admin/agent-os
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
agent-os/memory/persistent.md
T
Claude Code 6cebab9a4a docs: comprehensive update — bring all Agent OS docs current for LLM onboarding 
All files were 5-7 weeks stale. Updated brain.md (complete service/agent/VPN/cron
inventory), identity.md (current expertise + infra context), CLAUDE.md (full agent
ecosystem table, Citadel tool registry, gotchas), README.md (LLM quick-start guide),
all memory files (current projects, decisions, constraints, persistent facts), and
infra-monitor skill.md (current container list with criticality tiers).

Also fixed: git remote switched from HTTP+embedded-token to SSH, removed references
to decommissioned services (Netbird, WireGuard, Flowise, Zabbix), corrected Ollama
IP (172.27.40.20), TrueNAS IP (172.27.40.220), and added 20+ services/agents that
were built since the last commit.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-19 17:15:45 +00:00

2.2 KiB
Raw Permalink Blame History

Persistent Memory

Facts that don't expire. If you'd have to re-explain it to a new agent every time, it belongs here. Last updated: 2026-06-19

Infrastructure decisions

  • RustDesk is self-hosted on 172.27.40.3 — clients connect to local server not public relay
  • NPM handles all SSL termination — internal services use HTTP, NPM adds HTTPS
  • Headscale v0.28: all write operations require numeric user ID, not username
  • Tailscale on Windows overrides DNS — disconnect before testing split DNS changes
  • Docker Compose only — no Kubernetes, no Swarm
  • Docker → OPNsense API: HTTP 400 from Docker proxy network — always run OPNsense API scripts from the host
  • All internal subdomains: gray-cloud CNAME → opnsense.nxm.co.za in Cloudflare. Proxied = 523 error.
  • OPNsense split DNS: all subdomains resolve to 172.27.40.3 internally via Unbound host overrides

Decommissioned services (do not reference)

  • Netbird: Fully removed from server 2026-05-28. Orphaned clients on mwp/coetzee/b0qxxx/fwlaw firewalls pending removal.
  • WireGuard (N2W): Fully removed 2026-05-30. Replaced by OpenVPN S2S.
  • Flowise: Replaced by Open WebUI 2026-05-01.
  • Zabbix: No longer running (monitoring moved to Grafana + InfluxDB + Telegraf).

Agent OS build state

  • Phase 1-2 complete (file structure + identity interview)
  • Phase 3 (infra-monitor skill): spec written but stale, not yet implemented
  • Notifications target: Raven at http://raven-notify:8400 (Discord + Gmail)
  • All agent logs write to /opt/agent-os/logs/<agent>/last-run.json

Credential policy

  • All API keys and passwords: ~/.nxm-keys (chmod 600)
  • Never write credential values into output, logs, docs, or config files
  • Reference credential location instead

VPN topology

  • Headscale (self-hosted Tailscale): remote access for admin devices
  • OpenVPN S2S: site-to-site for client firewalls (bezhuis/mwp/coetzee done, fwlaw pending)
  • Hub tunnel IPs: bezhuis=172.16.17.2, mwp=172.16.17.3, coetzee=172.16.17.4

Ollama

  • Host: 172.27.40.20 (Windows 11 Pro, NxM-AI), Vulkan GPU
  • Models: gemma4, llama3.1:8b, phi4
  • Auto-starts via Scheduled Task (S4U + AtStartup)
  • Used by: hodor-gateway, sam-research, qyburn-coder, Open WebUI
Reference in New Issue View Git Blame Copy Permalink