jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d8307cfdf3d39b5093cdd12ff6b29610c0e3f505
infrastructure/docs/00-CURRENT-STATE.md
XTRM-Unraid d8307cfdf3
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
docs: Update infrastructure state with diagrams and cleanup
2026-01-23 21:51:35 +02:00

7.7 KiB
Raw Blame History

Infrastructure Current State: xtrm-lab.org

Document Updated: 2026-01-23

Target Domain: xtrm-lab.org

Network Topology Diagram

graph TB
    subgraph Internet
        WAN["WAN: 62.73.120.142"]
    end

    subgraph MikroTik["MikroTik hAP ax³ (192.168.31.1)"]
        ROUTER["RouterOS 7.20.6"]
        subgraph MK_Containers["Docker Containers"]
            AGH_MK["AdGuard Home<br/>172.17.0.5:5355<br/>dns.xtrm-lab.org"]
            TS["Tailscale<br/>172.17.0.4"]
        end
    end

    subgraph Switch["CSS326-24G-2S+ (192.168.31.9)"]
        SW["24-Port Managed Switch"]
    end

    subgraph AP["cAP ac (192.168.31.6)"]
        WIFI["CAPsMAN AP"]
    end

    subgraph Unraid["Unraid Server (192.168.31.2)"]
        subgraph SharedServices["Shared Services"]
            POSTGRES["PostgreSQL 17<br/>172.18.0.13"]
            REDIS["Redis<br/>172.18.0.14"]
        end
        subgraph Core["Core Services"]
            TRAEFIK["Traefik<br/>172.18.0.3"]
            HOMARR["Homarr<br/>172.18.0.4"]
        end
        subgraph Security["Security"]
            AUTH["Authentik<br/>172.18.0.11"]
            VAULT["Vaultwarden<br/>172.18.0.15"]
        end
        subgraph DNS_Unraid["DNS Services"]
            AGH_UR["AdGuard Home<br/>192.168.31.4<br/>dns2.xtrm-lab.org"]
        end
        subgraph DevOps["DevOps"]
            GITEA["Gitea<br/>172.18.0.31"]
            WOODPECKER["Woodpecker CI<br/>172.18.0.32"]
        end
        subgraph NetBoxStack["Network Inventory"]
            NETBOX["NetBox<br/>172.18.0.61"]
            DIODE["Diode Stack<br/>172.18.0.70-74"]
            NETDISCO["NetDisco<br/>172.18.0.41-42"]
        end
    end

    WAN --> ROUTER
    ROUTER --> AGH_MK
    ROUTER --> SW
    SW --> Unraid
    SW --> AP
    AGH_MK -.->|sync| AGH_UR

Service Architecture Diagram

flowchart TB
    subgraph SharedServices["Shared Infrastructure"]
        PG[("PostgreSQL 17<br/>172.18.0.13")]
        RD[("Redis<br/>172.18.0.14")]
    end

    subgraph NetBoxStack["Network Inventory Stack"]
        NB["NetBox<br/>172.18.0.61"]
        NBW["NetBox Worker<br/>172.18.0.62"]
        NBC[("Redis Cache<br/>172.18.0.64")]
        
        subgraph Diode["Diode Discovery"]
            DI["Ingress<br/>172.18.0.70"]
            DIN["Ingester<br/>172.18.0.71"]
            DRE["Reconciler<br/>172.18.0.72"]
            DHY["Hydra<br/>172.18.0.73"]
            DAU["Auth<br/>172.18.0.74"]
            DAG["Agent<br/>host network"]
        end
        
        subgraph NetDisco["NetDisco"]
            NDW["Web<br/>172.18.0.41"]
            NDB["Backend<br/>172.18.0.42"]
        end
    end

    subgraph DevOps["DevOps Stack"]
        GIT["Gitea<br/>172.18.0.31"]
        WPS["Woodpecker Server<br/>172.18.0.32"]
        WPA["Woodpecker Agent<br/>172.18.0.33"]
    end

    PG --> NB
    PG --> GIT
    PG --> NDW
    PG --> DRE
    PG --> DHY
    RD --> DIN
    RD --> DRE
    RD --> NBW
    NBC --> NB
    
    DAG -->|gRPC| DI
    DI --> DIN
    DIN --> RD
    DRE --> NB
    NDB --> NDW

DNS Architecture

flowchart TB
    subgraph External["External Access"]
        DOH1["DoH: dns.xtrm-lab.org"]
        DOT1["DoT: dns.xtrm-lab.org:853"]
        DOH2["DoH: dns2.xtrm-lab.org"]
        DOT2["DoT: dns2.xtrm-lab.org:853"]
    end

    subgraph MikroTik["MikroTik Router"]
        NAT["NAT: 53 → 5355"]
        AGH1["AdGuard Home<br/>PRIMARY"]
    end

    subgraph Unraid["Unraid Server"]
        AGH2["AdGuard Home<br/>SECONDARY"]
    end

    subgraph Sync["Configuration Sync"]
        AGHSYNC["adguardhome-sync<br/>Every 30 min"]
    end

    subgraph Upstream["Upstream DNS"]
        Q9["Quad9 DoH"]
    end

    DOH1 --> AGH1
    DOT1 --> AGH1
    DOH2 --> AGH2
    DOT2 --> AGH2
    NAT --> AGH1
    AGH1 --> Q9
    AGH2 --> Q9
    AGH1 <-.->|sync| AGHSYNC
    AGHSYNC <-.->|sync| AGH2

