admin/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc18835453270284e8d89115bb42fbd50d89ca12
homelab/README.md
CaffeineTux 9fc30a3573 Initial homelab GitOps repository setup 
This commit establishes the foundation for the homelab GitOps repository:

- Created layered architecture (infrastructure/platform/apps)
- Added MCP servers umbrella chart with SOPS-encrypted secrets
- Configured Flux Kustomizations for infrastructure and platform layers
- Set up SOPS + Age for secrets management
- Added .gitignore and documentation

MCP servers include:
- Gateway with auth (API keys in encrypted secrets)
- n8n MCP (workflow automation)
- Playwright MCP (browser automation)
- Kubernetes MCP (kubectl operations)
- GitHub MCP (repository management)
- Gitea MCP (self-hosted git)
- SQLite MCP (database operations)
- Filesystem MCP (file operations)
- Fetch MCP (HTTP requests)
- Memory MCP (shared memory/state)

All secrets are encrypted with SOPS using Age encryption.
2025-11-16 02:28:44 -05:00

107 lines
2.9 KiB
Markdown
Raw Blame History

# Homelab GitOps Repository
This repository contains the declarative configuration for my Kubernetes homelab, managed using FluxCD v2 and SOPS-encrypted secrets.
## Architecture
The repository is organized into three layers:
### Layer 0 - Infrastructure
Core cluster infrastructure that other applications depend on:
- **cert-manager**: TLS certificate management
- **ingress-nginx**: Ingress controller for HTTP/HTTPS routing
- **storage**: Persistent volume provisioning
### Layer 1 - Platform
Platform services that support applications:
- **gitea**: Self-hosted Git server
- **harbor**: Container registry
- **n8n**: Workflow automation
- **mcp-servers**: Model Context Protocol servers with gateway
- **gotify**: Push notifications
- **prometheus**: Monitoring and alerting
### Layer 2 - Apps
User-facing applications:
- **media**: Audiobookshelf, Media-Servarr stack, MPD
- **ai**: Ollama, Open WebUI
- **file-sharing**: Firefox Send, Pairdrop, Pingvin Share, PsiTransfer
- **utilities**: BentoPDF, Stirling PDF, Minecraft
## Secrets Management
All secrets are encrypted using [SOPS](https://github.com/getsops/sops) with [age](https://github.com/FiloSottile/age) encryption.
### Decrypting Secrets
```bash
# Decrypt a single file
sops -d infrastructure/cert-manager/secrets.enc.yaml > secrets.yaml
# Edit encrypted file in-place
sops infrastructure/cert-manager/secrets.enc.yaml
```
### Encrypting New Secrets
```bash
# Encrypt a new secret file
sops -e secrets.yaml > secrets.enc.yaml
```
## Deployment
This repository is deployed using FluxCD v2:
```bash
# Bootstrap Flux (already done)
flux bootstrap git \
--url=http://192.168.1.49:13001/admin/homelab.git \
--branch=main \
--path=clusters/production
# Check Flux status
flux get all
```
## Environment
- **Platform**: K3s on ARM (Raspberry Pi)
- **OS**: Termux on Android
- **GitOps**: FluxCD v2
- **Secrets**: SOPS + Age encryption
- **Registry**: Harbor (self-hosted)
## Directory Structure
```
.
├── bootstrap/ # Flux bootstrap manifests
├── infrastructure/ # Layer 0: Core infrastructure
├── platform/ # Layer 1: Platform services
├── apps/ # Layer 2: Applications
├── clusters/ # Cluster-specific configurations
│ └── production/ # Production cluster Kustomizations
└── docs/ # Additional documentation
```
## Maintenance
### Updating Applications
1. Edit the HelmRelease or Kustomization in the appropriate directory
2. Commit and push changes to Gitea
3. Flux will automatically reconcile within 1 minute (or force with `flux reconcile`)
### Adding New Applications
1. Create directory in appropriate layer (infrastructure/platform/apps)
2. Add namespace.yaml, helmrelease.yaml, and kustomization.yaml
3. If secrets needed, create secrets.enc.yaml using SOPS
4. Add reference to layer's kustomization.yaml
5. Commit and push
## Contact
Maintained by CaffeineTux
Reference in New Issue View Git Blame Copy Permalink