Initial homelab GitOps repository setup

This commit establishes the foundation for the homelab GitOps repository:

- Created layered architecture (infrastructure/platform/apps)
- Added MCP servers umbrella chart with SOPS-encrypted secrets
- Configured Flux Kustomizations for infrastructure and platform layers
- Set up SOPS + Age for secrets management
- Added .gitignore and documentation

MCP servers include:
- Gateway with auth (API keys in encrypted secrets)
- n8n MCP (workflow automation)
- Playwright MCP (browser automation)
- Kubernetes MCP (kubectl operations)
- GitHub MCP (repository management)
- Gitea MCP (self-hosted git)
- SQLite MCP (database operations)
- Filesystem MCP (file operations)
- Fetch MCP (HTTP requests)
- Memory MCP (shared memory/state)

All secrets are encrypted with SOPS using Age encryption.

platform/mcp-servers/values-full.yaml

@@ -0,0 +1,311 @@
+# MCP Umbrella Chart - Central Configuration
+# This chart deploys all MCP servers and the central gateway
+
+# Global configuration shared across all MCP servers
+global:
+  # Namespace to deploy all MCP services
+  namespace: mcp
+
+  # Common labels applied to all resources
+  commonLabels:
+    app.kubernetes.io/part-of: mcp-ecosystem
+    managed-by: mcp-umbrella
+
+  # Image pull policy for all charts
+  imagePullPolicy: IfNotPresent
+
+  # Security context for all pods
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 1000
+    fsGroup: 1000
+
+# =============================================================================
+# MCP Gateway Configuration
+# =============================================================================
+mcp-gateway:
+  enabled: true
+  replicaCount: 1
+
+  service:
+    type: LoadBalancer
+    port: 3000
+    # loadBalancerIP: "192.168.1.100"  # Uncomment and set your LoadBalancer IP
+
+  ingress:
+    enabled: false  # Disabled by default, can enable later
+    className: "nginx"
+    hosts:
+      - host: mcp.caffeinetux.com
+        paths:
+          - path: /
+            pathType: Prefix
+    tls:
+      - secretName: mcp-gateway-tls
+        hosts:
+          - mcp.caffeinetux.com
+
+  gateway:
+    auth:
+      enabled: true
+      apiKeys:
+        - name: "n8n"
+          key: ""  # SET THIS: Generate with: openssl rand -hex 32
+        - name: "admin"
+          key: ""  # SET THIS: Generate with: openssl rand -hex 32
+
+    logLevel: "info"
+    timeout: 30000
+
+    # MCP servers will be auto-populated from enabled servers below
+    servers:
+      n8n-mcp:
+        host: "n8n-mcp"
+        port: 3001
+      playwright-mcp:
+        host: "playwright-mcp"
+        port: 3002
+      kubernetes-mcp:
+        host: "kubernetes-mcp"
+        port: 3003
+      github-mcp:
+        host: "github-mcp"
+        port: 3004
+      postgresql-mcp:
+        host: "postgresql-mcp"
+        port: 3005
+      sqlite-mcp:
+        host: "sqlite-mcp"
+        port: 3006
+      prometheus-mcp:
+        host: "prometheus-mcp"
+        port: 3007
+      slack-mcp:
+        host: "slack-mcp"
+        port: 3008
+      s3-mcp:
+        host: "s3-mcp"
+        port: 3009
+      filesystem-mcp:
+        host: "filesystem-mcp"
+        port: 3010
+      puppeteer-mcp:
+        host: "puppeteer-mcp"
+        port: 3011
+      fetch-mcp:
+        host: "fetch-mcp"
+        port: 3012
+      memory-mcp:
+        host: "memory-mcp"
+        port: 3013
+      gitea-mcp:
+        host: "gitea-mcp"
+        port: 3014
+
+  autoscaling:
+    enabled: true
+    minReplicas: 1
+    maxReplicas: 3
+    targetCPUUtilizationPercentage: 80
+
+# =============================================================================
+# n8n MCP Server Configuration
+# =============================================================================
+n8n-mcp:
+  enabled: true
+
+  n8nMCP:
+    n8n:
+      url: "http://n8n.n8n.svc.cluster.local:5678"
+      apiKey: ""  # SET THIS: Get from n8n settings
+    mode: "full"
+    logLevel: "info"
+
+# =============================================================================
+# Playwright MCP Server Configuration
+# =============================================================================
+playwright-mcp:
+  enabled: true
+
+  playwrightMCP:
+    browsers:
+      - chromium
+      - firefox
+      - webkit
+    headless: true
+    timeout: 30000
+
+  persistence:
+    enabled: true
+    size: 10Gi
+
+  resources:
+    limits:
+      cpu: 1000m
+      memory: 2Gi
+    requests:
+      cpu: 200m
+      memory: 512Mi
+
+# =============================================================================
+# Kubernetes MCP Server Configuration
+# =============================================================================
+kubernetes-mcp:
+  enabled: true
+
+  rbac:
+    create: true
