truenas deprecation: migrate all non-immich storage to proxmox NFS

- Migrate 7 backup CronJobs to Proxmox host NFS (192.168.1.127) (etcd, mysql, postgresql, nextcloud, redis, vaultwarden, plotting-book) - Migrate headscale backup, ebook2audiobook, osm_routing to Proxmox NFS - Migrate servarr (lidarr, readarr, soulseek) NFS refs to Proxmox - Remove 79 orphaned TrueNAS NFS module declarations from 49 stacks - Delete stacks/platform/modules/ (27 dead module copies, 65MB) - Update nfs-truenas StorageClass to point to Proxmox (192.168.1.127) - Remove iscsi DNS record from config.tfvars - Fix woodpecker persistence config and alertmanager PV Only Immich (8 PVCs, ~1.4TB) remains on TrueNAS.
2026-04-12 14:35:39 +01:00 · 2026-04-12 14:35:39 +01:00 · 82b0f6c4cb
commit 82b0f6c4cb
parent 3246c4d112
193 changed files with 825 additions and 177172 deletions
--- a/stacks/vault/main.tf
+++ b/stacks/vault/main.tf
@ -21,6 +21,22 @@ module "tls_secret" {
  tls_secret_name = var.tls_secret_name
 }

+# NFS StorageClass pointing to Proxmox host (replaces nfs-truenas for vault)
+resource "kubernetes_storage_class" "nfs_proxmox" {
+  metadata {
+    name = "nfs-proxmox"
+  }
+  storage_provisioner    = "nfs.csi.k8s.io"
+  reclaim_policy         = "Retain"
+  volume_binding_mode    = "Immediate"
+  allow_volume_expansion = true
+  parameters = {
+    server = "192.168.1.127"
+    share  = "/srv/nfs"
+  }
+  mount_options = ["soft", "actimeo=5", "retrans=3", "timeo=30"]
+}
+
 resource "helm_release" "vault" {
  name             = "vault"
  namespace        = kubernetes_namespace.vault.metadata[0].name
@ -52,13 +68,13 @@ resource "helm_release" "vault" {
      dataStorage = {
        enabled      = true
        size         = "2Gi"
-        storageClass = "nfs-truenas" # NFS — iSCSI CSI driver not available on all nodes
+        storageClass = "nfs-proxmox" # Proxmox host NFS (was nfs-truenas)
      }

      auditStorage = {
        enabled      = true
        size         = "2Gi"
-        storageClass = "nfs-truenas" # NFS fine for append-only audit logs
+        storageClass = "nfs-proxmox" # Proxmox host NFS (was nfs-truenas)
      }

      standalone = { enabled = false }
@ -234,12 +250,12 @@ resource "vault_audit" "file" {

 # --- Raft Snapshot Backups ---

-module "vault_backup_nfs" {
+module "vault_backup_nfs_host" {
  source     = "../../modules/kubernetes/nfs_volume"
-  name       = "vault-backup"
+  name       = "vault-backup-host"
  namespace  = kubernetes_namespace.vault.metadata[0].name
-  nfs_server = var.nfs_server
-  nfs_path   = "/mnt/main/vault-backup"
+  nfs_server = "192.168.1.127"
+  nfs_path   = "/srv/nfs/vault-backup"
  storage    = "5Gi"
 }

@ -301,7 +317,7 @@ resource "kubernetes_cron_job_v1" "vault_backup" {
            volume {
              name = "backup-storage"
              persistent_volume_claim {
-                claim_name = module.vault_backup_nfs.claim_name
+                claim_name = module.vault_backup_nfs_host.claim_name
              }
            }
            volume {