Home cluster¶
This repo is my homelab OPS stuff. This is a single source of truth for storing configuration for my home servers, cloud instances and other devices.
In this repo I'm focusing on:
- Provisioning homelab servers with Talos to have uniform way of configuring servers
- Configuring cloud services using Terraform
- Deploying applications with use of ArgoCD
Tech Stack¶
Provisioning¶
| Tool | Purpose |
|---|---|
| Talos | Kubernetes-focused immutable Linux OS for all nodes |
| talhelper | Talos config generation from talconfig.yaml |
| Terraform | Cloudflare DNS, tunnels, and firewall rules |
Kubernetes¶
| Component | Purpose |
|---|---|
| ArgoCD | GitOps continuous delivery with ApplicationSets |
| Cilium | CNI, kube-proxy replacement, L2 load balancer announcements |
| Envoy Gateway | Kubernetes Gateway API — external (192.168.48.20) and internal (192.168.48.21) gateways |
| Cloudflared | Cloudflare Tunnel client for external gateway access |
| cert-manager | Automated TLS certificates (Cloudflare DNS01) |
| external-dns (cloudflare) | Publishes external routes/endpoints to Cloudflare DNS |
| external-dns (adguard) | Publishes internal routes/endpoints to AdGuard Home DNS |
| Rook-Ceph | Distributed block and file storage |
| NFS subdir provisioner | Cold storage on QNAP NAS |
| Keycloak | Identity provider (OIDC) |
| External Secrets Operator | Secret sync from Bitwarden Secrets Manager |
| kube-prometheus-stack | Prometheus + Grafana monitoring |
| CloudNative-PG | PostgreSQL operator |
| VolSync | PVC backup and restore |
Secrets Management¶
| Tool | Purpose |
|---|---|
| Bitwarden Secrets Manager | Single secret store — cluster credentials via ESO ExternalSecrets + environment secrets via BWS CLI |
| External Secrets Operator | Syncs Bitwarden secrets into Kubernetes Secrets (ClusterSecretStore: bitwarden) |
[VIP]: Virtual IP (Used for high-availability controlplanes)
[HA]: High Availability (often reduntant hardware/software)
[PVC]: k8s resource - Persistent Volume Claim
[PV]: k8s resource - Persistent Volume
[CNI]: k8s networking - Container Network Interface
[k8s]: Shortening of Kurbenetes
[CRD]: Custom Resource Definitions
[S3]: Simple Storage Service
[NFS]: Network File System
[DR]: Disaster Recovery