{"id":13602057,"url":"https://github.com/Ramblurr/home-ops","last_synced_at":"2025-04-11T08:31:37.933Z","repository":{"id":152541521,"uuid":"614312658","full_name":"Ramblurr/home-ops","owner":"Ramblurr","description":"My gitops'd home prod IaC","archived":false,"fork":false,"pushed_at":"2025-02-04T17:11:15.000Z","size":12081,"stargazers_count":20,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-06T11:08:49.453Z","etag":null,"topics":["ansible","flux","gitops","iac","k8s-at-home","kubernetes","renovate","talos","terraform","vyos"],"latest_commit_sha":null,"homepage":"https://notes.binaryelysium.com/HomeOps/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Ramblurr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-15T10:36:48.000Z","updated_at":"2025-03-01T15:23:57.000Z","dependencies_parsed_at":"2024-01-22T19:04:00.643Z","dependency_job_id":"341b6707-11c8-49c2-a22a-d497e2f32f8b","html_url":"https://github.com/Ramblurr/home-ops","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ramblurr%2Fhome-ops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ramblurr%2Fhome-ops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ramblurr%2Fhome-ops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ramblurr%2Fhome-ops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Ramblurr","download_url":"https://codeload.github.com/Ramblurr/home-ops/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248361554,"owners_count":21090930,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","flux","gitops","iac","k8s-at-home","kubernetes","renovate","talos","terraform","vyos"],"created_at":"2024-08-01T18:01:13.047Z","updated_at":"2025-04-11T08:31:32.922Z","avatar_url":"https://github.com/Ramblurr.png","language":"Shell","funding_links":[],"categories":["Shell","ansible"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"https://avatars.githubusercontent.com/u/14830?v=4\" align=\"left\" width=\"144px\" height=\"144px\"/\u003e\n\n## My Home Operations repository\n\n_... managed by Flux, Renovate and GitHub Actions_ :robot:\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![k8s@home](https://img.shields.io/badge/-%20k8s%40home-blue?style=for-the-badge\u0026logo=discord\u0026logoColor=white)](https://discord.gg/k8s-at-home)\n[![selfhosted.show](https://img.shields.io/badge/-%20self--hosted-orange?style=for-the-badge\u0026logo=discord\u0026logoColor=white)](https://discord.gg/U3Gvr54VRp)\n[![Kubernetes](https://img.shields.io/badge/v1.27-blue?style=for-the-badge\u0026logo=kubernetes\u0026logoColor=white)](https://www.talos.dev/)\n[![Documentation](https://img.shields.io/badge/documentation-green?\u0026style=for-the-badge)][0]\n\n\n\u003c/div\u003e\n\u003cbr\u003e\u003cbr\u003e\n\nšŸ‘‹ Welcome to my Home Operations repository. This is a mono repository for my home office infrastructure. I try to adhere to Infrastructure as Code (IaC) and GitOps practices using the tools like [Ansible](https://www.ansible.com/), [Terraform](https://www.terraform.io/), [Kubernetes](https://kubernetes.io/), [Flux](https://github.com/fluxcd/flux2), [Renovate](https://github.com/renovatebot/renovate) and [GitHub Actions](https://github.com/features/actions).\n\nAlso check out [ramblurr/nixcfg](https://github.com/ramblurr/nixcfg) for my NixOS configuration for various hosts.\n\n---\n\n### šŸ“– Docs\n\nThe documentation that goes along with this repo can be found [in my HomeOps docs][0].\n\n---\n## ā˜ļø Cloud Dependencies\n\nWhile most of my infrastructure and workloads are selfhosted I do rely upon the cloud for certain key parts of my setup. This saves me from having to worry about two things. (1) Dealing with chicken/egg scenarios and (2) services I critically need whether my cluster is online or not.\n\nThe alternative solution to these two problems would be to host a Kubernetes cluster in the cloud and deploy applications like [HCVault](https://www.vaultproject.io/), [Vaultwarden](https://github.com/dani-garcia/vaultwarden), [ntfy](https://ntfy.sh/), and [Gatus](https://gatus.io/). However, maintaining another cluster and monitoring another group of workloads is a lot more time and effort than I am willing to put in.\n\n| Service | Use | Cost |\n|----------------------------------------------|----------------------------------------------------------------------------|----------------|\n| [1Password](https://1password.com/) | Family Plan. Secrets with [External Secrets](https://external-secrets.io/) | ~$72/yr |\n| [Cloudflare](https://www.cloudflare.com/) | DNS management, Argo Tunnels and R2 | ~$30/yr |\n| [GitHub](https://github.com/) | Hosting this repository and continuous integration/deployments | Free |\n| [Migadu](https://migadu.com/) | Email hosting, personal, family, and business | ~$90/yr |\n| [NextDNS](https://nextdns.io/) | My downstream DNS server which includes AdBlocking | ~$20/yr |\n| [Pushover](https://pushover.net/) | Kubernetes Alerts and application notifications | Free |\n| [Terraform Cloud](https://www.terraform.io/) | Storing Terraform state | Free |\n| | | Total: ~$18/mo |\n\n---\n## ā›µ Kubernetes\n\nThere is a template over at [onedr0p/flux-cluster-template](https://github.com/onedr0p/flux-cluster-template) if you wanted to try and follow along with some of the practices I use here. Though my setup is custom and doesn't follow the template that closely.