jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
397c9a1db9c7a99c992b54a1f8dae6dcd576ad89
infrastructure/docs/INFRASTRUCTURE-DIAGRAM.md
XTRM-Unraid 682aceb8e0
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
Cleanup: Remove Pi-hole, add AdGuard Home Sync, add Uptime Kuma monitors 
- Removed Pi-hole container (using MikroTik AdGuard Home as primary)
- Removed nebula-sync container (not in use)
- Added adguardhome-sync for rule syncing between MikroTik and Unraid AdGuard
- Added 27 monitors to Uptime Kuma for all services
- Updated container IP assignments
- Migrated NetBox to shared postgresql17

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-22 23:22:42 +02:00

11 KiB
Raw Blame History

Infrastructure Diagram - xtrm-lab.org

Generated: 2026-01-22 Domain: xtrm-lab.org WAN IP: 62.73.120.142

Network Topology Overview

graph TB
    subgraph Internet
        WAN[/"🌐 Internet<br/>WAN: 62.73.120.142"/]
    end
    subgraph Router["MikroTik hAP ax³ (192.168.31.1)"]
        direction TB
        subgraph RouterContainers["Docker Containers"]
            AGH["🛡️ AdGuard Home<br/>172.17.0.5<br/>DNS/DoH/DoT/DoQ"]
            TS["🔗 Tailscale<br/>172.17.0.4"]
        end
    end
    subgraph LAN["LAN Network (192.168.31.0/24)"]
        Switch["🔌 CSS326 Switch<br/>192.168.31.9"]
        AP["📶 cAP ac<br/>192.168.31.6"]
        Unraid["🖥️ Unraid Server<br/>192.168.31.2"]
    end
    WAN --> Router
    Router --> Switch
    Switch --> AP
    Switch --> Unraid

Port Forwarding / NAT Rules

flowchart LR
    subgraph WAN["Internet (62.73.120.142)"]
        P80[":80"]
        P443[":443"]
        P853[":853"]
        P8853[":8853"]
        P32400[":32400"]
        P51413[":51413"]
        P21115[":21115-21119"]
    end
    subgraph Destinations
        Traefik80["Traefik<br/>192.168.31.2:8001"]
        Traefik443["Traefik<br/>192.168.31.2:44301"]
        DoT["AdGuard DoT<br/>172.17.0.5:853"]
        DoQ["AdGuard DoQ<br/>172.17.0.5:8853"]
        Plex["Plex<br/>192.168.31.2:32400"]
        Transmission["Transmission<br/>192.168.31.2:51413"]
        RustDesk["RustDesk<br/>192.168.31.2"]
    end
    P80 --> Traefik80
    P443 --> Traefik443
    P853 --> DoT
    P8853 --> DoQ
    P32400 --> Plex
    P51413 --> Transmission
    P21115 --> RustDesk

Unraid Docker Services

Core Infrastructure & Security

flowchart TB
    subgraph Core["Core Infrastructure"]
        dockersocket["🔌 dockersocket<br/>172.18.0.2:2375"]
        traefik["🔀 traefik<br/>172.18.0.3<br/>:8001→80, :44301→443"]
        homarr["🏠 homarr<br/>172.18.0.4<br/>xtrm-lab.org"]
    end
    subgraph Security["Security & Identity"]
        authentik["🔐 authentik<br/>172.18.0.11<br/>auth.xtrm-lab.org"]
        authentik_worker["⚙️ authentik-worker<br/>172.18.0.12"]
        vaultwarden["🔑 vaultwarden<br/>172.18.0.15<br/>vault.xtrm-lab.org"]
    end
    subgraph Databases["Databases"]
        postgresql["🐘 postgresql17<br/>172.18.0.13:5432"]
        redis["📦 Redis<br/>172.18.0.14:6379"]
    end
    traefik --> dockersocket
    authentik --> postgresql
    authentik --> redis
    authentik_worker --> authentik

DevOps & CI/CD

flowchart TB
    subgraph DevOps["DevOps Stack"]
        gitea["📚 gitea<br/>172.18.0.31<br/>git.xtrm-lab.org<br/>:2222→22, :3005→3000"]
        woodpecker_server["🪵 woodpecker-server<br/>172.18.0.32<br/>ci.xtrm-lab.org"]
        woodpecker_agent["🤖 woodpecker-agent<br/>172.18.0.33"]
    end
    gitea --> woodpecker_server
    woodpecker_server --> woodpecker_agent

