admin/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
13 Commits 1 Branch 0 Tags
d4c53395d8c5a1de8bf5b8844333a6ffc6e04be4
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
CaffeineTux d4c53395d8 Add playwright persistence to HelmRelease values 
Moved persistence configuration to HelmRelease values override
to ensure it takes precedence over chart defaults.
2025-11-16 03:22:59 -05:00
bootstrap
Fix Gotify provider to use generic webhook type
2025-11-16 02:36:50 -05:00
clusters/production
Fix GitRepository references in Kustomizations
2025-11-16 02:36:17 -05:00
docs
Add migration status documentation
2025-11-16 02:30:04 -05:00
infrastructure
Initial homelab GitOps repository setup
2025-11-16 02:28:44 -05:00
platform
Add playwright persistence to HelmRelease values
2025-11-16 03:22:59 -05:00
.gitignore
Initial homelab GitOps repository setup
2025-11-16 02:28:44 -05:00
.sops.yaml
Configure MCP servers to use Harbor OCI registry
2025-11-16 03:04:40 -05:00
README.md
Initial homelab GitOps repository setup
2025-11-16 02:28:44 -05:00

README.md

Homelab GitOps Repository

This repository contains the declarative configuration for my Kubernetes homelab, managed using FluxCD v2 and SOPS-encrypted secrets.

Architecture

The repository is organized into three layers:

Layer 0 - Infrastructure

Core cluster infrastructure that other applications depend on:

  • cert-manager: TLS certificate management
  • ingress-nginx: Ingress controller for HTTP/HTTPS routing
  • storage: Persistent volume provisioning

Layer 1 - Platform

Platform services that support applications:

  • gitea: Self-hosted Git server
  • harbor: Container registry
  • n8n: Workflow automation
  • mcp-servers: Model Context Protocol servers with gateway
  • gotify: Push notifications
  • prometheus: Monitoring and alerting

Layer 2 - Apps

User-facing applications:

  • media: Audiobookshelf, Media-Servarr stack, MPD
  • ai: Ollama, Open WebUI
  • file-sharing: Firefox Send, Pairdrop, Pingvin Share, PsiTransfer
  • utilities: BentoPDF, Stirling PDF, Minecraft

Secrets Management

All secrets are encrypted using SOPS with age encryption.

Decrypting Secrets

# Decrypt a single file
sops -d infrastructure/cert-manager/secrets.enc.yaml > secrets.yaml

# Edit encrypted file in-place
sops infrastructure/cert-manager/secrets.enc.yaml

Encrypting New Secrets

# Encrypt a new secret file
sops -e secrets.yaml > secrets.enc.yaml

Deployment

This repository is deployed using FluxCD v2:

# Bootstrap Flux (already done)
flux bootstrap git \
  --url=http://192.168.1.49:13001/admin/homelab.git \
  --branch=main \
  --path=clusters/production

# Check Flux status
flux get all

Environment

  • Platform: K3s on ARM (Raspberry Pi)
  • OS: Termux on Android
  • GitOps: FluxCD v2
  • Secrets: SOPS + Age encryption
  • Registry: Harbor (self-hosted)

Directory Structure

.
├── bootstrap/          # Flux bootstrap manifests
├── infrastructure/     # Layer 0: Core infrastructure
├── platform/          # Layer 1: Platform services
├── apps/              # Layer 2: Applications
├── clusters/          # Cluster-specific configurations
│   └── production/    # Production cluster Kustomizations
└── docs/             # Additional documentation

Maintenance

Updating Applications

  1. Edit the HelmRelease or Kustomization in the appropriate directory
  2. Commit and push changes to Gitea
  3. Flux will automatically reconcile within 1 minute (or force with flux reconcile)

Adding New Applications

  1. Create directory in appropriate layer (infrastructure/platform/apps)
  2. Add namespace.yaml, helmrelease.yaml, and kustomization.yaml
  3. If secrets needed, create secrets.enc.yaml using SOPS
  4. Add reference to layer's kustomization.yaml
  5. Commit and push

Contact

Maintained by CaffeineTux

Description
Homelab GitOps repository managed with FluxCD
Readme 163 KiB