infrastructure/docs/06-CHANGELOG.md

2026-01-22 - MikroTik DNS Migration to AdGuard Home

Pi-hole Removal

• [CONTAINER] Removed Pi-hole container from MikroTik (was 172.17.0.2)
• [STORAGE] Freed 91.2 MiB internal flash storage (was full at 128MB)
• [CLEANUP] Removed Pi-hole mounts, envs, veth interface, and data directories

AdGuard Home Installation

• [CONTAINER] Deployed adguardhome:latest on MikroTik
• [IP] Assigned 172.17.0.5 (veth-adguard interface)
• [STORAGE] Data stored on USB (usb1/adguardhome)
• [VERSION] AdGuard Home v0.107.71

Encrypted DNS Configuration

• [TLS] Configured Let's Encrypt wildcard certificate (*.xtrm-lab.org)
• [DOH] DNS-over-HTTPS enabled on port 443
• [DOT] DNS-over-TLS enabled on port 853
• [DOQ] DNS-over-QUIC enabled on port 8853
• [SERVER] Server name: dns.xtrm-lab.org
• [CERT] Certificate expires: 2026-04-02

NAT Rules Updated

• [NAT] Rule 7: DNS Force now points to 172.17.0.5 (AdGuard Home)
• [NAT] Rule 9: DNS TCP Force now points to 172.17.0.5
• [NAT] Rule 24: AdGuard Home Web UI (192.168.31.1:80 → 172.17.0.5:80)
• [NAT] DoT/DoQ rules to be added for external access

Benefits

• [FEATURE] Native DoH/DoT/DoQ server support (Pi-hole required extra containers)
• [RESOURCE] Reduced container count (no need for separate DoH-Server)
• [STORAGE] Better storage utilization (USB instead of internal flash)

---

2026-01-21 - Rclone & Cloud Backup Setup

Rclone Installation & Configuration

• [SERVICE] Installed rclone on Unraid
• [CONFIG] Configured Google Drive remote (drive:)
• [SYNC] Initial sync completed for backup folders

Flash Backup Updates

• [SCRIPT] Updated flash-backup script output path
• [PATH] Changed from /mnt/user/backup/unraid-flash to /mnt/user/Backup/unraid-flash
• [SYNC] Synced to drive:Backups/unraid-flash (371 MiB)

Cloud Backup Sync

• [SYNC] /mnt/user/Backup/flash -> drive:Backups/flash (60.37 GiB, 49 files)
• [SYNC] /mnt/user/Backup/unraid-flash -> drive:Backups/unraid-flash (371 MiB, 2 files)

---

2026-01-21 - Pi-hole Version Sync Automation

MikroTik Pi-hole Update

• [CONTAINER] Updated MikroTik Pi-hole to v6.3/v6.4/v6.4.1 (matching Unraid)
• [CONFIG] Enabled FTLCONF_webserver_api_app_sudo=true for nebula-sync
• [FIX] Resolved nebula-sync crash loop (was failing with HTTP 400)

Version Sync Script

• [SCRIPT] Created pihole-version-sync User Script
• [SCHEDULE] Runs daily at 4:00 AM
• [FUNCTION] Compares Pi-hole versions and auto-updates MikroTik when needed
• [PATH] /boot/config/plugins/user.scripts/scripts/pihole-version-sync/

2026-01-19 - Phase 8 Enhanced Network Mapping

MikroTik DHCP Sync

• [SCRIPT] Created mikrotik_dhcp_to_netbox.sh
• [SYNC] 29 DHCP leases synced to NetBox IPs
• [DATA] Hostname, MAC, comments captured

Slurpit Plugin Installation

• [PLUGIN] Installed slurpit_netbox v1.2.7
• [BUILD] Created netbox-custom:latest image
• [CONFIG] Plugin configuration at /mnt/user/appdata/netbox/config/plugins.py

Enhanced NetDisco Sync

• [SCRIPT] Updated sync_to_netbox.py with additional data
• [SYNC] Device info, IPs, MACs, ARP table entries
• [DATA] 4 devices synced with full metadata

Unraid SNMP

• [SERVICE] kubedzero/unraid-snmp plugin installed

2026-01-18 - Phase 7 Gitea & Woodpecker CI

Gitea Setup

• [SERVICE] gitea container deployed
• [URL] https://git.xtrm-lab.org
• [AUTH] Integrated with Authentik OAuth2

Woodpecker CI

• [SERVICE] woodpecker-server and woodpecker-agent deployed
• [URL] https://ci.xtrm-lab.org
• [AUTH] Integrated with Gitea OAuth2

Infrastructure Repository

• [REPO] Created infrastructure repo in Gitea
• [DOCS] Migrated all documentation to version control
• [CI] Basic pipeline validation configured

2026-01-14 - Phase 6 Portainer Management

Portainer Setup

• [SERVICE] Portainer Business Edition deployed
• [URL] https://portainer.xtrm-lab.org
• [AUTH] Authentik integration

2026-01-11 - Phase 5 RustDesk Deployment

RustDesk Server

• [SERVICE] rustdesk-hbbs and rustdesk-hbbr deployed
• [PORTS] TCP 21115-21119, UDP 21116
• [CONFIG] Custom relay server configured

Previous Changes

See git history for earlier changes.