## 2026-01-22 - Slurp'it Network Discovery Setup ### SNMP Configuration - [MIKROTIK] Enabled SNMP on router (192.168.31.1) - [SNMP] Communities configured: public, netdisco - [DISCOVERY] MikroTik router discovered via SNMP ### Agent Service Account - [UNRAID] Created agent user with SSH key access (port 422) - [MIKROTIK-ROUTER] Created agent user with SSH key (port 2222) - [MIKROTIK-AP] Created agent user with password auth (port 2222) - [SWITCH] CSS326 uses SwOS - no SSH support ### Slurp'it Configuration - [SNMP] Added SNMP v2c credentials to vault (public, netdisco) - [NETBOX] Enabled NetBox integration plugin - [SCAN] Configured scan target: 192.168.31.0/24 ### Documentation - [DOCS] Added Network Discovery section to 00-CURRENT-STATE.md - [DOCS] Created AGENT-CREDENTIALS.md (gitignored) - [DIAGRAM] Added INFRASTRUCTURE-DIAGRAM.md with complete topology --- ## 2026-01-22 - MikroTik DNS Migration to AdGuard Home ### Pi-hole Removal from MikroTik - [CONTAINER] Removed Pi-hole container from MikroTik - [STORAGE] Freed internal flash storage ## 2026-01-22 - AdGuard Home Migration Complete ### MikroTik AdGuard Home - Persistence Fix - [CONTAINER] Fixed container persistence issue (root-dir on disk1, data on usb1) - [CONFIG] Container now survives stop/start cycles - [MOUNT] agh-work mount: usb1/adguard-home/work → /opt/adguardhome/work ### Unraid AdGuard Home - Replaces Pi-hole - [CONTAINER] Deployed AdGuard Home on br0 macvlan network - [IP] 192.168.31.4 (same IP as Pi-hole was using) - [STOPPED] binhex-official-pihole container stopped (not removed) - [CONFIG] Same credentials and rules as MikroTik instance ### Configuration Sync (Both Instances) - [DNS] Upstream: Quad9 DoH (dns10.quad9.net) - [TLS] Let's Encrypt wildcard cert for *.xtrm-lab.org - [CLIENTS] 6 clients configured with MAC addresses - [RULES] Custom filtering rules for SentinelOne, Jamf ### Documentation - [DOCS] Updated 00-CURRENT-STATE.md with Mermaid diagrams - [DIAGRAM] Added network topology and DNS architecture diagrams --- - [CLEANUP] Removed Pi-hole mounts, envs, and data ### AdGuard Home Installation (Multiple Attempts) - [ISSUE] MikroTik container root directory disappears on stop (bug) - [WORKAROUND] Use DNS port 5355 to avoid stats.db creation error - [CONTAINER] Final working config: usb1/agh2 root-dir, no mounts - [VERSION] AdGuard Home v0.107.71 ### Configuration Applied via API - [BLOCKLISTS] StevenBlack Hosts, Hagezi Pro, Hagezi NSFW - [RULES] Custom blocks: SentinelOne, Jamfcloud domains - [CLIENTS] 6 devices migrated from Pi-hole - [TLS] Let's Encrypt wildcard cert (*.xtrm-lab.org) ### Encrypted DNS Services - [DOH] Port 443 - Active - [DOT] Port 853 - Active - [DOQ] Port 8853 - Active - [SERVER] dns.xtrm-lab.org ### NAT Rules Updated - [NAT] DNS Force: 53 → 172.17.0.5:5355 (UDP/TCP) - [NAT] Web UI: 80 → 172.17.0.5:80 - [NAT] DoT: 853 → 172.17.0.5:853 - [NAT] DoH: 443 → 172.17.0.5:443 ### Migration Data Saved - [FILE] /mnt/user/appdata/adguard-migration.json - [DATA] Blocklists, rules, clients for future Unraid migration ### Known Issues - [BUG] MikroTik container root-dir disappears on stop - DO NOT RESTART - [INCOMPATIBLE] nebula-sync crash-looping (Pi-hole ↔ AdGuard incompatible) --- ## 2026-01-21 - Rclone & Cloud Backup Setup ### Rclone Installation & Configuration - [SERVICE] Installed rclone on Unraid - [CONFIG] Configured Google Drive remote (drive:) - [SYNC] Initial sync completed for backup folders ### Flash Backup Updates - [SCRIPT] Updated flash-backup script output path - [PATH] Changed from /mnt/user/backup/unraid-flash to /mnt/user/Backup/unraid-flash - [SYNC] Synced to drive:Backups/unraid-flash (371 MiB) --- ## 2026-01-21 - Pi-hole Version Sync Automation ### MikroTik Pi-hole Update - [CONTAINER] Updated MikroTik Pi-hole to v6.4.1 (matching Unraid) - [CONFIG] Enabled FTLCONF_webserver_api_app_sudo=true for nebula-sync - [FIX] Resolved nebula-sync crash loop (was failing with HTTP 400) ### Version Sync Script - [SCRIPT] Created pihole-version-sync User Script - [SCHEDULE] Runs daily at 4:00 AM - [PATH] /boot/config/plugins/user.scripts/scripts/pihole-version-sync/ --- ## 2026-01-19 - Phase 8 Enhanced Network Mapping ### MikroTik DHCP Sync - [SCRIPT] Created mikrotik_dhcp_to_netbox.sh - [SYNC] 29 DHCP leases synced to NetBox IPs ### Slurpit Plugin Installation - [PLUGIN] Installed slurpit_netbox v1.2.7 - [CONFIG] Plugin configuration at /mnt/user/appdata/netbox/config/plugins.py --- ## 2026-01-18 - Phase 7 Gitea & Woodpecker CI ### Gitea Setup - [SERVICE] gitea container deployed - [URL] https://git.xtrm-lab.org - [AUTH] Integrated with Authentik OAuth2 ### Woodpecker CI - [SERVICE] woodpecker-server and woodpecker-agent deployed - [URL] https://ci.xtrm-lab.org - [AUTH] Integrated with Gitea OAuth2 --- ## Previous Changes See git history for earlier changes.