jazzymc/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ed17dea2d67dfb3d6ff76452f1468bbed5ca9f97
infrastructure/docs/00-CURRENT-STATE.md
XTRM-Unraid 7cf54805b5
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
Fix network map inconsistencies, add detailed topology diagram, document NetBox plugins 
- Fix ZX1-3 port reference (PP2-2, XU2)
- Fix CSS1-2 connection to KVM1
- Fix CSS326 PP1 port references (19-24)
- Fix CSS1-SFP1 to show ZX1 connection
- Fix CSS1-18 status (remove double check)
- Fix PP2 section title (U8)
- Add ZX1 to IP allocation table
- Regenerate topology diagram with backbone ports marked
- Add NetBox plugins documentation to current state
2026-01-25 09:28:55 +02:00

307 lines
8.3 KiB
Markdown
Raw Blame History

# Infrastructure Current State: xtrm-lab.org
## Document Updated: 2026-01-23
## Target Domain: xtrm-lab.org
---
## Network Topology Diagram
```mermaid
graph TB
subgraph Internet
WAN["WAN: 62.73.120.142"]
end
subgraph MikroTik["MikroTik hAP ax³ (192.168.31.1)"]
ROUTER["RouterOS 7.20.6"]
subgraph MK_Containers["Docker Containers"]
AGH_MK["AdGuard Home<br/>172.17.0.5:5355<br/>dns.xtrm-lab.org"]
TS["Tailscale<br/>172.17.0.4"]
end
end
subgraph Switch["CSS326-24G-2S+ (192.168.31.9)"]
SW["24-Port Managed Switch"]
end
subgraph AP["cAP ac (192.168.31.6)"]
WIFI["CAPsMAN AP"]
end
subgraph Unraid["Unraid Server (192.168.31.2)"]
subgraph SharedServices["Shared Services"]
POSTGRES["PostgreSQL 17<br/>172.18.0.13"]
REDIS["Redis<br/>172.18.0.14"]
end
subgraph Core["Core Services"]
TRAEFIK["Traefik<br/>172.18.0.3"]
HOMARR["Homarr<br/>172.18.0.4"]
end
subgraph Security["Security"]
AUTH["Authentik<br/>172.18.0.11"]
VAULT["Vaultwarden<br/>172.18.0.15"]
end
subgraph DNS_Unraid["DNS Services"]
AGH_UR["AdGuard Home<br/>192.168.31.4<br/>dns2.xtrm-lab.org"]
end
subgraph DevOps["DevOps"]
GITEA["Gitea<br/>172.18.0.31"]
WOODPECKER["Woodpecker CI<br/>172.18.0.32"]
end
subgraph NetBoxStack["Network Inventory"]
NETBOX["NetBox<br/>172.18.0.61"]
DIODE["Diode Stack<br/>172.18.0.70-74"]
NETDISCO["NetDisco<br/>172.18.0.41-42"]
end
end
WAN --> ROUTER
ROUTER --> AGH_MK
ROUTER --> SW
SW --> Unraid
SW --> AP
AGH_MK -.->|sync| AGH_UR
```
---
## Service Architecture Diagram
```mermaid
flowchart TB
subgraph SharedServices["Shared Infrastructure"]
PG[("PostgreSQL 17<br/>172.18.0.13")]
RD[("Redis<br/>172.18.0.14")]
end
subgraph NetBoxStack["Network Inventory Stack"]
NB["NetBox<br/>172.18.0.61"]
NBW["NetBox Worker<br/>172.18.0.62"]
NBC[("Redis Cache<br/>172.18.0.64")]
subgraph Diode["Diode Discovery"]
DI["Ingress<br/>172.18.0.70"]
DIN["Ingester<br/>172.18.0.71"]
DRE["Reconciler<br/>172.18.0.72"]
DHY["Hydra<br/>172.18.0.73"]
DAU["Auth<br/>172.18.0.74"]
DAG["Agent<br/>host network"]
end
subgraph NetDisco["NetDisco"]
NDW["Web<br/>172.18.0.41"]
NDB["Backend<br/>172.18.0.42"]
