admin/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9fc30a35733e3590c626402b27dd8b721f20efeb
homelab/README.md
CaffeineTux 9fc30a3573 Initial homelab GitOps repository setup 
This commit establishes the foundation for the homelab GitOps repository:

- Created layered architecture (infrastructure/platform/apps)
- Added MCP servers umbrella chart with SOPS-encrypted secrets
- Configured Flux Kustomizations for infrastructure and platform layers
- Set up SOPS + Age for secrets management
- Added .gitignore and documentation

MCP servers include:
- Gateway with auth (API keys in encrypted secrets)
- n8n MCP (workflow automation)
- Playwright MCP (browser automation)
- Kubernetes MCP (kubectl operations)
- GitHub MCP (repository management)
- Gitea MCP (self-hosted git)
- SQLite MCP (database operations)
- Filesystem MCP (file operations)
- Fetch MCP (HTTP requests)
- Memory MCP (shared memory/state)

All secrets are encrypted with SOPS using Age encryption.
2025-11-16 02:28:44 -05:00

2.9 KiB
Raw Blame History

Homelab GitOps Repository

This repository contains the declarative configuration for my Kubernetes homelab, managed using FluxCD v2 and SOPS-encrypted secrets.

Architecture

The repository is organized into three layers:

Layer 0 - Infrastructure

Core cluster infrastructure that other applications depend on:

  • cert-manager: TLS certificate management
  • ingress-nginx: Ingress controller for HTTP/HTTPS routing
  • storage: Persistent volume provisioning

Layer 1 - Platform

Platform services that support applications:

  • gitea: Self-hosted Git server
  • harbor: Container registry
  • n8n: Workflow automation
  • mcp-servers: Model Context Protocol servers with gateway
  • gotify: Push notifications
  • prometheus: Monitoring and alerting

Layer 2 - Apps

User-facing applications:

  • media: Audiobookshelf, Media-Servarr stack, MPD
  • ai: Ollama, Open WebUI
  • file-sharing: Firefox Send, Pairdrop, Pingvin Share, PsiTransfer
  • utilities: BentoPDF, Stirling PDF, Minecraft

Secrets Management

All secrets are encrypted using SOPS with age encryption.

Decrypting Secrets

# Decrypt a single file
sops -d infrastructure/cert-manager/secrets.enc.yaml > secrets.yaml

# Edit encrypted file in-place
sops infrastructure/cert-manager/secrets.enc.yaml

Encrypting New Secrets

# Encrypt a new secret file
sops -e secrets.yaml > secrets.enc.yaml

Deployment

This repository is deployed using FluxCD v2:

# Bootstrap Flux (already done)
flux bootstrap git \
  --url=http://192.168.1.49:13001/admin/homelab.git \
  --branch=main \
  --path=clusters/production

# Check Flux status
flux get all

Environment

  • Platform: K3s on ARM (Raspberry Pi)
  • OS: Termux on Android
  • GitOps: FluxCD v2
  • Secrets: SOPS + Age encryption
  • Registry: Harbor (self-hosted)

Directory Structure

.
├── bootstrap/          # Flux bootstrap manifests
├── infrastructure/     # Layer 0: Core infrastructure
├── platform/          # Layer 1: Platform services
├── apps/              # Layer 2: Applications
├── clusters/          # Cluster-specific configurations
│   └── production/    # Production cluster Kustomizations
└── docs/             # Additional documentation

Maintenance

Updating Applications

  1. Edit the HelmRelease or Kustomization in the appropriate directory
  2. Commit and push changes to Gitea
  3. Flux will automatically reconcile within 1 minute (or force with flux reconcile)

Adding New Applications

  1. Create directory in appropriate layer (infrastructure/platform/apps)
  2. Add namespace.yaml, helmrelease.yaml, and kustomization.yaml
  3. If secrets needed, create secrets.enc.yaml using SOPS
  4. Add reference to layer's kustomization.yaml
  5. Commit and push

Contact

Maintained by CaffeineTux