docs: comprehensive update — bring all Agent OS docs current for LLM onboarding

All files were 5-7 weeks stale. Updated brain.md (complete service/agent/VPN/cron
inventory), identity.md (current expertise + infra context), CLAUDE.md (full agent
ecosystem table, Citadel tool registry, gotchas), README.md (LLM quick-start guide),
all memory files (current projects, decisions, constraints, persistent facts), and
infra-monitor skill.md (current container list with criticality tiers).

Also fixed: git remote switched from HTTP+embedded-token to SSH, removed references
to decommissioned services (Netbird, WireGuard, Flowise, Zabbix), corrected Ollama
IP (172.27.40.20), TrueNAS IP (172.27.40.220), and added 20+ services/agents that
were built since the last commit.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

memory/active-projects.md

@@ -1,7 +1,7 @@
 # Active Projects
 
 Current in-flight work. Update at the end of each session.
-Last updated: 2026-05-16
+Last updated: 2026-06-19
 
 ---
 
@@ -12,8 +12,8 @@ Phases 1 (NFS + mount) and 2 (identity interview) are complete.
 **Phase 3 goal:** Docker container state monitoring + system resources. Complements Varys (HTTP reachability) — do not duplicate.
 
 Pre-work before implementing:
-- [ ] Update `skills/infra-monitor/skill.md` — container list is stale (has Flowise, missing Open WebUI + all new agents: citadel, varys, bran, sam, raven, qyburn, hodor, searxng, monitoring, bni-scheduler, nocodb)
-- [ ] Correct Ollama URL in skill.md: now `http://172.27.40.20:11434` (moved from 172.27.6.139)
+- [ ] Update `skills/infra-monitor/skill.md` — container list is stale (references Flowise/Netbird, missing 20+ current services)
+- [ ] Correct Ollama URL in skill.md: now `http://172.27.40.20:11434` (moved from 172.27.6.139 → 172.27.40.20)
 - [ ] Decide implementation: Docker one-shot container (consistent with bran/varys pattern) vs host cron + shell script
 
 Implementation tasks:
@@ -26,23 +26,27 @@ Implementation tasks:
 - [ ] Hourly heartbeat cron on 172.27.40.3
 - [ ] Daily 07:00 full digest cron
 - [ ] Notification channel: Raven (confirmed live at http://raven-notify:8400)
-- [ ] Home Assistant integration (172.27.10.6) — optional, revisit after Phase 3
 
 ## Agent OS — Phase 5: Future Skills (Future)
-- backup-monitor: TrueNAS migrated to new hardware (172.27.40.220) — skill ready to build
-- Netbird/Headscale peer health: Netbird API at http://172.22.0.11:80/api/
+- backup-monitor: extend Tarly with deeper TrueNAS integration
 - Daily log digest: summarise /opt/agent-os/logs/ via Ollama
 
 ---
 
-## Gitea Documentation Repos
-- [x] nxm-infrastructure repo — Obsidian vault imported, CLAUDE.md added 2026-05-16
-- [x] nexum-projects repo — Obsidian vault imported (on Kubuntu)
-- [x] agent-os repo — scaffolding created, CLAUDE.md is global symlink
+## Active Infrastructure Projects
+
+| Project | Status | Next Step |
+|---|---|---|
+| **Monitoring** | bezhuis+mwp+coetzee alerts live | CPU/mem/WAN/ping Grafana rules pending |
+| **OpenVPN S2S** | bezhuis/mwp/coetzee DONE | fwlaw pending |
+| **Tarly Backup** | Hub working | bezhuis/mwp/coetzee API key fix (backup privilege) |
+| **Directus CRM** | LIVE, 12 clients seeded | Manual data enrichment (contacts, renewals) |
+| **InvenTree** | LIVE (testing) | SSL cert, production use |
+| **Mailcow** | MAIL-1+2 done | Blocked on Mimecast (MAIL-3→9) |
+| **Vexis** | nexum-private-customer-setup + office-install done | ESET/Evolve creds or standard-setup next |
+| **Maester Phase 2** | Phase 1 live | Hermes narrative + .docx generation |
 
 ---
 
-## Pending: Gitea SSH Key (security debt)
-Server remote uses HTTP with embedded token. Before rotating:
-1. Add SSH key for `nxm@172.27.40.3` to Gitea (Admin → Settings → SSH Keys)
-2. `cd /opt/agent-os && git remote set-url origin gitea-local:admin/agent-os.git`
+## Gitea SSH Key — DONE
+Server remote switched from HTTP+token to SSH (`gitea-local:admin/agent-os.git`) on 2026-06-19.