DNS Infrastructure

flowchart TB
    subgraph RouterDNS["MikroTik Router DNS"]
        adguard["🛡️ AdGuard Home<br/>172.17.0.5<br/>PRIMARY<br/>DoH/DoT/DoQ"]
    end
    subgraph UnraidDNS["Unraid DNS (Secondary)"]
        pihole["🕳️ Pi-hole<br/>192.168.31.4<br/>ph1.xtrm-lab.org"]
        unbound["🔄 Unbound<br/>192.168.31.5<br/>Recursive DNS"]
        doh_server["🌐 DoH-Server<br/>172.18.0.22"]
    end
    adguard -->|Fallback| pihole
    pihole --> unbound

Network Management

flowchart TB
    subgraph NetMgmt["Network Management"]
        netbox["📋 NetBox<br/>172.24.0.5<br/>netbox.xtrm-lab.org"]
        netdisco["🔍 NetDisco<br/>172.18.0.41<br/>netdisco.xtrm-lab.org"]
        unimus["💾 Unimus<br/>unimus.xtrm-lab.org<br/>Config Backup"]
        slurpit["🔎 Slurp'it<br/>slurpit.xtrm-lab.org<br/>Network Discovery"]
    end
    subgraph NetBoxStack["NetBox Stack"]
        nb_postgres["🐘 netbox-postgres<br/>172.24.0.4"]
        nb_redis["📦 netbox-redis<br/>172.24.0.2"]
        nb_worker["⚙️ netbox-worker<br/>172.24.0.6"]
    end
    netbox --> nb_postgres
    netbox --> nb_redis
    nb_worker --> netbox

Monitoring

flowchart TB
    subgraph Monitoring["Monitoring Stack"]
        uptime["📊 Uptime Kuma<br/>172.18.0.20<br/>uptime.xtrm-lab.org"]
        uptime_api["🔌 Uptime-Kuma-API<br/>172.18.0.18"]
        autokuma["🤖 AutoKuma<br/>172.18.0.19"]
        netalert["🚨 NetAlertX<br/>netalert.xtrm-lab.org"]
        speedtest["📈 Speedtest<br/>172.18.0.21<br/>speedtest.xtrm-lab.org"]
    end
    autokuma --> uptime
    uptime_api --> uptime

Media & Storage

flowchart TB
    subgraph Media["Media & Storage"]
        plex["🎬 Plex<br/>:32400<br/>plex.xtrm-lab.org"]
        nextcloud["☁️ Nextcloud<br/>172.18.0.24<br/>nextcloud.xtrm-lab.org"]
        transmission["📥 Transmission<br/>:9091, :51413"]
        timemachine["🕐 TimeMachine<br/>192.168.31.12"]
        libation["📚 Libation<br/>172.18.0.23<br/>Audiobooks"]
    end

Productivity

flowchart TB
    subgraph Productivity["Productivity Apps"]
        actual["💰 Actual Budget<br/>172.18.0.16<br/>actual.xtrm-lab.org"]
        n8n["⚡ n8n<br/>172.18.0.17<br/>n8n.xtrm-lab.org"]
        karakeep["📝 Karakeep<br/>172.18.0.25<br/>karakeep.xtrm-lab.org"]
    end

Remote Access & Home Automation

flowchart TB
    subgraph Remote["Remote Access"]
        rustdesk_hbbs["🖥️ RustDesk ID<br/>:21115-21119<br/>rustdesk.xtrm-lab.org"]
        rustdesk_hbbr["📡 RustDesk Relay"]
    end
    subgraph Home["Home Automation"]
        ha["🏡 Home Assistant<br/>ha.xtrm-lab.org"]
        urbackup["💾 UrBackup<br/>urbackup.xtrm-lab.org"]
    end
    rustdesk_hbbs --> rustdesk_hbbr

Complete Service Flow

flowchart TB
    subgraph Internet["🌐 Internet"]
        User["👤 User"]
    end
    subgraph MikroTik["MikroTik Router"]
        NAT["NAT/Firewall"]
        AGH["AdGuard Home<br/>DNS/DoH/DoT"]
    end
    subgraph Unraid["Unraid Server"]
        Traefik["Traefik<br/>Reverse Proxy"]
        subgraph Services["Services"]
            Auth["Authentik"]
            Git["Gitea"]
            CI["Woodpecker"]
            NB["NetBox"]
            UK["Uptime Kuma"]
            PX["Plex"]
            NC["Nextcloud"]
            HA["Home Assistant"]
        end
    end
    User -->|HTTPS :443| NAT
    User -->|DoH/DoT| AGH
    NAT -->|:44301| Traefik
    Traefik --> Auth
    Traefik --> Git
    Traefik --> CI
    Traefik --> NB
    Traefik --> UK
    Traefik --> NC
    NAT -->|:32400| PX
    Traefik --> HA

