Initial homelab GitOps repository setup

This commit establishes the foundation for the homelab GitOps repository:

- Created layered architecture (infrastructure/platform/apps)
- Added MCP servers umbrella chart with SOPS-encrypted secrets
- Configured Flux Kustomizations for infrastructure and platform layers
- Set up SOPS + Age for secrets management
- Added .gitignore and documentation

MCP servers include:
- Gateway with auth (API keys in encrypted secrets)
- n8n MCP (workflow automation)
- Playwright MCP (browser automation)
- Kubernetes MCP (kubectl operations)
- GitHub MCP (repository management)
- Gitea MCP (self-hosted git)
- SQLite MCP (database operations)
- Filesystem MCP (file operations)
- Fetch MCP (HTTP requests)
- Memory MCP (shared memory/state)

All secrets are encrypted with SOPS using Age encryption.

platform/mcp-servers/secrets.enc.yaml

@@ -0,0 +1,119 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: mcp-gateway-api-keys
+    namespace: mcp
+type: Opaque
+stringData:
+    n8n-key: ENC[AES256_GCM,data:s/IIC99kiFR64YcHrukDfHcctfrO6gMY2jpbql2VIikwhpMAnXDN4mVddlwNIwHOtjIgP6oL8c9Q4lfiANy5sg==,iv:rl1pR9IcsOsPNtvb7sH8VE7cEkb1SrKqcqoHTLBcedU=,tag:PJCcbvp3pd94XWPMo2IQ0Q==,type:str]
+    admin-key: ENC[AES256_GCM,data:m0QIropOzru9e7VxowzFphJYA0O31BLBr+fyTdHgCkHtMpwCgxvBQfmwTpeBM355CPGLUiZ14YhYWXRiOc2fMg==,iv:xVA0HRgu/NaEprersvP9mxWD6rJrsI1yJhBJ+hUaAEY=,tag:bgY2YEKKnHyH5zOCIFStag==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1eTE4UEt0bzN4OWJuamNt
+            Mm9aZkNRdVZIckZuMmZNeWVGWkhhWTl2dERjCldzWVZxemQ2ZTJaOFF1cFBRcHFn
+            eENmcmhjaUNEOFZ1anNLWEpOcGJRVmMKLS0tIG05N1pldmY5d1ZXUVRleXlQWWx1
+            dmJRbnFzNlZRZElTQVZ3RmNzVzRZWUUKkcXqeJd3Domjt7TlKn78HqgGiCOQ0whM
+            ZwgQ+6Q97D95bBK3Wa0TiZ4FNqKJvTa5jQ0Onh03eQ5eXKHJiqTcdw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-11-16T07:26:31Z"
+    mac: ENC[AES256_GCM,data:WliyDuYa0RUFoYOqqaYyXmmf8NYKe9sdOgSaOfSjhnHwvT4Z2nh+k/RR9fmpZ7qjrZFVdE9kfur21Mh6hKZnJ7vlA63u3YFq4Buu3fOdlSPLA3FRTeDbFy0kIDM2R4OqkXQrCVUFxGaQkG4lKw6XAKLZDnmQw9059wKRbbMTWpc=,iv:pU5RJCtoctkIy22VgFJPLEkmsgA/t4x1FwEJgkc1pdE=,tag:96pa5LoubQurpR8Yydcr2A==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$
+    version: 3.9.2
+---
+apiVersion: v1
+kind: Secret
+metadata:
+    name: n8n-mcp-api-key
+    namespace: mcp
+type: Opaque
+stringData:
+    apiKey: ENC[AES256_GCM,data:v51UaiPHLi0acynqtXkEr1jCcf39hLa0pgcKPg2xLUwTf53IlN+HqbwTzWByTu4zBAHksCqrU1nvCdhi5wuAxjv1YVpObytA+UyPnM13UEw7ThrGqlpq4+lytA0ZsIFgjsDqb7T7Xyr1gNrQjZVpT17LQGAhbEQAuhXxzR3VIzOFpFj4zO7+im9WlEMUz5oq/T70/PMYSR7zw12we9GHfze5WZQ42AuwCIk7kuloSd+/9UzQyJZlRSVVyPBmtJGz3Mfoa02F84RgJsEHEXou,iv:pyO0SFcVFXenBTVMNcC/O9jEfVr79ZMQXVagAc9mjKc=,tag:A+3wEzEkt7qMcYZSR77xgA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1eTE4UEt0bzN4OWJuamNt
+            Mm9aZkNRdVZIckZuMmZNeWVGWkhhWTl2dERjCldzWVZxemQ2ZTJaOFF1cFBRcHFn
+            eENmcmhjaUNEOFZ1anNLWEpOcGJRVmMKLS0tIG05N1pldmY5d1ZXUVRleXlQWWx1
+            dmJRbnFzNlZRZElTQVZ3RmNzVzRZWUUKkcXqeJd3Domjt7TlKn78HqgGiCOQ0whM
+            ZwgQ+6Q97D95bBK3Wa0TiZ4FNqKJvTa5jQ0Onh03eQ5eXKHJiqTcdw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-11-16T07:26:31Z"