end
end
subgraph DevOps["DevOps Stack"]
GIT["Gitea<br/>172.18.0.31"]
WPS["Woodpecker Server<br/>172.18.0.32"]
WPA["Woodpecker Agent<br/>172.18.0.33"]
end
PG --> NB
PG --> GIT
PG --> NDW
PG --> DRE
PG --> DHY
RD --> DIN
RD --> DRE
RD --> NBW
NBC --> NB
DAG -->|gRPC| DI
DI --> DIN
DIN --> RD
DRE --> NB
NDB --> NDW
```
---
## DNS Architecture
```mermaid
flowchart TB
subgraph External["External Access"]
DOH1["DoH: dns.xtrm-lab.org"]
DOT1["DoT: dns.xtrm-lab.org:853"]
DOH2["DoH: dns2.xtrm-lab.org"]
DOT2["DoT: dns2.xtrm-lab.org:853"]
end
subgraph MikroTik["MikroTik Router"]
NAT["NAT: 53 → 5355"]
AGH1["AdGuard Home<br/>PRIMARY"]
end
subgraph Unraid["Unraid Server"]
AGH2["AdGuard Home<br/>SECONDARY"]
end
subgraph Sync["Configuration Sync"]
AGHSYNC["adguardhome-sync<br/>Every 30 min"]
end
subgraph Upstream["Upstream DNS"]
Q9["Quad9 DoH"]
end
DOH1 --> AGH1
DOT1 --> AGH1
DOH2 --> AGH2
DOT2 --> AGH2
NAT --> AGH1
AGH1 --> Q9
AGH2 --> Q9
AGH1 <-.->|sync| AGHSYNC
AGHSYNC <-.->|sync| AGH2
```
---
## Container Summary
### Shared Services
| Container | IP | Purpose | Consumers |
|-----------|-----|---------|-----------|
| postgresql17 | 172.18.0.13 | PostgreSQL 17 | NetBox, Gitea, NetDisco, Authentik, Diode |
| Redis | 172.18.0.14 | Redis Queue | Diode, NetBox Worker |
### Network Inventory (NetBox & Discovery)
| Container | IP | Purpose |
|-----------|-----|---------|
| netbox | 172.18.0.61 | Web UI |
| netbox-worker | 172.18.0.62 | Background tasks |
| netbox-redis-cache | 172.18.0.64 | Query cache |
| diode-ingress | 172.18.0.70 | API Gateway (nginx) |
| diode-ingester | 172.18.0.71 | Data ingestion |
| diode-reconciler | 172.18.0.72 | NetBox sync |
| diode-hydra | 172.18.0.73 | OAuth2 (Ory Hydra) |
| diode-auth | 172.18.0.74 | Token service |
| diode-agent | host | Network scanner |
| netdisco-web | 172.18.0.41 | Web UI |
| netdisco-backend | 172.18.0.42 | SNMP poller |
### Infrastructure
| Container | IP | Purpose |
|-----------|-----|---------|
| traefik | 172.18.0.3 | Reverse proxy |
| dockersocket | - | Docker socket proxy |
| adguardhome | 192.168.31.4 | DNS (Secondary) |
| adguardhome-sync | 172.18.0.65 | Config sync |
### DevOps
| Container | IP | Purpose |
|-----------|-----|---------|
| gitea | 172.18.0.31 | Git hosting |
| woodpecker-server | 172.18.0.32 | CI/CD server |
| woodpecker-agent | 172.18.0.33 | CI/CD agent |
### Security
| Container | IP | Purpose |
|-----------|-----|---------|
| authentik | 172.18.0.11 | Identity provider |
| authentik-worker | - | Background tasks |
| vaultwarden | 172.18.0.15 | Password manager |
### Monitoring
| Container | IP | Purpose |
|-----------|-----|---------|
| UptimeKuma | 172.18.0.20 | Uptime monitoring |
| Uptime-Kuma-API | 172.18.0.18 | REST API |
| AutoKuma | 172.18.0.19 | Auto-monitor creation |