Docker Networks

flowchart TB
    subgraph dockerproxy["dockerproxy (172.18.0.0/16)"]
        dp_traefik["traefik"]
        dp_authentik["authentik"]
        dp_gitea["gitea"]
        dp_homarr["homarr"]
        dp_uptime["UptimeKuma"]
        dp_more["...40+ services"]
    end
    subgraph netbox_net["netbox (172.24.0.0/16)"]
        nb_main["netbox"]
        nb_pg["netbox-postgres"]
        nb_redis["netbox-redis"]
    end
    subgraph br0["br0 macvlan (192.168.31.0/24)"]
        br_pihole["Pi-hole<br/>192.168.31.4"]
        br_unbound["Unbound<br/>192.168.31.5"]
        br_tm["TimeMachine<br/>192.168.31.12"]
    end
    subgraph host_net["host network"]
        h_plex["plex"]
        h_netalert["NetAlertX"]
        h_unimus["unimus"]
        h_ha["HomeAssistant"]
    end

Service Summary Tables

Core Infrastructure

Service Container IP Ports URL
Reverse Proxy traefik 172.18.0.3 8001→80, 44301→443 traefik.xtrm-lab.org
Docker Socket dockersocket 172.18.0.2 2375 -
Dashboard homarr 172.18.0.4 10004→7575 xtrm-lab.org

Security & Identity

Service Container IP Ports URL
Identity Provider authentik 172.18.0.11 9000, 9443 auth.xtrm-lab.org
Password Manager vaultwarden 172.18.0.15 4743→80 vault.xtrm-lab.org

DNS Infrastructure

Service Container IP Ports URL
AdGuard Home adguardhome 172.17.0.5 5355, 443, 853, 8853 dns.xtrm-lab.org
Unbound unbound 192.168.31.5 53 -

DevOps & CI/CD

Service Container IP Ports URL
Git Server gitea 172.18.0.31 2222→22, 3005→3000 git.xtrm-lab.org
CI/CD Server woodpecker-server 172.18.0.32 80, 443, 8000 ci.xtrm-lab.org

Network Management

Service Container IP Ports URL
NetBox netbox 172.24.0.5 8090→8080 netbox.xtrm-lab.org
NetDisco netdisco-web 172.18.0.41 5000 netdisco.xtrm-lab.org
Unimus unimus host - unimus.xtrm-lab.org
Slurpit slurpit-portal dockerproxy 80 slurpit.xtrm-lab.org

Monitoring

Service Container IP Ports URL
Uptime Kuma UptimeKuma 172.18.0.20 3001 uptime.xtrm-lab.org
NetAlertX NetAlertX host - netalert.xtrm-lab.org
Speedtest speedtest-tracker 172.18.0.21 1180→80 speedtest.xtrm-lab.org

Media & Storage

Service Container IP Ports URL
Plex plex host 32400 plex.xtrm-lab.org
Nextcloud Nextcloud 172.18.0.24 8666→80 nextcloud.xtrm-lab.org
Transmission transmission bridge 9091, 51413 -

Productivity

Service Container IP Ports URL
Actual Budget actual-budget 172.18.0.16 5006 actual.xtrm-lab.org
n8n n8n 172.18.0.17 5678 n8n.xtrm-lab.org
Karakeep karakeep 172.18.0.25 3000 karakeep.xtrm-lab.org

Remote Access & Backup

Service Container IP Ports URL
RustDesk rustdesk-hbbs bridge 21115-21119 rustdesk.xtrm-lab.org
Home Assistant HomeAssistant_inabox host - ha.xtrm-lab.org
UrBackup UrBackup host - urbackup.xtrm-lab.org

Encrypted DNS Endpoints

Protocol Endpoint Port
DoH https://dns.xtrm-lab.org/dns-query 443
DoT tls://dns.xtrm-lab.org 853
DoQ quic://dns.xtrm-lab.org 8853

Quick Reference

SSH Access:

# Unraid
ssh -i ~/.ssh/id_ed25519_unraid root@192.168.31.2 -p 422
# MikroTik
ssh -i /root/.ssh/mikrotik_key -p 2222 unraid@192.168.31.1

Key URLs:

Reference in New Issue View Git Blame Copy Permalink