jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
81f2f03400f6ba79bf72287aca9242b8a99b9082
infrastructure/docs/00-CHANGELOG.md
XTRM-Unraid ca0af337c3
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
VLAN Phase 1: Infrastructure ready (filtering not yet enabled) 
Created without disruption:
- 6 VLANs (10,20,30,35,40,50) on bridge
- DHCP pools and servers for each VLAN
- Inter-VLAN firewall rules
- WiFi SSIDs: Home-Trusted, Home-IoT, Home-Guest
- Legacy 192.168.31.0/24 still active

Next: Enable VLAN filtering to activate segmentation
2026-01-25 15:56:20 +02:00

4.4 KiB
Raw Blame History

Infrastructure Changelog

Purpose: Major infrastructure events only. Minor changes are in git commit messages.

2026-01

2026-01-25

  • [INCIDENT] DNS outage after MikroTik restart - multiple root causes fixed:
    • NAT rules blocking AdGuard outbound DNS (added exception rules)
    • DHCP pushing wrong DNS (8.8.8.8 → 192.168.31.1)
    • NAT redirect pointing to wrong IP/port (172.17.0.5:5355 → 192.168.31.4:53)
    • Asymmetric routing (added srcnat masquerade for DNS redirect)
  • [SERVICE] Removed MikroTik AdGuard Home container (storage/overlay errors)
  • [SERVICE] Removed MikroTik Tailscale container (root directory missing)
  • [SERVICE] Removed Pi-hole/Unbound leftovers from MikroTik (veth, mounts, envs)
  • [NETWORK] Consolidated DNS architecture: MikroTik → Unraid AdGuard (192.168.31.4) only
  • [DOCS] Created incident reports in docs/incidents/
  • [DOCS] Restructured documentation - consolidated into 5 core docs + archive
  • [NETBOX] Added shelf devices for rack organization (U9, U7, U3)

2026-01-24

  • [NETBOX] Standardized device names to NetBox convention (HAP1, CSS1, ZX1)
  • [DOCS] Created NETWORK-PHYSICAL-MAP.md with complete port maps

2026-01-23

  • [SERVICE] Deployed Diode network discovery stack
  • [SERVICE] Removed Slurp'it (replaced by Diode + NetDisco)
  • [SERVICE] Consolidated NetBox Redis to shared instance
  • [SERVICE] Removed redundant DNS services (Unbound, DoH-Server, stunnel-dot)

2026-01-22

  • [SERVICE] Migrated NetBox to shared PostgreSQL 17
  • [SERVICE] Deployed AdGuard Home on MikroTik (primary DNS)
  • [SERVICE] Deployed AdGuard Home on Unraid (secondary DNS)
  • [SERVICE] Removed Pi-hole (replaced by AdGuard Home)
  • [DOCS] Created INFRASTRUCTURE-DIAGRAM.md

2026-01-21

  • [BACKUP] Configured Rclone sync to Google Drive

2026-01-19

  • [SERVICE] Deployed NetBox IPAM/DCIM
  • [SERVICE] Deployed NetDisco network discovery
  • [NETWORK] Enabled SNMP on all MikroTik devices

2026-01-18

  • [SERVICE] Deployed Gitea git server
  • [SERVICE] Deployed Woodpecker CI
  • [NETWORK] Configured CAPsMAN on HAP1
  • [WIRELESS] CAP added to CAPsMAN management

2026-01-17

  • [SERVICE] Deployed Portainer CE

Format Guide

### YYYY-MM-DD
- **[CATEGORY]** Brief description

Categories:
- [DEVICE] - Hardware added/removed/changed
- [SERVICE] - Container/service deployed/removed
- [NETWORK] - Network topology/config changes
- [WIRELESS] - WiFi/CAPsMAN changes
- [BACKUP] - Backup configuration
- [DOCS] - Major documentation changes
- [INCIDENT] - Outages and fixes

Previous History

For detailed history before 2026-01-17, see archived changelogs:

  • archive/06-CHANGELOG.md
  • archive/07-CHANGELOG.md
  • archive/00-CHANGELOG.md

2026-01-25

  • [PHASE DNS] MikroTik AdGuard Home container installed - COMPLETED
    • Container: adguardhome v0.107.71 on veth-adguard (172.17.0.2/24)
    • Upstreams: 192.168.31.4 (Unraid AdGuard), 8.8.8.8, 1.1.1.1
    • TLS enabled with Let's Encrypt cert for dns.xtrm-lab.org
    • DoT on port 853, DoH on port 8443 (external)
    • LAN DNS redirect updated to use MikroTik AdGuard
    • Old docker-bridge removed (routing conflict)
    • Web UI at http://192.168.31.1:3000
  • [ISSUE] Container failed after restart with 'could not load config json'
    • Fix: Removed and recreated container, added mountlists, restarted
    • AdGuard config preserved (on separate mount)
    • Documented fix in 09-MIKROTIK-ADGUARD-DOT-DOH.md
  • [CONTAINERS] Created container bridge (containers-br) for shared networking
    • Both AdGuard and Tailscale containers now use the same bridge
    • Added NAT masquerade for container outbound traffic
  • [SERVICE] Tailscale container installed and running
    • Image: tailscale/tailscale:latest
    • IP: 172.17.0.3/24 on veth-tailscale
    • State persisted to usb1/tailscale/state
    • Userspace mode enabled

2026-01-25 (VLAN Implementation)

  • [VLAN] Created VLAN interfaces on bridge:
    • VLAN 10: Management (192.168.10.0/24)
    • VLAN 20: Trusted (192.168.20.0/24)
    • VLAN 30: IoT (192.168.30.0/24)
    • VLAN 35: Cameras (192.168.35.0/24)
    • VLAN 40: Servers (192.168.40.0/24)
    • VLAN 50: Guest (192.168.50.0/24)
  • [VLAN] DHCP servers configured for all VLANs
  • [VLAN] Inter-VLAN firewall rules created
  • [VLAN] WiFi SSIDs created: Home-Trusted, Home-IoT, Home-Guest
  • [STATUS] VLAN filtering NOT yet enabled (Phase 1 complete)
  • [NOTE] Legacy 192.168.31.0/24 still active for transition
Reference in New Issue View Git Blame Copy Permalink