infrastructure/docs/archive/07-CHANGELOG.md

## 2026-01-19 - NetDisco Web UI Fixed
## 2026-01-19 - Phase 8 NetDisco Integration COMPLETED

### All Tasks Completed
- [8.1] SNMP enabled on hAP ax³, cAP ac, CSS326
- [8.2] NetDisco deployed (backend + web containers)
- [8.3] Discovery configured (3 devices discovered)
- [8.4] Traefik ingress with Authentik SSO
- [8.5] NetBox sync script created and tested
- [8.6] All functionality verified

### Key Fix
- [FIX] session_cookie_key missing from database - manually inserted

### Metrics
- Devices discovered: 3
- Ports collected: 52
- MAC addresses tracked: 19

### Access
- External: https://netdisco.xtrm-lab.org (SSO)
- Internal: http://192.168.31.2:5000

---


### Task 8.4: Traefik Ingress - VERIFIED WORKING

**Root Cause:**
- [BUG] session_cookie_key was missing from database
- NetDisco generates this key via netdisco-deploy, but our external PostgreSQL setup skipped this step
- Error: "The setting session_cookie_key must be defined"

**Fix Applied:**
- [DB] Manually inserted dancer_session_cookie_key into sessions table:
  ```sql
  INSERT INTO sessions (id, a_session) VALUES ('dancer_session_cookie_key', md5(random()::text));
  ```

**Verification:**
- [TEST] http://netdisco-web:5000 - WORKING (returns HTML)
- [TEST] https://netdisco.xtrm-lab.org - WORKING (302 redirect to Authentik)

**Access:**
- External URL: https://netdisco.xtrm-lab.org (SSO via Authentik)
- Internal URL: http://192.168.31.2:5000 (direct)
- Database: session_cookie_key stored in PostgreSQL sessions table

---

# Infrastructure Changelog
## 2026-01-19 - NetDisco Traefik Integration

### Task 8.4: Traefik Ingress - COMPLETED

- [TRAEFIK] Added netdisco-secure router to dynamic.yml
- [TRAEFIK] Service: http://netdisco-web:5000
- [AUTH] Protected with authentik-forward-auth middleware
- [DNS] netdisco.xtrm-lab.org (configured by user)
- [URL] https://netdisco.xtrm-lab.org

---

## 2026-01-19 - NetDisco Deployment

### Task 8.2: Deploy NetDisco - COMPLETED

**Database Setup:**
- [DB] Created netdisco_db database in postgresql17
- [DB] Created netdisco_user with password
- [DB] Database schema initialized (96 migrations applied)

**Container Deployment:**
- [SERVICE] netdisco-web: Web UI on port 5000
- [SERVICE] netdisco-backend: SNMP polling daemon
- [CONFIG] deployment.yml configured with SNMP communities
- [CONFIG] Discover schedule: Every 2 hours
- [CONFIG] MAC/ARP polling: Hourly

**Device Discovery:**
- [DISCOVER] 192.168.31.1 (hAP ax³) - Successful
- [DISCOVER] 192.168.31.6 (cAP ac) - Successful
- [DISCOVER] 192.168.31.9 (CSS326) - Successful
- [DATA] MAC address tables collected
- [DATA] ARP tables collected

**Access:**
- Web UI: http://192.168.31.2:5000
- Initial auth: no_auth=true (unauthenticated admin)

---

## 2026-01-19 - SNMP Configuration for NetDisco

### Task 8.1: Enable SNMP on MikroTik Devices - COMPLETED

**hAP ax³ (192.168.31.1):**
- [SNMP] Enabled SNMPv2c
- [SNMP] Added `netdisco` community (192.168.31.2 only)
- [SNMP] Restricted `public` community to 192.168.31.2
- [SNMP] Contact: admin@xtrm-lab.org, Location: XTRM Home Lab

**cAP ac (192.168.31.6):**
- [SNMP] Enabled SNMPv2c via REST API
- [SNMP] Added `netdisco` community (192.168.31.2 only)
- [SNMP] Restricted `public` community to 192.168.31.2

**CSS326 (192.168.31.9):**
- [SNMP] Verified SNMP enabled (SwOS default)
- [SNMP] Using `public` community (SwOS single-community limitation)
- [NOTE] SwOS does not support address restrictions via API

**Testing:**
- [TEST] All three devices responding to SNMP queries from Unraid
- [TEST] sysName.0 verified: HAPax3, CAP XL ac, CSS326-24G-2S+

