jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ec9659d0cb5692f5e03c31b792978a28f70bd8fb
infrastructure/docs/01-NETWORK-MAP.md
Kaloyan Danchev ec9659d0cb
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
Restructure docs: archive VLAN migration, update IPs to VLAN 10 
Major documentation cleanup after VLAN migration completion:
- Archive 12 VLAN project docs to archive/vlan-migration/
- Archive 5 done WIP docs (VLAN proposals, AI stack, Fossorial, DNS backup)
- Create standing reference docs 08-DNS-ARCHITECTURE and 09-TAILSCALE-VPN
- Renumber docs to clean 01-09 sequence with merged CHANGELOG
- Update all active docs from stale 192.168.31.x to current VLAN 10 IPs
- Fix CSS1 (.10.9→.10.3) and ZX1 (.10.7→.10.4) IPs in hardware inventory
- Clean 06-VLAN-DEVICE-ASSIGNMENT: remove migration columns/sections, fix VLAN 25 subnet

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 12:45:16 +02:00

10 KiB
Raw Blame History

Network Map - xtrm-lab.org

Last Updated: 2026-02-06 Domain: xtrm-lab.org WAN IP: 62.73.120.142

Quick Reference

Resource Address
Dashboard https://xtrm-lab.org
DNS Primary dns.xtrm-lab.org (HAP1)
DNS Secondary dns2.xtrm-lab.org (XTRM-U)
Unraid SSH ssh -i ~/.ssh/id_ed25519_unraid root@192.168.10.20 -p 422
MikroTik SSH ssh -i ~/.ssh/mikrotik_key -p 2222 xtrm@192.168.10.1

Network Topology

flowchart TB
    subgraph Internet["Internet"]
        ISP["IGP Fiber Gateway<br/>(Vivacom)<br/>62.73.120.x"]
    end

    subgraph Rack19["19&quot; Rack (3U)"]
        HAP1["HAP1 | hAP ax³<br/>192.168.10.1"]
        PP1["PP1 | 24-port"]
        CSS1["CSS1 | CSS326-24G-2S+<br/>192.168.10.3"]
    end

    subgraph Rack10["10&quot; Rack (9U)"]
        ZX1["ZX1 | ZX-SWTGW218AS<br/>192.168.10.4"]
        PP2["PP2 | 12-port"]
        XTRMU["XTRM-U<br/>192.168.10.20"]
    end

    subgraph Wireless["WiFi"]
        CAP["CAP | cAP XL ac<br/>192.168.10.6"]
    end

    ISP -->|"ether1 WAN"| HAP1
    HAP1 -->|"ether2"| CAP
    HAP1 -->|"ether3"| CSS1
    HAP1 -->|"ether4"| XTRMU
    HAP1 -->|"ether5"| DELL["Dell Monitor<br/>192.168.10.100"]
    ZX1 <-->|"⚡ 10G SFP+ ⚡"| CSS1
    CSS1 -->|"Ports 16-24"| PP1

Physical Infrastructure

Rack Layout

10" Rack (9U)

U Device Model IP Notes
U9 Shelf + ISP Gateway Vivacom ONT 62.73.120.2 WAN
U8 PP2 10" 12-port Cat6a - Patch panel
U7 Shelf + ZX1 ZX-SWTGW218AS 192.168.10.4 8x2.5G + 2x10G SFP+
U6 (empty) - - Reserved for XTRM-N1
U1-U4 XTRM-U NAS Server 192.168.10.20 4x 2.5GbE bond

19" Rack (3U)

U Device Model IP Notes
U3 Shelf + HAP1 hAP ax³ 192.168.10.1 Router + WiFi controller
U2.5 PP1 19" 24-port Cat6a - Room connections
U1 CSS1 CSS326-24G-2S+ 192.168.10.3 24x1G + 2x10G SFP+

HAP ax³ Port Assignments

Port Connected To VLAN Notes
ether1 ISP Gateway WAN Vivacom ONT
ether2 CAP XL ac 10 (trunk) Access Point
ether3 CSS326-24G-2S+ 10 (trunk) Distribution Switch
ether4 XTRM-U (Unraid) 10 Main Server
ether5 Dell Monitor LAN 10 Kaloyan workstation

