Go to file

CaffeineTux e0eb846716 Add GitOps migration completion documentation

Comprehensive summary of Phase 1 migration:
✅ 16 Helm charts in Harbor OCI registry
✅ Flux v2.4.0 fully deployed with SOPS encryption
✅ Gotify notifications configured
✅ 15 MCP pods running successfully
✅ All infrastructure ready for app migration

Includes:
- Complete deployment status
- Repository structure
- Access information
- Troubleshooting guide
- Security notes
- Next steps

Ready for Phase 2: Application migration to GitOps

2025-11-16 12:10:29 -05:00

bootstrap

Fix Gotify provider to use generic webhook type

2025-11-16 02:36:50 -05:00

clusters/production

Fix GitRepository references in Kustomizations

2025-11-16 02:36:17 -05:00

docs

Add GitOps migration completion documentation

2025-11-16 12:10:29 -05:00

infrastructure

Initial homelab GitOps repository setup

2025-11-16 02:28:44 -05:00

platform

Disable playwright and puppeteer MCP servers

2025-11-16 12:00:00 -05:00

.gitignore

Initial homelab GitOps repository setup

2025-11-16 02:28:44 -05:00

.sops.yaml

Configure MCP servers to use Harbor OCI registry

2025-11-16 03:04:40 -05:00

README.md

Initial homelab GitOps repository setup

2025-11-16 02:28:44 -05:00

README.md

Homelab GitOps Repository

This repository contains the declarative configuration for my Kubernetes homelab, managed using FluxCD v2 and SOPS-encrypted secrets.

Architecture

The repository is organized into three layers:

Layer 0 - Infrastructure

Core cluster infrastructure that other applications depend on:

cert-manager: TLS certificate management
ingress-nginx: Ingress controller for HTTP/HTTPS routing
storage: Persistent volume provisioning

Layer 1 - Platform

Platform services that support applications:

gitea: Self-hosted Git server
harbor: Container registry
n8n: Workflow automation
mcp-servers: Model Context Protocol servers with gateway
gotify: Push notifications
prometheus: Monitoring and alerting

Layer 2 - Apps

User-facing applications:

media: Audiobookshelf, Media-Servarr stack, MPD
ai: Ollama, Open WebUI
file-sharing: Firefox Send, Pairdrop, Pingvin Share, PsiTransfer
utilities: BentoPDF, Stirling PDF, Minecraft

Secrets Management

All secrets are encrypted using SOPS with age encryption.

Decrypting Secrets

# Decrypt a single file
sops -d infrastructure/cert-manager/secrets.enc.yaml > secrets.yaml

# Edit encrypted file in-place
sops infrastructure/cert-manager/secrets.enc.yaml

Encrypting New Secrets

# Encrypt a new secret file
sops -e secrets.yaml > secrets.enc.yaml

Deployment

This repository is deployed using FluxCD v2:

# Bootstrap Flux (already done)
flux bootstrap git \
  --url=http://192.168.1.49:13001/admin/homelab.git \
  --branch=main \
  --path=clusters/production

# Check Flux status
flux get all

Environment

Platform: K3s on ARM (Raspberry Pi)
OS: Termux on Android
GitOps: FluxCD v2
Secrets: SOPS + Age encryption
Registry: Harbor (self-hosted)

Directory Structure

.
├── bootstrap/          # Flux bootstrap manifests
├── infrastructure/     # Layer 0: Core infrastructure
├── platform/          # Layer 1: Platform services
├── apps/              # Layer 2: Applications
├── clusters/          # Cluster-specific configurations
│   └── production/    # Production cluster Kustomizations
└── docs/             # Additional documentation

Maintenance

Updating Applications

Edit the HelmRelease or Kustomization in the appropriate directory
Commit and push changes to Gitea
Flux will automatically reconcile within 1 minute (or force with flux reconcile)

Adding New Applications

Create directory in appropriate layer (infrastructure/platform/apps)
Add namespace.yaml, helmrelease.yaml, and kustomization.yaml
If secrets needed, create secrets.enc.yaml using SOPS
Add reference to layer's kustomization.yaml
Commit and push

Contact

Maintained by CaffeineTux