---

## 2026-01-19 - NetDisco Integration Planning

### Phase 8: NetDisco + NetBox Integration
- [DOCS] Created 12-PHASE8-NETDISCO-INTEGRATION.md
- [PLANNING] NetDisco deployment for SNMP-based network discovery
- [PLANNING] MikroTik SNMP configuration (hAP ax³, CSS326, cAP ac)
- [PLANNING] NetBox integration via plugin or custom API sync
- [DECISION] Keep NetAlertX running in parallel during transition

### MikroTik SNMP Support Confirmed
- hAP ax³ (RouterOS 7.x): Full SNMPv1/v2c/v3 support
- CSS326 (SwOS): SNMPv1/v2c read-only support
- cAP ac (RouterOS 7.x): Full SNMPv1/v2c/v3 support

### Resources
- [NetDisco](https://netdisco.org/)
- [NetBox Plugin for NetDisco](https://github.com/mksoska/netbox-plugin-netdisco)

---


## 2026-01-19 - NetBox IPAM/DCIM Deployment

### NetBox Installation
- [SERVICE] netbox: Deployed NetBox IPAM/DCIM on port 8090
- [SERVICE] netbox-worker: Background task worker
- [SERVICE] netbox-housekeeping: Database maintenance
- [SERVICE] netbox-postgres: Dedicated PostgreSQL 16 database
- [SERVICE] netbox-redis: Persistent Redis for queues
- [SERVICE] netbox-redis-cache: Redis cache instance

### Configuration
- URL: https://netbox.xtrm-lab.org
- Local: http://192.168.31.2:8090
- Network: dockerproxy (for Traefik) + netbox (internal)
- Data: /mnt/user/appdata/netbox/

### DNS
- [DNS] Added netbox.xtrm-lab.org to Cloudflare

### Purpose
- IP Address Management (IPAM)
- Data Center Infrastructure Management (DCIM)
- VLAN documentation and planning
- Network device inventory
- Cable/connection tracking

---

## 2026-01-18 - MikroTik WiFi & CAPsMAN Configuration

### CAPsMAN Setup
- [MIKROTIK] Configured CAPsMAN on hAP ax³ (192.168.31.1) as WiFi controller
- [MIKROTIK] Added cAP ac (192.168.31.6) as managed access point
- [MIKROTIK] Created provisioning rules for 2.4GHz and 5GHz bands
- [MIKROTIK] cAP ac radios now managed by CAPsMAN (configuration.manager=capsman)

### WiFi Security Updates
- [WIFI] XTRM (2.4GHz): Changed from WPA2/WPA3 to WPA/WPA2 for legacy device support
- [WIFI] XTRM2 (IoT): Changed from WPA2/WPA3 to WPA/WPA2 for legacy device support
- [WIFI] XTRM (5GHz): Remains WPA2/WPA3
- [WIFI] Fixed configuration band mismatch (cfg-XTRM5g had 2ghz-n, cfg-XTRM2g had 5ghz-ac)

### SSH Key Configuration
- [SSH] Added SSH key to cAP ac for xtrm user (key-based auth from Desktop)
- [SSH] Documented SSH access for both MikroTik devices

### Documentation
- [DOCS] Created 09-MIKROTIK-WIFI-CAPSMAN.md with full WiFi/CAPsMAN configuration
- [DOCS] Updated 00-CURRENT-STATE.md with cAP ac device info and WiFi networks
- [DOCS] Added WiFi passwords and connection details to documentation

### Issue Resolved
- [FIX] iPad 2 connectivity issue - resolved by enabling WPA-PSK on 2.4GHz networks

---

## 2026-01-18 - Docker Organization & Container Fixes

### FolderView2 Categories Reorganized
- [UNRAID] Reorganized Docker containers into 10 categories
- Categories: Infrastructure, Security, Monitoring, DevOps, Media, Storage/Backup, Productivity, Smart Home, Remote Access, Management
- Icon collection: Dazzle Line Icons (https://www.svgrepo.com/collection/dazzle-line-icons/)
- Deleted old categories: Cloud, Dashboards and Stats, Finance, Databases, Network, Network Monitoring, Automation, Backup

### Container Icon Fixes
- [SERVICE] rustfs: Fixed missing icon (was 404), now uses GitHub org avatar
- [SERVICE] gitea: Fixed webui label (was template syntax, now https://git.xtrm-lab.org)
- [SERVICE] woodpecker-server: Fixed icon URL (woodpecker.png → woodpecker-ci.png)
- [SERVICE] woodpecker-agent: Fixed icon URL (woodpecker.png → woodpecker-ci.png)

### Documentation
- [DOCS] Added Unraid Docker Organization section to 00-CURRENT-STATE.md

## 2026-01-18
- [INFRA] Added pending task: Static IP assignment for critical services on dockerproxy and bridge networks
- [SERVICE] postgresql17: Recreated container (was stopped due to port conflict)
- [SERVICE] authentik + authentik-worker: Restarted after PostgreSQL fix
- [TEMPLATE] Added RustDesk container templates with icons
- [TEMPLATE] Updated Pi-hole template with proper Unraid CA metadata


Track all changes to services, configurations, and phase progress.