+    mac: ENC[AES256_GCM,data:WliyDuYa0RUFoYOqqaYyXmmf8NYKe9sdOgSaOfSjhnHwvT4Z2nh+k/RR9fmpZ7qjrZFVdE9kfur21Mh6hKZnJ7vlA63u3YFq4Buu3fOdlSPLA3FRTeDbFy0kIDM2R4OqkXQrCVUFxGaQkG4lKw6XAKLZDnmQw9059wKRbbMTWpc=,iv:pU5RJCtoctkIy22VgFJPLEkmsgA/t4x1FwEJgkc1pdE=,tag:96pa5LoubQurpR8Yydcr2A==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$
+    version: 3.9.2
+---
+apiVersion: v1
+kind: Secret
+metadata:
+    name: github-mcp-token
+    namespace: mcp
+type: Opaque
+stringData:
+    token: ENC[AES256_GCM,data:TDOzJ8eWs+q2y8//fGU5kQN9LBkuvZ0oYvDVG94XsJ9Ul33YBgGCjQ==,iv:hRF5eizLhux3YLoKuCYhdJzQr4jEyGItp6TfYq/OuZ4=,tag:9EiwNhGU/uZ4A0jxQZ4Dwg==,type:str]
+    owner: ENC[AES256_GCM,data:Wk1V8l0vw7EbHLc=,iv:IcOTaXB7l0+G0ewj33RmwOB14sCYNduO1jDsSTvvjv4=,tag:ois9qnprTmfo3DrtCc/pnQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1eTE4UEt0bzN4OWJuamNt
+            Mm9aZkNRdVZIckZuMmZNeWVGWkhhWTl2dERjCldzWVZxemQ2ZTJaOFF1cFBRcHFn
+            eENmcmhjaUNEOFZ1anNLWEpOcGJRVmMKLS0tIG05N1pldmY5d1ZXUVRleXlQWWx1
+            dmJRbnFzNlZRZElTQVZ3RmNzVzRZWUUKkcXqeJd3Domjt7TlKn78HqgGiCOQ0whM
+            ZwgQ+6Q97D95bBK3Wa0TiZ4FNqKJvTa5jQ0Onh03eQ5eXKHJiqTcdw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-11-16T07:26:31Z"
+    mac: ENC[AES256_GCM,data:WliyDuYa0RUFoYOqqaYyXmmf8NYKe9sdOgSaOfSjhnHwvT4Z2nh+k/RR9fmpZ7qjrZFVdE9kfur21Mh6hKZnJ7vlA63u3YFq4Buu3fOdlSPLA3FRTeDbFy0kIDM2R4OqkXQrCVUFxGaQkG4lKw6XAKLZDnmQw9059wKRbbMTWpc=,iv:pU5RJCtoctkIy22VgFJPLEkmsgA/t4x1FwEJgkc1pdE=,tag:96pa5LoubQurpR8Yydcr2A==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$
+    version: 3.9.2
+---
+apiVersion: v1
+kind: Secret
+metadata:
+    name: gitea-mcp-token
+    namespace: mcp
+type: Opaque
+stringData:
+    token: ENC[AES256_GCM,data:lmW9WhvdUiSa8rCN7KXHV6USg93QaWqyEA2XCPYshQWm5ZQ0VGza/Q==,iv:Kw6CbzqFKiqELTHZkABdnB1/WUhiP1yW9fXJ94TGSdY=,tag:jVQ8FbHfqwmiGHhsA+is8Q==,type:str]
+    owner: ENC[AES256_GCM,data:QBY6p1A=,iv:tqcrMSknyxs9DtKzXkotZGM2szY9/LO/9Aa0UKH2cG4=,tag:Gw0DFRNx3WZFld5ZGJY32g==,type:str]
+    url: ENC[AES256_GCM,data:mTZ85n5G1j3lphgIwMkKket3ARayHhvY8lCcquhrbIBCwBbTeo/zoT2fxTiU6w==,iv:1oZ2Aa+bTqqoqsUT4+cR43f5WSdzgspLFufrMS6Cq4g=,tag:9tker2sFgiC+fRvSo9/X0Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1c7ke5ajhtzua7lrvzsg2p7krnnqv5jhvafh4lsl2s022j46jggnss4rxry
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1eTE4UEt0bzN4OWJuamNt
+            Mm9aZkNRdVZIckZuMmZNeWVGWkhhWTl2dERjCldzWVZxemQ2ZTJaOFF1cFBRcHFn
+            eENmcmhjaUNEOFZ1anNLWEpOcGJRVmMKLS0tIG05N1pldmY5d1ZXUVRleXlQWWx1
+            dmJRbnFzNlZRZElTQVZ3RmNzVzRZWUUKkcXqeJd3Domjt7TlKn78HqgGiCOQ0whM
+            ZwgQ+6Q97D95bBK3Wa0TiZ4FNqKJvTa5jQ0Onh03eQ5eXKHJiqTcdw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-11-16T07:26:31Z"
+    mac: ENC[AES256_GCM,data:WliyDuYa0RUFoYOqqaYyXmmf8NYKe9sdOgSaOfSjhnHwvT4Z2nh+k/RR9fmpZ7qjrZFVdE9kfur21Mh6hKZnJ7vlA63u3YFq4Buu3fOdlSPLA3FRTeDbFy0kIDM2R4OqkXQrCVUFxGaQkG4lKw6XAKLZDnmQw9059wKRbbMTWpc=,iv:pU5RJCtoctkIy22VgFJPLEkmsgA/t4x1FwEJgkc1pdE=,tag:96pa5LoubQurpR8Yydcr2A==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData|password|token|apiKey|secret|key)$
+    version: 3.9.2