deprecate TrueNAS: migrate Immich NFS to Proxmox, remove all 10.0.10.15 references [ci skip]

- Migrate Immich (8 NFS PVs, 1.1TB) from TrueNAS to Proxmox host NFS
- Update config.tfvars nfs_server to 192.168.1.127 (Proxmox)
- Update nfs-csi StorageClass share to /srv/nfs
- Update scripts (weekly-backup, cluster-healthcheck) to Proxmox IP
- Delete obsolete TrueNAS scripts (nfs_exports.sh, truenas-status.sh)
- Rewrite nfs-health.sh for Proxmox NFS monitoring
- Update Freedify nfs_music_server default to Proxmox
- Mark CloudSync monitor CronJob as deprecated
- Update Prometheus alert summaries
- Update all architecture docs, AGENTS.md, and reference docs
- Zero PVs remain on TrueNAS — VM ready for decommission

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.claude/reference/patterns.md

@@ -3,29 +3,28 @@
 Reference file for patterns, procedures, and tables. Read on demand when the specific topic comes up.
 
 ## NFS Volume Pattern
-Use the `nfs_volume` shared module for all NFS volumes (CSI-backed, `soft,timeo=30,retrans=3`):
+Use the `nfs_volume` shared module for all NFS volumes (creates static PVs, CSI-backed, `soft,timeo=30,retrans=3`):
 ```hcl
 module "nfs_data" {
   source     = "../../modules/kubernetes/nfs_volume"  # ../../../../ for platform modules, ../../../ for sub-stacks
   name       = "<service>-data"       # Must be globally unique (PV is cluster-scoped)
   namespace  = kubernetes_namespace.<service>.metadata[0].name
-  nfs_server = var.nfs_server
-  nfs_path   = "/mnt/main/<service>"
+  nfs_server = var.nfs_server          # 192.168.1.127 (Proxmox host)
+  nfs_path   = "/srv/nfs/<service>"    # HDD NFS, or "/srv/nfs-ssd/<service>" for SSD
 }
 # In pod spec: persistent_volume_claim { claim_name = module.nfs_data.claim_name }
 ```
+**Note**: Some legacy PVs still reference `/mnt/main/<service>` paths (from the TrueNAS era). These work via compatibility on the Proxmox host. New PVs should use `/srv/nfs/` or `/srv/nfs-ssd/`.
 **DO NOT use inline `nfs {}` blocks** — they mount with `hard,timeo=600` defaults which hang forever.
 
 ## Adding NFS Exports
-1. Create dir on TrueNAS: `ssh root@10.0.10.15 "mkdir -p /mnt/main/<service> && chmod 777 /mnt/main/<service>"`
-2. Edit `secrets/nfs_directories.txt` — add path, keep sorted
-3. Run `secrets/nfs_exports.sh` from `secrets/`
-4. If any path doesn't exist on TrueNAS, the API rejects the entire update.
+1. Create dir on Proxmox host: `ssh root@192.168.1.127 "mkdir -p /srv/nfs/<service> && chmod 777 /srv/nfs/<service>"`
+2. Edit `/etc/exports` on the Proxmox host — add the export entry
+3. Reload exports: `ssh root@192.168.1.127 "exportfs -ra"`
+4. Verify: `showmount -e 192.168.1.127`
 
-## iSCSI Storage (Databases)
-**StorageClass**: `iscsi-truenas` (democratic-csi, `freenas-iscsi` SSH driver — NOT `freenas-api-iscsi`).
-Used by: PostgreSQL (CNPG), MySQL (InnoDB Cluster). ZFS: `main/iscsi` (zvols), `main/iscsi-snaps`.
-All K8s nodes have `open-iscsi` + `iscsid` running.
+## ~~iSCSI Storage~~ (REMOVED — replaced by proxmox-lvm)
+> iSCSI via democratic-csi and TrueNAS has been fully removed (2026-04). All database storage now uses `StorageClass: proxmox-lvm` (Proxmox CSI, LVM-thin hotplug). TrueNAS has been decommissioned.
 
 ## Anti-AI Scraping (5-Layer Defense)
 Default `anti_ai_scraping = true` in ingress_factory. Disable per-service: `anti_ai_scraping = false`.