---

## 2026-01-17 - Homarr + Portainer Integration

### Portainer App Added to Homarr
- [SERVICE] homarr: Added Portainer app to dashboard
- Section: Monitoring
- URL: http://100.100.208.70:9002 (Tailscale)
- Ping URL: http://192.168.31.2:9002 (LAN)

### Docker Integration Added
- [SERVICE] homarr: Added Docker integration via socket
- Integration name: Docker (Unraid)
- Socket: unix:///var/run/docker.sock
- Linked to Portainer app for container status display

### Database Changes
- Added app record for Portainer
- Added item and item_layout for Monitoring section
- Added integration record for Docker
- Linked integration to Portainer item

### Access
- Homarr: https://xtrm-lab.org
- Portainer visible in Monitoring section

---

## 2026-01-17 - Phase 6.2/6.3 Cancelled: MikroTik Incompatible

### Discovery
- MikroTik RouterOS containers are NOT Docker-based
- No `/var/run/docker.sock` exists on MikroTik
- Portainer cannot connect to MikroTik's container runtime

### What Was Attempted
- Created veth-socat interface (172.17.0.5)
- Deployed alpine/socat container
- Added firewall and NAT rules for port 2375
- Socat failed: `No such file or directory` for docker.sock

### Cleanup Performed
- Removed socat container
- Removed veth-socat interface and bridge port
- Removed docker_sock mount
- Removed firewall/NAT rules for port 2375

### Conclusion
- Phase 6.2 and 6.3 are NOT FEASIBLE
- MikroTik containers must be managed via RouterOS CLI/WebFig
- Portainer remains useful for Unraid-only container management

### Status Update
- [PHASE 6.1] COMPLETED - Portainer managing Unraid
- [PHASE 6.2] CANCELLED - MikroTik incompatible
- [PHASE 6.3] CANCELLED - MikroTik incompatible

---

## 2026-01-17 - Unraid Container Labels Fixed

### Containers Updated
- [SERVICE] unbound: Added Unraid labels (`net.unraid.docker.managed`, `net.unraid.docker.icon`)
- [SERVICE] portainer: Added Unraid labels + Tailscale labels

### Portainer Labels
- `net.unraid.docker.managed=dockerman`
- `net.unraid.docker.icon` - Portainer icon
- `net.unraid.docker.webui=http://100.100.208.70:9002`
- `tailscale.expose=true`
- `tailscale.host=100.100.208.70`
- `tailscale.port=9002`

### Unbound Labels
- `net.unraid.docker.managed=dockerman`
- `net.unraid.docker.icon` - Unbound icon

### Note
Both containers recreated to apply labels. Services verified working after recreation.

---

## 2026-01-17 - Phase 6.1 Completed: Portainer CE Deployed

### Portainer CE Installation
- [PHASE 6.1] Portainer CE deployed on Unraid - COMPLETED
- Container: `portainer/portainer-ce:latest`
- HTTP Port: **9002** (changed from 9000 due to Authentik conflict)
- HTTPS Port: **9444**
- Data: `/mnt/user/appdata/portainer`
- LAN URL: `http://192.168.31.2:9002`
- Tailscale URL: `http://100.100.208.70:9002`

### Port Conflict Resolution
- Original plan: port 9000
- Conflict: Authentik already using port 9000
- Resolution: Mapped to port 9002 (HTTP) and 9444 (HTTPS)

### Next Steps
- Phase 6.2: Deploy Socat proxy on MikroTik (port 2375)
- Phase 6.3: Connect MikroTik environment to Portainer

### Status
- [PHASE 6.1] COMPLETED - Portainer running, needs initial setup via web UI
- [PHASE 6.2] NOT STARTED
- [PHASE 6.3] NOT STARTED

---

## 2026-01-17 - Phase 6 Added: Multi-Host Docker Management

### New Documentation
- [PHASE 6] Created 06-PHASE6-PORTAINER-MANAGEMENT.md
- Portainer CE deployment plan for unified Docker management
- Covers Unraid local setup and MikroTik remote API via Socat

### Phase 6 Components
- Phase 6.1: Portainer CE installation on Unraid (port 9002)
- Phase 6.2: MikroTik Socat proxy for Docker API exposure (port 2375)
- Phase 6.3: Unified dashboard connection

### Security Considerations
-