infrastructure/docs/00-CHANGELOG.md

Infrastructure Changelog

Purpose: Major infrastructure events only. Minor changes are in git commit messages.

---

2026-01

2026-01-25

• [INCIDENT] DNS outage after MikroTik restart - multiple root causes fixed:
  • NAT rules blocking AdGuard outbound DNS (added exception rules)
  • DHCP pushing wrong DNS (8.8.8.8 → 192.168.31.1)
  • NAT redirect pointing to wrong IP/port (172.17.0.5:5355 → 192.168.31.4:53)
  • Asymmetric routing (added srcnat masquerade for DNS redirect)
• [SERVICE] Removed MikroTik AdGuard Home container (storage/overlay errors)
• [SERVICE] Removed MikroTik Tailscale container (root directory missing)
• [SERVICE] Removed Pi-hole/Unbound leftovers from MikroTik (veth, mounts, envs)
• [NETWORK] Consolidated DNS architecture: MikroTik → Unraid AdGuard (192.168.31.4) only
• [DOCS] Created incident reports in docs/incidents/
• [DOCS] Restructured documentation - consolidated into 5 core docs + archive
• [NETBOX] Added shelf devices for rack organization (U9, U7, U3)

2026-01-24

• [NETBOX] Standardized device names to NetBox convention (HAP1, CSS1, ZX1)
• [DOCS] Created NETWORK-PHYSICAL-MAP.md with complete port maps

2026-01-23

• [SERVICE] Deployed Diode network discovery stack
• [SERVICE] Removed Slurp'it (replaced by Diode + NetDisco)
• [SERVICE] Consolidated NetBox Redis to shared instance
• [SERVICE] Removed redundant DNS services (Unbound, DoH-Server, stunnel-dot)

2026-01-22

• [SERVICE] Migrated NetBox to shared PostgreSQL 17
• [SERVICE] Deployed AdGuard Home on MikroTik (primary DNS)
• [SERVICE] Deployed AdGuard Home on Unraid (secondary DNS)
• [SERVICE] Removed Pi-hole (replaced by AdGuard Home)
• [DOCS] Created INFRASTRUCTURE-DIAGRAM.md

2026-01-21

• [BACKUP] Configured Rclone sync to Google Drive

2026-01-19

• [SERVICE] Deployed NetBox IPAM/DCIM
• [SERVICE] Deployed NetDisco network discovery
• [NETWORK] Enabled SNMP on all MikroTik devices

2026-01-18

• [SERVICE] Deployed Gitea git server
• [SERVICE] Deployed Woodpecker CI
• [NETWORK] Configured CAPsMAN on HAP1
• [WIRELESS] CAP added to CAPsMAN management

2026-01-17

• [SERVICE] Deployed Portainer CE

---

Format Guide

### YYYY-MM-DD
- **[CATEGORY]** Brief description

Categories:
- [DEVICE] - Hardware added/removed/changed
- [SERVICE] - Container/service deployed/removed
- [NETWORK] - Network topology/config changes
- [WIRELESS] - WiFi/CAPsMAN changes
- [BACKUP] - Backup configuration
- [DOCS] - Major documentation changes
- [INCIDENT] - Outages and fixes

---

Previous History

For detailed history before 2026-01-17, see archived changelogs:

• archive/06-CHANGELOG.md
• archive/07-CHANGELOG.md
• archive/00-CHANGELOG.md

2026-01-25

• [PHASE DNS] MikroTik AdGuard Home container installed - COMPLETED
  • Container: adguardhome v0.107.71 on veth-adguard (172.17.0.2/24)
  • Upstreams: 192.168.31.4 (Unraid AdGuard), 8.8.8.8, 1.1.1.1
  • TLS enabled with Let's Encrypt cert for dns.xtrm-lab.org
  • DoT on port 853, DoH on port 8443 (external)
  • LAN DNS redirect updated to use MikroTik AdGuard
  • Old docker-bridge removed (routing conflict)
  • Web UI at http://192.168.31.1:3000
• [ISSUE] Container failed after restart with 'could not load config json'
  • Fix: Removed and recreated container, added mountlists, restarted
  • AdGuard config preserved (on separate mount)
  • Documented fix in 09-MIKROTIK-ADGUARD-DOT-DOH.md
• [CONTAINERS] Created container bridge (containers-br) for shared networking
  • Both AdGuard and Tailscale containers now use the same bridge
  • Added NAT masquerade for container outbound traffic
• [SERVICE] Tailscale container installed and running
  • Image: tailscale/tailscale:latest
  • IP: 172.17.0.3/24 on veth-tailscale
  • State persisted to usb1/tailscale/state
  • Userspace mode enabled