinations
Traefik80["Traefik
192.168.31.2:8001"]
Traefik443["Traefik
192.168.31.2:44301"]
DoT["AdGuard DoT
172.17.0.5:853"]
DoQ["AdGuard DoQ
172.17.0.5:8853"]
Plex["Plex
192.168.31.2:32400"]
Transmission["Transmission
192.168.31.2:51413"]
RustDesk["RustDesk
192.168.31.2"]
end
P80 --> Traefik80
P443 --> Traefik443
P853 --> DoT
P8853 --> DoQ
P32400 --> Plex
P51413 --> Transmission
P21115 --> RustDesk
```
---
## Unraid Docker Services
### Core Infrastructure & Security
```mermaid
flowchart TB
subgraph Core["Core Infrastructure"]
dockersocket["🔌 dockersocket
172.18.0.2:2375"]
traefik["🔀 traefik
172.18.0.3
:8001→80, :44301→443"]
homarr["🏠 homarr
172.18.0.4
xtrm-lab.org"]
end
subgraph Security["Security & Identity"]
authentik["🔐 authentik
172.18.0.11
auth.xtrm-lab.org"]
authentik_worker["⚙️ authentik-worker
172.18.0.12"]
vaultwarden["🔑 vaultwarden
172.18.0.15
vault.xtrm-lab.org"]
end
subgraph Databases["Databases"]
postgresql["🐘 postgresql17
172.18.0.13:5432"]
redis["📦 Redis
172.18.0.14:6379"]
end
traefik --> dockersocket
authentik --> postgresql
authentik --> redis
authentik_worker --> authentik
```
### DevOps & CI/CD
```mermaid
flowchart TB
subgraph DevOps["DevOps Stack"]
gitea["📚 gitea
172.18.0.31
git.xtrm-lab.org
:2222→22, :3005→3000"]
woodpecker_server["🪵 woodpecker-server
172.18.0.32
ci.xtrm-lab.org"]
woodpecker_agent["🤖 woodpecker-agent
172.18.0.33"]
end
gitea --> woodpecker_server
woodpecker_server --> woodpecker_agent
```
### DNS Infrastructure
```mermaid
flowchart TB
subgraph RouterDNS["MikroTik Router DNS"]
adguard["🛡️ AdGuard Home
172.17.0.5
PRIMARY
DoH/DoT/DoQ"]
end
subgraph UnraidDNS["Unraid DNS (Secondary)"]
pihole["🕳️ Pi-hole
192.168.31.4
ph1.xtrm-lab.org"]
unbound["🔄 Unbound
192.168.31.5
Recursive DNS"]
doh_server["🌐 DoH-Server
172.18.0.22"]
end
adguard -->|Fallback| pihole
pihole --> unbound
```
### Network Management
```mermaid
flowchart TB
subgraph NetMgmt["Network Management"]
netbox["📋 NetBox
172.24.0.5
netbox.xtrm-lab.org"]
netdisco["🔍 NetDisco
172.18.0.41
netdisco.xtrm-lab.org"]
unimus["💾 Unimus
unimus.xtrm-lab.org
Config Backup"]
slurpit["🔎 Slurp'it
slurpit.xtrm-lab.org
Network Discovery"]
end
subgraph NetBoxStack["NetBox Stack"]
nb_postgres["🐘 netbox-postgres
172.24.0.4"]
nb_redis["📦 netbox-redis
172.24.0.2"]
nb_worker["⚙️ netbox-worker
172.24.0.6"]
end
netbox --> nb_postgres
netbox --> nb_redis
nb_worker --> netbox
```
### Monitoring
```mermaid
flowchart TB
subgraph Monitoring["Monitoring Stack"]
uptime["📊 Uptime Kuma
172.18.0.20
uptime.xtrm-lab.org"]
uptime_api["🔌 Uptime-Kuma-API
172.18.0.18"]
autokuma["🤖 AutoKuma
172.18.0.19"]
netalert["🚨 NetAlertX
netalert.xtrm-lab.org"]
speedtest["📈 Speedtest
172.18.0.21
speedtest.xtrm-lab.org"]
end
autokuma --> uptime
uptime_api --> uptime
```
### Media & Storage
```mermaid
flowchart TB
subgraph Media["Media & Storage"]
plex["🎬 Plex
:32400
plex.xtrm-lab.org"]
nextcloud["☁️ Nextcloud
172.18.0.24
nextcloud.xtrm-lab.org"]
transmission["📥 Transmission
:9091, :51413"]
timemachine["🕐 TimeMachine
192.168.31.12"]
libation["📚 Libation
172.18.0.23
Audiobooks"]
end
```
### Productivity
```mermaid
flowchart TB
subgraph Productivity["Productivity Apps"]
actual["💰 Actual Budget
172.18.0.16
actual.xtrm-lab.org"]
n8n["⚡ n8n
172.18.0.17
n8n.xtrm-lab.org"]
karakeep["📝 Karakeep
172.18.0.25
karakeep.xtrm-lab.org"]
end
```
### Remote Access & Home Automation
```mermaid
flowchart TB
subgraph Remote["Remote Access"]
rustdesk_hbbs["🖥️ RustDesk ID
:21115-21119
rustdesk.xtrm-lab.org"]
rustdesk_hbbr["📡 RustDesk Relay"]
end
subgraph Home["Home Automation"]
ha["🏡 Home Assistant
ha.xtrm-lab.org"]
urbackup["💾 UrBackup
urbackup.xtrm-lab.org"]
end
rustdesk_hbbs --> rustdesk_hbbr
```
---
## Complete Service Flow
```mermaid
flowchart TB
subgraph Internet["🌐 Internet"]
User["👤 User"]
end
subgraph MikroTik["MikroTik Router"]
NAT["NAT/Firewall"]
AGH["AdGuard Home
DNS/DoH/DoT"]
end
subgraph Unraid["Unraid Server"]
Traefik["Traefik
Reverse Proxy"]
subgraph Services["Services"]
Auth["Authentik"]
Git["Gitea"]
CI["Woodpecker"]
