[infra] TrueNAS decommission — remove active references from Terraform + configs

TrueNAS VM 9000 at 10.0.10.15 was operationally decommissioned 2026-04-13.
The subagent-driven doc sweep in 5a0b24f5 covered the prose. This commit
removes the remaining in-code references:

- reverse-proxy: drop truenas Traefik ingress + Cloudflare record
  (truenas.viktorbarzin.me was 502-ing since the VM stopped), drop
  truenas_homepage_token variable.
- config.tfvars: drop deprecated `truenas IN A 10.0.10.15`, `iscsi CNAME
  truenas`, and the commented-out `iscsi`/`zabbix` A records.
- dashy/conf.yml: remove Truenas dashboard entry (&ref_28).
- monitoring/loki.yaml: change storageClass from the decommissioned
  `iscsi-truenas` to `proxmox-lvm` so a future re-enable has a valid SC
  (Loki is currently disabled).
- actualbudget/main.tf + freedify/main.tf: update new-deployment
  docstrings to cite Proxmox host NFS instead of TrueNAS.
- nfs-csi: add an explanatory comment to the `nfs-truenas` StorageClass
  noting the name is historical — 48 bound PVs reference it, SC names
  are immutable on PVs, rename not worth the churn.

Also cleaned out-of-band:
- Technitium DNS: deleted `truenas.viktorbarzin.lan` A and
  `iscsi.viktorbarzin.lan` CNAME records.
- Vault: `secret/viktor` → removed `truenas_api_key` and
  `truenas_ssh_private_key`; `secret/platform.homepage_credentials.reverse_proxy.truenas_token` removed.
- Terraform-applied: `scripts/tg apply -target=module.reverse-proxy.module.truenas`
  destroyed the 3 K8s/Cloudflare resources cleanly.

Deferred:
- VM 9000 is still stopped on PVE. Deletion (destructive) awaits explicit
  user go-ahead.
- `nfs-truenas` StorageClass name retained (see nfs-csi comment above).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

stacks/reverse-proxy/modules/reverse_proxy/main.tf

@@ -2,7 +2,6 @@
 # outside of K8S but would be nice to use the Nginx-ingress
 
 variable "tls_secret_name" {}
-variable "truenas_homepage_token" {}
 variable "pfsense_homepage_token" {}
 variable "haos_homepage_token" {
   type      = string
@@ -126,31 +125,6 @@ module "tp-link-gateway" {
   extra_annotations  = { "gethomepage.dev/enabled" = "false" }
 }
 
-# https://truenas.viktorbarzin.me/
-module "truenas" {
-  source          = "./factory"
-  dns_type        = "proxied"
-  name            = "truenas"
-  external_name   = "truenas.viktorbarzin.lan"
-  port            = 80
-  tls_secret_name = var.tls_secret_name
-  max_body_size   = "0m"
-
-  extra_annotations = {
-    "gethomepage.dev/enabled" : "true"
-    "gethomepage.dev/description" : "TrueNAS"
-    "gethomepage.dev/group" : "Infrastructure"
-    "gethomepage.dev/icon" : "truenas.png"
-    "gethomepage.dev/name" : "TrueNAS"
-    "gethomepage.dev/widget.type" : "truenas"
-    "gethomepage.dev/widget.url" : "https://truenas.viktorbarzin.lan"
-    "gethomepage.dev/widget.key" : var.truenas_homepage_token
-    # "gethomepage.dev/widget.enablePools" : "true"
-    # "gethomepage.dev/pod-selector" : ""
-  }
-  depends_on = [kubernetes_namespace.reverse-proxy]
-}
-
 # https://proxmox.viktorbarzin.me/
 module "proxmox" {
   source           = "./factory"