infrastructure/docs/06-CHANGELOG.md

2026-01-22 - NetBox Migration to Shared PostgreSQL

Database Consolidation

• [NETBOX] Migrated NetBox database to shared postgresql17
• [NETBOX] Created netbox_user and netbox database on postgresql17
• [NETBOX] Backed up and imported all NetBox data
• [NETBOX] Removed dedicated netbox-postgres container

Network Consolidation

• [NETBOX] Moved all NetBox containers to dockerproxy network
• [NETBOX] Assigned static IPs: netbox (172.18.0.61), worker (172.18.0.62), redis (172.18.0.63/64)
• [NETBOX] Removed unused netbox network (172.24.0.0/16)

Resource Savings

• Removed netbox-postgres container (~200-400MB RAM saved)
• Consolidated network infrastructure

---

2026-01-22 - Slurp'it Network Discovery Setup

SNMP Configuration

• [MIKROTIK] Enabled SNMP on router (192.168.31.1)
• [SNMP] Communities configured: public, netdisco
• [DISCOVERY] MikroTik router discovered via SNMP

Agent Service Account

• [UNRAID] Created agent user with SSH key access (port 422)
• [MIKROTIK-ROUTER] Created agent user with SSH key (port 2222)
• [MIKROTIK-AP] Created agent user with password auth (port 2222)
• [SWITCH] CSS326 uses SwOS - no SSH support

Slurp'it Configuration

• [SNMP] Added SNMP v2c credentials to vault (public, netdisco)
• [NETBOX] Enabled NetBox integration plugin
• [SCAN] Configured scan target: 192.168.31.0/24

Documentation

• [DOCS] Added Network Discovery section to 00-CURRENT-STATE.md
• [DOCS] Created AGENT-CREDENTIALS.md (gitignored)
• [DIAGRAM] Added INFRASTRUCTURE-DIAGRAM.md with complete topology

---

2026-01-22 - MikroTik DNS Migration to AdGuard Home

Pi-hole Removal from MikroTik

• [CONTAINER] Removed Pi-hole container from MikroTik
• [STORAGE] Freed internal flash storage

2026-01-22 - AdGuard Home Migration Complete

MikroTik AdGuard Home - Persistence Fix

• [CONTAINER] Fixed container persistence issue (root-dir on disk1, data on usb1)
• [CONFIG] Container now survives stop/start cycles
• [MOUNT] agh-work mount: usb1/adguard-home/work → /opt/adguardhome/work

Unraid AdGuard Home - Replaces Pi-hole

• [CONTAINER] Deployed AdGuard Home on br0 macvlan network
• [IP] 192.168.31.4 (same IP as Pi-hole was using)
• [STOPPED] binhex-official-pihole container stopped (not removed)
• [CONFIG] Same credentials and rules as MikroTik instance

Configuration Sync (Both Instances)

• [DNS] Upstream: Quad9 DoH (dns10.quad9.net)
• [TLS] Let's Encrypt wildcard cert for *.xtrm-lab.org
• [CLIENTS] 6 clients configured with MAC addresses
• [RULES] Custom filtering rules for SentinelOne, Jamf

Documentation

• [DOCS] Updated 00-CURRENT-STATE.md with Mermaid diagrams
• [DIAGRAM] Added network topology and DNS architecture diagrams

---

• [CLEANUP] Removed Pi-hole mounts, envs, and data

AdGuard Home Installation (Multiple Attempts)

• [ISSUE] MikroTik container root directory disappears on stop (bug)
• [WORKAROUND] Use DNS port 5355 to avoid stats.db creation error
• [CONTAINER] Final working config: usb1/agh2 root-dir, no mounts
• [VERSION] AdGuard Home v0.107.71

Configuration Applied via API

• [BLOCKLISTS] StevenBlack Hosts, Hagezi Pro, Hagezi NSFW
• [RULES] Custom blocks: SentinelOne, Jamfcloud domains
• [CLIENTS] 6 devices migrated from Pi-hole
• [TLS] Let's Encrypt wildcard cert (*.xtrm-lab.org)

Encrypted DNS Services

• [DOH] Port 443 - Active
• [DOT] Port 853 - Active
• [DOQ] Port 8853 - Active
• [SERVER] dns.xtrm-lab.org

NAT Rules Updated

• [NAT] DNS Force: 53 → 172.17.0.5:5355 (UDP/TCP)
• [NAT] Web UI: 80 → 172.17.0.5:80
• [NAT] DoT: 853 → 172.17.0.5:853
• [NAT] DoH: 443 → 172.17.0.5:443

Migration Data Saved

• [FILE] /mnt/user/appdata/adguard-migration.json
• [DATA] Blocklists, rules, clients for future Unraid migration

Known Issues

• [BUG] MikroTik container root-dir disappears on stop - DO NOT RESTART
• [INCOMPATIBLE] nebula-sync crash-looping (Pi-hole ↔ AdGuard incompatible)

---

2026-01-21 - Rclone & Cloud Backup Setup

Rclone Installation & Configuration

• [SERVICE] Installed rclone on Unraid
• [CONFIG] Configured Google Drive remote (drive:)
• [SYNC] Initial sync completed for backup folders

Flash Backup Updates

• [SCRIPT] Updated flash-backup script output path
• [PATH] Changed from /mnt/user/backup/unraid-flash to /mnt/user/Backup/unraid-flash
• [SYNC] Synced to drive:Backups/unraid-flash (371 MiB)

---

2026-01-21 - Pi-hole Version Sync Automation

MikroTik Pi-hole Update

• [CONTAINER] Updated MikroTik Pi-hole to v6.4.1 (matching Unraid)
• [CONFIG] Enabled FTLCONF_webserver_api_app_sudo=true for nebula-sync
• [FIX] Resolved nebula-sync crash loop (was failing with HTTP 400)

Version Sync Script

• [SCRIPT] Created pihole-version-sync User Script
• [SCHEDULE] Runs daily at 4:00 AM
• [PATH] /boot/config/plugins/user.scripts/scripts/pihole-version-sync/

---

2026-01-19 - Phase 8 Enhanced Network Mapping

MikroTik DHCP Sync

• [SCRIPT] Created mikrotik_dhcp_to_netbox.sh
• [SYNC] 29 DHCP leases synced to NetBox IPs

Slurpit Plugin Installation

• [PLUGIN] Installed slurpit_netbox v1.2.7
• [CONFIG] Plugin configuration at /mnt/user/appdata/netbox/config/plugins.py

---

2026-01-18 - Phase 7 Gitea & Woodpecker CI

Gitea Setup

• [SERVICE] gitea container deployed
• [URL] https://git.xtrm-lab.org
• [AUTH] Integrated with Authentik OAuth2

Woodpecker CI

• [SERVICE] woodpecker-server and woodpecker-agent deployed
• [URL] https://ci.xtrm-lab.org
• [AUTH] Integrated with Gitea OAuth2

---

Previous Changes

See git history for earlier changes.