jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
01e85196395e461c8dec70ed7fd864eb86bcbfe1
infrastructure/docs/06-CHANGELOG.md
XTRM-Unraid ac9038a189
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
Add Slurp'it network discovery setup and agent service accounts 
- Enable SNMP on MikroTik router
- Configure SNMP v2c credentials (public, netdisco)
- Create agent service account on Unraid, router, AP
- Document network discovery stack (Slurp'it, NetDisco, NetBox)
- Update changelog with configuration changes
2026-01-22 20:08:16 +02:00

149 lines
4.8 KiB
Markdown
Raw Blame History

## 2026-01-22 - Slurp'it Network Discovery Setup
### SNMP Configuration
- [MIKROTIK] Enabled SNMP on router (192.168.31.1)
- [SNMP] Communities configured: public, netdisco
- [DISCOVERY] MikroTik router discovered via SNMP
### Agent Service Account
- [UNRAID] Created agent user with SSH key access (port 422)
- [MIKROTIK-ROUTER] Created agent user with SSH key (port 2222)
- [MIKROTIK-AP] Created agent user with password auth (port 2222)
- [SWITCH] CSS326 uses SwOS - no SSH support
### Slurp'it Configuration
- [SNMP] Added SNMP v2c credentials to vault (public, netdisco)
- [NETBOX] Enabled NetBox integration plugin
- [SCAN] Configured scan target: 192.168.31.0/24
### Documentation
- [DOCS] Added Network Discovery section to 00-CURRENT-STATE.md
- [DOCS] Created AGENT-CREDENTIALS.md (gitignored)
- [DIAGRAM] Added INFRASTRUCTURE-DIAGRAM.md with complete topology
---
## 2026-01-22 - MikroTik DNS Migration to AdGuard Home
### Pi-hole Removal from MikroTik
- [CONTAINER] Removed Pi-hole container from MikroTik
- [STORAGE] Freed internal flash storage
## 2026-01-22 - AdGuard Home Migration Complete
### MikroTik AdGuard Home - Persistence Fix
- [CONTAINER] Fixed container persistence issue (root-dir on disk1, data on usb1)
- [CONFIG] Container now survives stop/start cycles
- [MOUNT] agh-work mount: usb1/adguard-home/work → /opt/adguardhome/work
### Unraid AdGuard Home - Replaces Pi-hole
- [CONTAINER] Deployed AdGuard Home on br0 macvlan network
- [IP] 192.168.31.4 (same IP as Pi-hole was using)
- [STOPPED] binhex-official-pihole container stopped (not removed)
- [CONFIG] Same credentials and rules as MikroTik instance
### Configuration Sync (Both Instances)
- [DNS] Upstream: Quad9 DoH (dns10.quad9.net)
- [TLS] Let's Encrypt wildcard cert for *.xtrm-lab.org
- [CLIENTS] 6 clients configured with MAC addresses
- [RULES] Custom filtering rules for SentinelOne, Jamf
### Documentation
- [DOCS] Updated 00-CURRENT-STATE.md with Mermaid diagrams
- [DIAGRAM] Added network topology and DNS architecture diagrams
---
- [CLEANUP] Removed Pi-hole mounts, envs, and data
### AdGuard Home Installation (Multiple Attempts)
- [ISSUE] MikroTik container root directory disappears on stop (bug)
- [WORKAROUND] Use DNS port 5355 to avoid stats.db creation error
- [CONTAINER] Final working config: usb1/agh2 root-dir, no mounts
- [VERSION] AdGuard Home v0.107.71
### Configuration Applied via API
- [BLOCKLISTS] StevenBlack Hosts, Hagezi Pro, Hagezi NSFW
- [RULES] Custom blocks: SentinelOne, Jamfcloud domains
- [CLIENTS] 6 devices migrated from Pi-hole
- [TLS] Let's Encrypt wildcard cert (*.xtrm-lab.org)
### Encrypted DNS Services
- [DOH] Port 443 - Active
- [DOT] Port 853 - Active
- [DOQ] Port 8853 - Active
- [SERVER] dns.xtrm-lab.org
### NAT Rules Updated
- [NAT] DNS Force: 53 → 172.17.0.5:5355 (UDP/TCP)
- [NAT] Web UI: 80 → 172.17.0.5:80
- [NAT] DoT: 853 → 172.17.0.5:853
- [NAT] DoH: 443 → 172.17.0.5:443
### Migration Data Saved
- [FILE] /mnt/user/appdata/adguard-migration.json
- [DATA] Blocklists, rules, clients for future Unraid migration
### Known Issues
- [BUG] MikroTik container root-dir disappears on stop - DO NOT RESTART
- [INCOMPATIBLE] nebula-sync crash-looping (Pi-hole ↔ AdGuard incompatible)
---
## 2026-01-21 - Rclone & Cloud Backup Setup
### Rclone Installation & Configuration
- [SERVICE] Installed rclone on Unraid
- [CONFIG] Configured Google Drive remote (drive:)
- [SYNC] Initial sync completed for backup folders
### Flash Backup Updates
- [SCRIPT] Updated flash-backup script output path
- [PATH] Changed from /mnt/user/backup/unraid-flash to /mnt/user/Backup/unraid-flash
- [SYNC] Synced to drive:Backups/unraid-flash (371 MiB)
---
## 2026-01-21 - Pi-hole Version Sync Automation
### MikroTik Pi-hole Update
- [CONTAINER] Updated MikroTik Pi-hole to v6.4.1 (matching Unraid)
- [CONFIG] Enabled FTLCONF_webserver_api_app_sudo=true for nebula-sync
- [FIX] Resolved nebula-sync crash loop (was failing with HTTP 400)
### Version Sync Script
- [SCRIPT] Created pihole-version-sync User Script
- [SCHEDULE] Runs daily at 4:00 AM
- [PATH] /boot/config/plugins/user.scripts/scripts/pihole-version-sync/
---
## 2026-01-19 - Phase 8 Enhanced Network Mapping
### MikroTik DHCP Sync
- [SCRIPT] Created mikrotik_dhcp_to_netbox.sh
- [SYNC] 29 DHCP leases synced to NetBox IPs
### Slurpit Plugin Installation
- [PLUGIN] Installed slurpit_netbox v1.2.7
- [CONFIG] Plugin configuration at /mnt/user/appdata/netbox/config/plugins.py
---
## 2026-01-18 - Phase 7 Gitea & Woodpecker CI
### Gitea Setup
- [SERVICE] gitea container deployed
- [URL] https://git.xtrm-lab.org
- [AUTH] Integrated with Authentik OAuth2
### Woodpecker CI
- [SERVICE] woodpecker-server and woodpecker-agent deployed
- [URL] https://ci.xtrm-lab.org
- [AUTH] Integrated with Gitea OAuth2
---
## Previous Changes
See git history for earlier changes.
Reference in New Issue View Git Blame Copy Permalink