.claude/reference/proxmox-inventory.md

@@ -8,30 +8,10 @@
 - **RAM**: 272 GB DDR4-2400 ECC RDIMM (10 DIMMs, see Memory Layout below)
 - **GPU**: NVIDIA Tesla T4 (PCIe passthrough to k8s-node1)
 - **iDRAC**: 192.168.1.4 (root/calvin)
-- **Disks**: 1.1TB RAID1 SAS (unused) + 931GB Samsung SSD + 10.7TB RAID1 HDD
+- **Disks**: 1.1TB RAID1 SAS (backup) + 931GB Samsung SSD + 10.7TB RAID1 HDD
+- **NFS server**: Proxmox host serves NFS directly. HDD NFS: `/srv/nfs` on ext4 LV `pve/nfs-data` (2TB). SSD NFS: `/srv/nfs-ssd` on ext4 LV `ssd/nfs-ssd-data` (100GB). TrueNAS (10.0.10.15) decommissioned.
 - **Proxmox access**: `ssh root@192.168.1.127`
 
-## NFS Exports (Proxmox Host)
-
-The Proxmox host serves NFS for all workloads except Immich (which remains on TrueNAS).
-
-### HDD NFS
-- **LV**: `pve/nfs-data` (thin LV, 1TB)
-- **Filesystem**: ext4 (chosen over btrfs — btrfs CoW on LVM thin = double-CoW problem)
-- **Mount**: `/srv/nfs` with `noatime,commit=30`
-- **Export**: `/srv/nfs *(rw,no_subtree_check,no_root_squash,insecure,fsid=0)`
-
-### SSD NFS
-- **LV**: `ssd/nfs-ssd-data` (100GB)
-- **Filesystem**: ext4
-- **Mount**: `/srv/nfs-ssd` with `noatime,commit=30`
-- **Export**: `/srv/nfs-ssd *(rw,no_subtree_check,no_root_squash,insecure,fsid=1)`
-- **Current users**: Ollama (migrated from TrueNAS SSD `/mnt/ssd/ollama`)
-
-### Notes
-- `insecure` option required: pfSense NATs source ports >1024 when routing between VLANs
-- 21 stacks migrated from TrueNAS, only Immich (8 PVCs) remains on TrueNAS
-
 ## Memory Layout (updated 2026-04-01)
 
 ### Physical DIMM Slot Map
@@ -97,10 +77,10 @@ Channel 3:  A4 [32G] ──── A8 [32G]  ──── A12[ 8G ]     = 72 GB
 
 ## Network Topology
 ```
-10.0.10.0/24 - Management: Wizard (10.0.10.10), TrueNAS NFS (10.0.10.15)
+10.0.10.0/24 - Management: Wizard (10.0.10.10)
 10.0.20.0/24 - Kubernetes: pfSense GW (10.0.20.1), Registry (10.0.20.10),
                k8s-master (10.0.20.100), DNS (10.0.20.101), MetalLB (10.0.20.102-200)
-192.168.1.0/24 - Physical: Proxmox (192.168.1.127, NFS server for k8s)
+192.168.1.0/24 - Physical: Proxmox (192.168.1.127)
 ```
 
 ## Network Bridges
@@ -122,7 +102,7 @@ Channel 3:  A4 [32G] ──── A8 [32G]  ──── A12[ 8G ]     = 72 GB
 | 204 | k8s-node4 | running | 8 | 24GB | vmbr1:vlan20 | 256G | Worker |
 | 220 | docker-registry | running | 4 | 4GB | vmbr1:vlan20 | 64G | MAC DE:AD:BE:EF:22:22 (10.0.20.10) |
 | 300 | Windows10 | running | 16 | 8GB | vmbr0 | 100G | Windows VM |
-| 9000 | truenas | running | 16 | 8GB | vmbr1:vlan10 | 32G+7x256G+1T | NFS (10.0.10.15) — Immich only |
+| ~~9000~~ | ~~truenas~~ | **stopped/decommissioned** | — | — | — | — | NFS migrated to Proxmox host (192.168.1.127) at `/srv/nfs` and `/srv/nfs-ssd` |
 
 **Total VM RAM allocated**: 180 GB of 272 GB (66%) — 92 GB free for future VMs