Backbone Links

Link From To Speed Type
Primary ZX1-SFP1 CSS1-SFP1 10G SFP+ DAC
Router→CAP HAP1 ether2 CAP XL ac 1G Cat6a
Router→Dist HAP1 ether3 CSS1-1 1G Cat6a
Router→Server HAP1 ether4 XTRM-U 1G Cat6a
Router→Dell HAP1 ether5 Dell Monitor 1G Cat6a

IP Address Allocation

VLAN Summary

VLAN Subnet Gateway Purpose
10 192.168.10.0/24 192.168.10.1 Management
20 192.168.20.0/24 192.168.20.1 Trusted
25 192.168.25.0/24 192.168.25.1 Kids
30 192.168.30.0/24 192.168.30.1 IoT
40 192.168.1.0/24 192.168.1.1 CatchAll

VLAN 10 - Infrastructure Devices

IP Device Type
192.168.10.1 HAP1 | hAP ax³ Router
192.168.10.3 CSS1 | CSS326-24G-2S+ Switch
192.168.10.4 ZX1 | ZX-SWTGW218AS Switch
192.168.10.6 CAP | cAP XL ac Access Point
192.168.10.10 AdGuard Home (Unraid macvlan) DNS Secondary
192.168.10.20 XTRM-U Server
192.168.10.200 NanoKVM Remote KVM

For complete device-to-VLAN mapping, see 06-VLAN-DEVICE-ASSIGNMENT.md.

Docker Networks

HAP1 (MikroTik Router)

Network: 172.17.0.0/24 (veth)

Container IP Purpose
AdGuard Home 172.17.0.2 DNS Primary (DoH/DoT/DoQ)
Tailscale 172.17.0.3 VPN mesh

XTRM-U (Unraid Server)

dockerproxy (172.18.0.0/16)

Static IP Assignments:

Range Purpose
172.18.0.2-10 Core Infrastructure
172.18.0.11-15 Security
172.18.0.16-30 Productivity
172.18.0.31-40 DevOps
172.18.0.41-50 NetDisco
172.18.0.61-69 NetBox
172.18.0.70-79 Diode Discovery

Core Infrastructure (172.18.0.2-10)

IP Container Purpose
172.18.0.2 dockersocket Docker socket proxy
172.18.0.3 traefik Reverse proxy
172.18.0.4 homarr Dashboard

Security (172.18.0.11-15)

IP Container Purpose
172.18.0.11 authentik Identity provider
172.18.0.12 authentik-worker Background tasks
172.18.0.13 postgresql17 Shared database
172.18.0.14 Redis Shared cache/queue
172.18.0.15 vaultwarden Password manager

Productivity (172.18.0.16-30)

IP Container Purpose
172.18.0.16 actual-budget Budget tracking
172.18.0.17 n8n Workflow automation
172.18.0.18 Uptime-Kuma-API Monitoring API
172.18.0.19 AutoKuma Auto-monitor
172.18.0.20 UptimeKuma Uptime monitoring
172.18.0.21 speedtest-tracker Speed tests
172.18.0.23 Libation Audiobooks
172.18.0.24 Nextcloud Cloud storage
172.18.0.25 karakeep Bookmarks
172.18.0.26 transmission Torrent
172.18.0.27 adguardhome-sync DNS sync

DevOps (172.18.0.31-40)

IP Container Purpose
172.18.0.31 gitea Git server
172.18.0.32 woodpecker-server CI/CD server
172.18.0.33 woodpecker-agent CI/CD agent

NetDisco (172.18.0.41-50)

IP Container Purpose
172.18.0.41 netdisco-web Web UI
172.18.0.42 netdisco-backend SNMP poller

NetBox (172.18.0.61-69)

IP Container Purpose
172.18.0.61 netbox Web UI (DCIM/IPAM)
172.18.0.62 netbox-worker Background tasks
172.18.0.64 netbox-redis-cache Query cache

Diode Discovery (172.18.0.70-79)

IP Container Purpose
172.18.0.70 diode-ingress API Gateway
172.18.0.71 diode-ingester Data ingestion
172.18.0.72 diode-reconciler NetBox sync
172.18.0.73 diode-hydra OAuth2
172.18.0.74 diode-auth Token service

Host Network Containers

Container Purpose
plex Media server (:32400)
unimus Network config backup
UrBackup Backup server
NetAlertX Network scanner
HomeAssistant Home automation

Bridge Network (172.17.0.0/16)

