# Brain

Core facts read by all skills. Keep under 1000 words. Update when infrastructure changes.
Last updated: 2026-04-30

---

## Infrastructure

**Primary server:** 172.27.40.3 — Ubuntu Server LTS, Docker host
**Kubuntu desktop:** 172.27.6.139 — NxM-AI, runs Ollama
**TrueNAS NAS:** 172.27.40.220 (Servers40), management: 172.27.6.221
**Firewall:** OPNsense at 172.27.6.1

**VLANs:**
| VLAN | Name | Subnet |
|---|---|---|
| 40 | Servers40 | 172.27.40.0/24 |
| 20 | Workshop20 | 172.27.20.0/24 |
| 10 | IoT10 | 172.27.10.0/24 |

## Key Services (172.27.40.3)

| Service | Port | URL |
|---|---|---|
| Portainer | 9443 | https://172.27.40.3:9443 |
| Nginx Proxy Manager | 80/81/443 | http://172.27.40.3:81 |
| Uptime Kuma | 3002 | http://172.27.40.3:3002 |
| Gitea | 3000 | https://git.nxm.co.za |
| Headscale | 8080 | https://headscale.nxm.co.za |
| Netbird | 3479/udp | https://netbird.nxm.co.za |
| Vaultwarden | 8222 | https://vault.nxm.co.za |
| Flowise | 3010 | http://172.27.40.3:3010 |
| Plane | 8095 | https://plane.nxm.co.za |
| Zabbix | 8091 | https://zabbix.nxm.co.za |
| Homarr | 7575 | http://172.27.40.3:7575 |

## AI Stack

- **Ollama** on 172.27.6.139:11434 (bound to 0.0.0.0)
- **Models:** gemma4, qwen2.5-coder:7b
- **Flowise** on 172.27.40.3:3010 — visual agent/flow builder
- **Claude Code** — primary AI assistant, runs on Kubuntu

## Agent OS Runtime

- Files: `/opt/agent-os/` on 172.27.40.3
- Local edit path: `/home/nxm/Documents/agent-os/` on 172.27.6.139
- Repo: `https://git.nxm.co.za/admin/agent-os`
- Scheduled jobs: cron on 172.27.40.3
- LLM calls: `http://172.27.6.139:11434`

## Key Paths on Server

- Docker stacks: `/opt/stacks/`
- Agent OS: `/opt/agent-os/`

## Standing Decisions

- TrueNAS will move to a dedicated server — avoid hardcoding 172.27.40.5 in automation
- NPM handles all SSL termination — internal services use HTTP, NPM adds HTTPS
- NFS preferred for Linux-to-Linux file sharing
- Docker Compose only (no Kubernetes)
- All destructive actions require explicit confirmation before execution