Container Summary

Shared Services

Container IP Purpose Consumers
postgresql17 172.18.0.13 PostgreSQL 17 NetBox, Gitea, NetDisco, Authentik, Diode
Redis 172.18.0.14 Redis Queue Diode, NetBox Worker

Network Inventory (NetBox & Discovery)

Container IP Purpose
netbox 172.18.0.61 Web UI
netbox-worker 172.18.0.62 Background tasks
netbox-redis-cache 172.18.0.64 Query cache
diode-ingress 172.18.0.70 API Gateway (nginx)
diode-ingester 172.18.0.71 Data ingestion
diode-reconciler 172.18.0.72 NetBox sync
diode-hydra 172.18.0.73 OAuth2 (Ory Hydra)
diode-auth 172.18.0.74 Token service
diode-agent host Network scanner
netdisco-web 172.18.0.41 Web UI
netdisco-backend 172.18.0.42 SNMP poller

Infrastructure

Container IP Purpose
traefik 172.18.0.3 Reverse proxy
dockersocket - Docker socket proxy
adguardhome 192.168.31.4 DNS (Secondary)
adguardhome-sync 172.18.0.65 Config sync

DevOps

Container IP Purpose
gitea 172.18.0.31 Git hosting
woodpecker-server 172.18.0.32 CI/CD server
woodpecker-agent 172.18.0.33 CI/CD agent

Security

Container IP Purpose
authentik 172.18.0.11 Identity provider
authentik-worker - Background tasks
vaultwarden 172.18.0.15 Password manager

Monitoring

Container IP Purpose
UptimeKuma 172.18.0.20 Uptime monitoring
Uptime-Kuma-API 172.18.0.18 REST API
AutoKuma 172.18.0.19 Auto-monitor creation
NetAlertX - Network alerting
speedtest-tracker - Speed tests

RAM Usage (as of 2026-01-23)

Total: 15GB | Used: 12GB (80%) | Available: 2.7GB

Container RAM %
unimus 1.62 GB 10.5%
karakeep 664 MB 4.2%
netdisco-web 534 MB 3.4%
n8n 293 MB 1.9%
netdisco-backend 281 MB 1.8%
netbox-worker 230 MB 1.5%
plex 161 MB 1.0%
postgresql17 136 MB 0.9%
All others <130 MB each <1%

Removed Services (2026-01-23)

The following services were removed as redundant (AdGuard Home provides DoH/DoT natively):

Service Reason
Unbound AdGuard uses upstream DoH directly
DoH-Server AdGuard has built-in DoH
stunnel-dot AdGuard has built-in DoT
Pangolin Not in use

External URLs

Service URL
Dashboard https://xtrm-lab.org
Traefik https://traefik.xtrm-lab.org
Authentik https://auth.xtrm-lab.org
Gitea https://git.xtrm-lab.org
Woodpecker CI https://ci.xtrm-lab.org
NetBox https://netbox.xtrm-lab.org
NetDisco https://netdisco.xtrm-lab.org
Uptime Kuma https://uptime.xtrm-lab.org
Plex https://plex.xtrm-lab.org
Nextcloud https://cloud.xtrm-lab.org
Vaultwarden https://vault.xtrm-lab.org
DNS (Primary) dns.xtrm-lab.org (MikroTik)
DNS (Secondary) dns2.xtrm-lab.org (Unraid)

FolderView2 Categories

Category Containers
Infrastructure traefik, dockersocket, adguardhome, adguardhome-sync
Security authentik, authentik-worker, vaultwarden
Monitoring UptimeKuma, Uptime-Kuma-API, AutoKuma, NetAlertX, speedtest-tracker
DevOps gitea, woodpecker-server, woodpecker-agent, postgresql17, Redis
Media plex, Libation, transmission
Storage/Backup rustfs, UrBackup, TimeMachine, Nextcloud
Productivity actual-budget, n8n, karakeep, homarr
Smart Home HomeAssistant_inabox
Remote Access rustdesk-hbbs, rustdesk-hbbr
Management portainer, unimus
Network Inventory netbox, netbox-worker, netbox-redis-cache, diode-, netdisco-
Reference in New Issue View Git Blame Copy Permalink