Go to file

CaffeineTux c539116eb4 Configure MCP servers to use Harbor OCI registry

- Updated Chart.yaml dependencies to use OCI registry
- Added HelmRepository resource for Harbor
- Created Harbor registry secret (SOPS-encrypted)
- Updated HelmRelease to use HelmRepository instead of Git source
- Packaged and pushed all 16 MCP charts to Harbor OCI registry
- Updated .sops.yaml to handle platform secrets

All MCP charts are now available at:
oci://images.caffeinetux.com/mcp-charts

2025-11-16 03:04:40 -05:00

bootstrap

Fix Gotify provider to use generic webhook type

2025-11-16 02:36:50 -05:00

clusters/production

Fix GitRepository references in Kustomizations

2025-11-16 02:36:17 -05:00

docs

Add migration status documentation

2025-11-16 02:30:04 -05:00

infrastructure

Initial homelab GitOps repository setup

2025-11-16 02:28:44 -05:00

platform

Configure MCP servers to use Harbor OCI registry

2025-11-16 03:04:40 -05:00

.gitignore

Initial homelab GitOps repository setup

2025-11-16 02:28:44 -05:00

.sops.yaml

Configure MCP servers to use Harbor OCI registry

2025-11-16 03:04:40 -05:00

README.md

Initial homelab GitOps repository setup

2025-11-16 02:28:44 -05:00

README.md

Homelab GitOps Repository

This repository contains the declarative configuration for my Kubernetes homelab, managed using FluxCD v2 and SOPS-encrypted secrets.

Architecture

The repository is organized into three layers:

Layer 0 - Infrastructure

Core cluster infrastructure that other applications depend on:

cert-manager: TLS certificate management
ingress-nginx: Ingress controller for HTTP/HTTPS routing
storage: Persistent volume provisioning

Layer 1 - Platform

Platform services that support applications:

gitea: Self-hosted Git server
harbor: Container registry
n8n: Workflow automation
mcp-servers: Model Context Protocol servers with gateway
gotify: Push notifications
prometheus: Monitoring and alerting

Layer 2 - Apps

User-facing applications:

media: Audiobookshelf, Media-Servarr stack, MPD
ai: Ollama, Open WebUI
file-sharing: Firefox Send, Pairdrop, Pingvin Share, PsiTransfer
utilities: BentoPDF, Stirling PDF, Minecraft

Secrets Management

All secrets are encrypted using SOPS with age encryption.

Decrypting Secrets

# Decrypt a single file
sops -d infrastructure/cert-manager/secrets.enc.yaml > secrets.yaml

# Edit encrypted file in-place
sops infrastructure/cert-manager/secrets.enc.yaml

Encrypting New Secrets

# Encrypt a new secret file
sops -e secrets.yaml > secrets.enc.yaml

Deployment

This repository is deployed using FluxCD v2:

# Bootstrap Flux (already done)
flux bootstrap git \
  --url=http://192.168.1.49:13001/admin/homelab.git \
  --branch=main \
  --path=clusters/production

# Check Flux status
flux get all

Environment

Platform: K3s on ARM (Raspberry Pi)
OS: Termux on Android
GitOps: FluxCD v2
Secrets: SOPS + Age encryption
Registry: Harbor (self-hosted)

Directory Structure

.
├── bootstrap/          # Flux bootstrap manifests
├── infrastructure/     # Layer 0: Core infrastructure
├── platform/          # Layer 1: Platform services
├── apps/              # Layer 2: Applications
├── clusters/          # Cluster-specific configurations
│   └── production/    # Production cluster Kustomizations
└── docs/             # Additional documentation

Maintenance

Updating Applications

Edit the HelmRelease or Kustomization in the appropriate directory
Commit and push changes to Gitea
Flux will automatically reconcile within 1 minute (or force with flux reconcile)

Adding New Applications

Create directory in appropriate layer (infrastructure/platform/apps)
Add namespace.yaml, helmrelease.yaml, and kustomization.yaml
If secrets needed, create secrets.enc.yaml using SOPS
Add reference to layer's kustomization.yaml
Commit and push

Contact

Maintained by CaffeineTux