+    # ClusterRole permissions for kubectl operations
+    rules:
+      - apiGroups: [""]
+        resources: ["pods", "services", "configmaps", "secrets"]
+        verbs: ["get", "list", "watch", "create", "update", "delete"]
+      - apiGroups: ["apps"]
+        resources: ["deployments", "statefulsets", "daemonsets"]
+        verbs: ["get", "list", "watch", "create", "update", "delete"]
+
+# =============================================================================
+# GitHub MCP Server Configuration
+# =============================================================================
+github-mcp:
+  enabled: true
+
+  github:
+    token: ""  # SET THIS: GitHub Personal Access Token
+    owner: ""  # SET THIS: Default GitHub org/user
+
+# =============================================================================
+# PostgreSQL MCP Server Configuration
+# =============================================================================
+postgresql-mcp:
+  enabled: false  # Disabled by default - requires PostgreSQL instance
+
+  postgresql:
+    host: "postgresql.default.svc.cluster.local"
+    port: 5432
+    database: "postgres"
+    user: "postgres"
+    password: ""  # SET THIS if enabling
+
+# =============================================================================
+# SQLite MCP Server Configuration
+# =============================================================================
+sqlite-mcp:
+  enabled: true
+
+  sqlite:
+    databasePath: "/data/sqlite.db"
+
+  persistence:
+    enabled: true
+    size: 1Gi
+
+# =============================================================================
+# Prometheus MCP Server Configuration
+# =============================================================================
+prometheus-mcp:
+  enabled: false  # Disabled by default - requires Prometheus instance
+
+  prometheus:
+    url: "http://prometheus-server.prometheus.svc.cluster.local"
+
+# =============================================================================
+# Slack MCP Server Configuration
+# =============================================================================
+slack-mcp:
+  enabled: false  # Disabled by default - requires Slack tokens
+
+  slack:
+    botToken: ""  # SET THIS: Slack Bot Token
+    appToken: ""  # OPTIONAL: Slack App Token for socket mode
+
+# =============================================================================
+# S3 MCP Server Configuration
+# =============================================================================
+s3-mcp:
+  enabled: false  # Disabled by default - requires S3/MinIO credentials
+
+  s3:
+    endpoint: ""  # e.g., "s3.amazonaws.com" or MinIO endpoint
+    region: "us-east-1"
+    bucket: ""
+    accessKeyId: ""  # SET THIS
+    secretAccessKey: ""  # SET THIS
+
+# =============================================================================
+# Filesystem MCP Server Configuration
+# =============================================================================
+filesystem-mcp:
+  enabled: true
+
+  filesystem:
+    rootPath: "/data"
+
+  persistence:
+    enabled: true
+    size: 5Gi
+
+# =============================================================================
+# Puppeteer MCP Server Configuration
+# =============================================================================
+puppeteer-mcp:
+  enabled: false  # Disabled by default - resource intensive
+
+  puppeteer:
+    headless: true
+    timeout: 30000
+
+  persistence:
+    enabled: true
+    downloadSize: 5Gi
+    screenshotSize: 5Gi
+
+  resources:
+    limits:
+      cpu: 1000m
+      memory: 2Gi
+    requests:
+      cpu: 500m
+      memory: 1Gi
+
+# =============================================================================
+# Fetch MCP Server Configuration
+# =============================================================================
+fetch-mcp:
+  enabled: true
+
+  fetch:
+    userAgent: "MCP-Fetch-Server/1.0"
+    timeout: 30000
+
+# =============================================================================
+# Memory MCP Server Configuration (Central Coordinator)
+# =============================================================================
+memory-mcp:
+  enabled: true
+
+  storage:
+    backend: "redis"  # or "postgres"
+
+  # Redis backend configuration (if backend: redis)
+  redis:
+    host: "redis.default.svc.cluster.local"  # Change to your Redis service
+    port: 6379
+    password: ""  # SET THIS if Redis requires auth
+    db: 0
+
+  # PostgreSQL backend configuration (if backend: postgres)
+  postgres:
+    host: "postgresql.default.svc.cluster.local"
+    port: 5432
+    database: "memory_mcp"
+    user: "postgres"
+    password: ""  # SET THIS if using postgres backend
+
+  resources:
+    limits:
+      cpu: 200m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 256Mi