\n\n### Installation\n\nMy cluster is [Talos](https://www.talos.dev/) provisioned overtop my Proxmox\ncluster. This is a semi hyper-converged cluster, workloads and block storage\nare sharing the same available resources on my nodes while I have a [separate\nNAS](https://notes.binaryelysium.com/HomeOps/NAS/) for (NFS) file storage.\n\nšŸ”ø _[Click here](./ansible/) to see my Ansible playbooks and roles._\n\n### Core Components\n\n- [actions-runner-controller](https://github.com/actions/actions-runner-controller): self-hosted Github runners\n- [cilium](https://github.com/cilium/cilium): internal Kubernetes networking plugin\n- [cert-manager](https://cert-manager.io/docs/): creates SSL certificates for services in my cluster\n- [external-dns](https://github.com/kubernetes-sigs/external-dns): automatically syncs DNS records from my cluster ingresses to a DNS provider\n- [external-secrets](https://github.com/external-secrets/external-secrets/): managed Kubernetes secrets using [1Password Connect](https://github.com/1Password/connect).\n- [ingress-nginx](https://github.com/kubernetes/ingress-nginx/): ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer\n- [rook](https://github.com/rook/rook): distributed block storage for persistent storage. I use a Ceph cluster external to the cluster, running on Proxmox.\n- [sops](https://toolkit.fluxcd.io/guides/mozilla-sops/): managed secrets for Kubernetes, Ansible and Terraform which are commited to Git\n- [volsync](https://github.com/backube/volsync) and [snapscheduler](https://github.com/backube/snapscheduler): backup and recovery of persistent volume claims\n\n### GitOps\n\n[Flux](https://github.com/fluxcd/flux2) watches my [k8s/k8s-prod](./k8s/k8s-prod/) folder (see Directories below) and makes the changes to my cluster based on the YAML manifests.\n\nThe way Flux works for me here is it will recursively search the\n[k8s/k8s-prod/workloads](./k8s/k8s-prod/workloads) folder until it finds the\nmost top level `kustomization.yaml` per directory and then apply all the\nresources listed in it. That aforementioned `kustomization.yaml` will generally\nonly have a namespace resource and one or many Flux kustomizations. Those Flux\nkustomizations will generally have a `HelmRelease` or other resources related to\nthe application underneath it which will be applied.\n\n[Renovate](https://github.com/renovatebot/renovate) watches my **entire**\nrepository looking for dependency updates, when they are found a PR is\nautomatically created. When some PRs are merged\n[Flux](https://github.com/fluxcd/flux2) applies the changes to my cluster.\n\n### Directories\n\nThis Git repository contains the following directories under [kubernetes](./kubernetes/).\n\n```sh\nšŸ“ k8s/k8s-prod # Kubernetes cluster defined as code\nā”œā”€šŸ“ bootstrap # Flux installation\nā”œā”€šŸ“ flux # Main Flux configuration of repository\nā””ā”€šŸ“ workloads # Apps deployed into my cluster grouped by namespace\n```\n---\n## šŸŒ DNS\n\n### Home DNS\n\nI have two Raspberry PI 3s running CoreDNS that serve as the main DNS provider for my network. In my k8s cluster `external-dns` is deployed with the `RFC2136` provider which syncs DNS records to `bind9`.\n\nFor downstream DNS I use [NextDNS](https://nextdns.io/) which provides adblocking.\n\n### Public DNS\n\nOutside the `external-dns` instance mentioned above another instance is deployed\nin my cluster and configure to sync DNS records to\n[Cloudflare](https://www.cloudflare.com/). The only ingresses this\n`external-dns` instance looks at to gather DNS records to put in `Cloudflare`\nare ones that have an ingress class name of `external` and an ingress annotation\nof `external-dns.alpha.kubernetes.io/target`.\n\n---\n\n### :handshake: Thanks\n\nThanks to all the people who donate their time to the [Kubernetes @Home](https://discord.gg/k8s-at-home) Discord community. A lot of inspiration for my cluster comes from the people that have shared their clusters using the [k8s-at-home](https://github.com/topics/k8s-at-home) GitHub topic. Be sure to check out the [Kubernetes @Home search](https://nanne.dev/k8s-at-home-search/) for ideas on how to deploy applications or get ideas on what you can deploy.\n\nAnd also a big thanks to the great community from the [Self-Hosted Podcast](https://www.jupiterbroadcasting.com/show/self-hosted/) (and Jupiter Broadcasting in general!). It's a friendly community of FOSS, Linux, Self-Hosting advocates.\n\n---\n\n## šŸ¤” Still interested?\n\n[:arrow_right: Go check out my docs site!](https://notes.binaryelysium.com/HomeOps) It has tons more info.\n\n---\n\n### šŸ” License\n\nDifferent parts of this repo have different licenses. Refer to the LICENSE file in the various subdirectories.\n\n[0]: https://notes.binaryelysium.com/HomeOps/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRamblurr%2Fhome-ops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FRamblurr%2Fhome-ops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FRamblurr%2Fhome-ops/lists"}