NB["NetBox"]
UK["Uptime Kuma"]
PX["Plex"]
NC["Nextcloud"]
HA["Home Assistant"]
end
end
User -->|HTTPS :443| NAT
User -->|DoH/DoT| AGH
NAT -->|:44301| Traefik
Traefik --> Auth
Traefik --> Git
Traefik --> CI
Traefik --> NB
Traefik --> UK
Traefik --> NC
NAT -->|:32400| PX
Traefik --> HA
```
---
## Docker Networks
```mermaid
flowchart TB
subgraph dockerproxy["dockerproxy (172.18.0.0/16)"]
dp_traefik["traefik"]
dp_authentik["authentik"]
dp_gitea["gitea"]
dp_homarr["homarr"]
dp_uptime["UptimeKuma"]
dp_more["...40+ services"]
end
subgraph netbox_net["netbox (172.24.0.0/16)"]
nb_main["netbox"]
nb_pg["netbox-postgres"]
nb_redis["netbox-redis"]
end
subgraph br0["br0 macvlan (192.168.31.0/24)"]
br_pihole["Pi-hole
192.168.31.4"]
br_unbound["Unbound
192.168.31.5"]
br_tm["TimeMachine
192.168.31.12"]
end
subgraph host_net["host network"]
h_plex["plex"]
h_netalert["NetAlertX"]
h_unimus["unimus"]
h_ha["HomeAssistant"]
end
```
---
## Service Summary Tables
### Core Infrastructure
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Reverse Proxy | traefik | 172.18.0.3 | 8001→80, 44301→443 | traefik.xtrm-lab.org |
| Docker Socket | dockersocket | 172.18.0.2 | 2375 | - |
| Dashboard | homarr | 172.18.0.4 | 10004→7575 | xtrm-lab.org |
### Security & Identity
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Identity Provider | authentik | 172.18.0.11 | 9000, 9443 | auth.xtrm-lab.org |
| Password Manager | vaultwarden | 172.18.0.15 | 4743→80 | vault.xtrm-lab.org |
### DNS Infrastructure
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| AdGuard Home | adguardhome | 172.17.0.5 | 5355, 443, 853, 8853 | dns.xtrm-lab.org |
| Unbound | unbound | 192.168.31.5 | 53 | - |
### DevOps & CI/CD
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Git Server | gitea | 172.18.0.31 | 2222→22, 3005→3000 | git.xtrm-lab.org |
| CI/CD Server | woodpecker-server | 172.18.0.32 | 80, 443, 8000 | ci.xtrm-lab.org |
### Network Management
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| NetBox | netbox | 172.24.0.5 | 8090→8080 | netbox.xtrm-lab.org |
| NetDisco | netdisco-web | 172.18.0.41 | 5000 | netdisco.xtrm-lab.org |
| Unimus | unimus | host | - | unimus.xtrm-lab.org |
| Slurpit | slurpit-portal | dockerproxy | 80 | slurpit.xtrm-lab.org |
### Monitoring
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Uptime Kuma | UptimeKuma | 172.18.0.20 | 3001 | uptime.xtrm-lab.org |
| NetAlertX | NetAlertX | host | - | netalert.xtrm-lab.org |
| Speedtest | speedtest-tracker | 172.18.0.21 | 1180→80 | speedtest.xtrm-lab.org |
### Media & Storage
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Plex | plex | host | 32400 | plex.xtrm-lab.org |
| Nextcloud | Nextcloud | 172.18.0.24 | 8666→80 | nextcloud.xtrm-lab.org |
| Transmission | transmission | bridge | 9091, 51413 | - |
### Productivity
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| Actual Budget | actual-budget | 172.18.0.16 | 5006 | actual.xtrm-lab.org |
| n8n | n8n | 172.18.0.17 | 5678 | n8n.xtrm-lab.org |
| Karakeep | karakeep | 172.18.0.25 | 3000 | karakeep.xtrm-lab.org |
### Remote Access & Backup
| Service | Container | IP | Ports | URL |
|---------|-----------|-----|-------|-----|
| RustDesk | rustdesk-hbbs | bridge | 21115-21119 | rustdesk.xtrm-lab.org |
| Home Assistant | HomeAssistant_inabox | host | - | ha.xtrm-lab.org |
| UrBackup | UrBackup | host | - | urbackup.xtrm-lab.org |
---
## Encrypted DNS Endpoints
| Protocol | Endpoint | Port |
|----------|----------|------|
| DoH | https://dns.xtrm-lab.org/dns-query | 443 |
| DoT | tls://dns.xtrm-lab.org | 853 |
| DoQ | quic://dns.xtrm-lab.org | 8853 |
---
## Quick Reference
**SSH Access:**
```bash
# Unraid
ssh -i ~/.ssh/id_ed25519_unraid root@192.168.31.2 -p 422
# MikroTik
ssh -i /root/.ssh/mikrotik_key -p 2222 unraid@192.168.31.1
```
**Key URLs:**
- 🏠 Dashboard: https://xtrm-lab.org
- 🔐 Auth: https://auth.xtrm-lab.org
- 📚 Git: https://git.xtrm-lab.org
- 🪵 CI/CD: https://ci.xtrm-lab.org
- 📋 NetBox: https://netbox.xtrm-lab.org
- 📊 Uptime: https://uptime.xtrm-lab.org