Container Purpose
portainer Container management
rustdesk-hbbs RustDesk signaling
rustdesk-hbbr RustDesk relay

Port Forwarding (NAT)

External Port Destination Service
80 192.168.10.20:8001 Traefik HTTP
443 192.168.10.20:44301 Traefik HTTPS
32400 192.168.10.20:32400 Plex
51413 192.168.10.20:51413 Transmission
21115-21119 192.168.10.20 RustDesk

Hairpin NAT (internal access to WAN IP)

Destination To Service
62.73.120.142:80 192.168.10.20:8001 Traefik HTTP
62.73.120.142:443 192.168.10.20:44301 Traefik HTTPS

AdGuard DNS (pending - not configured yet)

External Port Destination Service
853 172.17.0.2:853 AdGuard DoT
8853 172.17.0.2:8853 AdGuard DoQ

DNS Architecture

flowchart TB
    subgraph External["External Access"]
        DOH["DoH: dns.xtrm-lab.org"]
        DOT["DoT: dns.xtrm-lab.org:853"]
    end

    subgraph HAP1["HAP1 (Primary)"]
        AGH1["AdGuard Home<br/>172.17.0.2"]
    end

    subgraph XTRMU["XTRM-U (Secondary)"]
        AGH2["AdGuard Home<br/>192.168.10.10"]
    end

    subgraph Sync["Sync"]
        SYNC["adguardhome-sync<br/>Every 30 min"]
    end

    DOH --> AGH1
    DOT --> AGH1
    AGH1 <-.->|sync| SYNC
    SYNC <-.->|sync| AGH2
    AGH1 --> Q9["Quad9 DoH"]
    AGH2 --> Q9

WiFi Networks

SSID Band Security Purpose
XTRM 5GHz WPA2/WPA3 Primary devices
XTRM 2.4GHz WPA/WPA2 Legacy support
XTRM2 2.4GHz WPA/WPA2 IoT devices

CAPsMAN: HAP1 manages CAP access point

External URLs

Service URL
Dashboard https://xtrm-lab.org
Auth https://auth.xtrm-lab.org
Git https://git.xtrm-lab.org
CI/CD https://ci.xtrm-lab.org
NetBox https://netbox.xtrm-lab.org
Uptime https://uptime.xtrm-lab.org
Plex https://plex.xtrm-lab.org
Nextcloud https://cloud.xtrm-lab.org
Vault https://vault.xtrm-lab.org
NetDisco https://netdisco.xtrm-lab.org

CSS326 Port Assignments (Configured 2026-02-02)

Port Label Device/Room VLAN Notes
1 HAP-Trunk HAP Uplink Trunk 10,20,25,30 tagged
2 KVM-V10 NanoKVM 10 Management
3-15 - - 1 Available
16 Kids-B1 Boys Room 25 Family VLAN
17 Kids-B2 Boys Room 25 Family VLAN
18 Kids-G1 Girls Room 25 Family VLAN
19 Main-M1 Main Bedroom 20 Trusted VLAN
20 Main-M2 Main Bedroom 20 Trusted VLAN
21 Main-M3 Main Bedroom 20 Trusted VLAN
22 LR-L1 Living Room 30 IoT VLAN
23 LR-L2 Living Room 30 IoT VLAN (Settop box)
24 LR-L3 Living Room 30 IoT VLAN
SFP1 ZX1-10G ZX1 Switch Trunk 10G Backbone
SFP2 - - 1 Available

Room Outlets

Room Outlets Switch Ports VLAN Status
Living Room L1, L2, L3 CSS1-22/23/24 30 Active
Main Bedroom M1, M2, M3 CSS1-19/20/21 20 Active
Boys Room B1, B2 CSS1-17/18 25 Active
Girls Room G1 CSS1-16 25 Active
Corridor C1 (CAP) HAP1 ether2 10 Active

Shared Databases

PostgreSQL 17 (172.18.0.13)

Database User Consumer
authentik_db authentik_user Authentik
netbox netbox_user NetBox
gitea gitea_user Gitea
netdisco_db netdisco_user NetDisco
diode diode_user Diode Reconciler
hydra hydra_user Diode Hydra

Redis (172.18.0.14)

Consumer Purpose
Authentik Session cache
NetBox Worker Task queue
Diode Ingestion queue
Reference in New Issue View Git Blame Copy Permalink