| NetAlertX | - | Network alerting |
| speedtest-tracker | - | Speed tests |
---
## RAM Usage (as of 2026-01-23)
**Total: 15GB | Used: 12GB (80%) | Available: 2.7GB**
| Container | RAM | % |
|-----------|-----|---|
| unimus | 1.62 GB | 10.5% |
| karakeep | 664 MB | 4.2% |
| netdisco-web | 534 MB | 3.4% |
| n8n | 293 MB | 1.9% |
| netdisco-backend | 281 MB | 1.8% |
| netbox-worker | 230 MB | 1.5% |
| plex | 161 MB | 1.0% |
| postgresql17 | 136 MB | 0.9% |
| All others | <130 MB each | <1% |
---
## Removed Services (2026-01-23)
The following services were removed as redundant (AdGuard Home provides DoH/DoT natively):
| Service | Reason |
|---------|--------|
| Unbound | AdGuard uses upstream DoH directly |
| DoH-Server | AdGuard has built-in DoH |
| stunnel-dot | AdGuard has built-in DoT |
| Pangolin | Not in use |
---
## External URLs
| Service | URL |
|---------|-----|
| Dashboard | https://xtrm-lab.org |
| Traefik | https://traefik.xtrm-lab.org |
| Authentik | https://auth.xtrm-lab.org |
| Gitea | https://git.xtrm-lab.org |
| Woodpecker CI | https://ci.xtrm-lab.org |
| NetBox | https://netbox.xtrm-lab.org |
| NetDisco | https://netdisco.xtrm-lab.org |
| Uptime Kuma | https://uptime.xtrm-lab.org |
| Plex | https://plex.xtrm-lab.org |
| Nextcloud | https://cloud.xtrm-lab.org |
| Vaultwarden | https://vault.xtrm-lab.org |
| DNS (Primary) | dns.xtrm-lab.org (MikroTik) |
| DNS (Secondary) | dns2.xtrm-lab.org (Unraid) |
---
## FolderView2 Categories
| Category | Containers |
|----------|------------|
| Infrastructure | traefik, dockersocket, adguardhome, adguardhome-sync |
| Security | authentik, authentik-worker, vaultwarden |
| Monitoring | UptimeKuma, Uptime-Kuma-API, AutoKuma, NetAlertX, speedtest-tracker |
| DevOps | gitea, woodpecker-server, woodpecker-agent, postgresql17, Redis |
| Media | plex, Libation, transmission |
| Storage/Backup | rustfs, UrBackup, TimeMachine, Nextcloud |
| Productivity | actual-budget, n8n, karakeep, homarr |
| Smart Home | HomeAssistant_inabox |
| Remote Access | rustdesk-hbbs, rustdesk-hbbr |
| Management | portainer, unimus |
| Network Inventory | netbox, netbox-worker, netbox-redis-cache, diode-*, netdisco-* |
---
## NetBox Plugins (2026-01-25)
| Plugin | Purpose | Status |
|--------|---------|--------|
| netbox_diode_plugin | Diode network discovery integration | ✅ Active |
| nextbox_ui_plugin | Network topology visualization | ✅ Active |
| netbox_dns | DNS zone and record management | ✅ Active |
| netbox_inventory | Asset/inventory management | ✅ Active |
| netbox_interface_synchronization | Interface sync between devices | ✅ Active |
| netbox_routing | Routing protocol management (BGP, OSPF) | ✅ Active |
**Topology View:** https://netbox.xtrm-lab.org/plugins/nextbox-ui/topology/
Reference in New Issue View Git Blame Copy Permalink