{"id":13820334,"url":"https://github.com/axeII/home-ops","last_synced_at":"2025-05-16T07:33:58.923Z","repository":{"id":37011192,"uuid":"383553362","full_name":"axeII/home-ops","owner":"axeII","description":"A repository for HomeOps where I perform Infrastructure as Code (IaC) and GitOps practices.","archived":false,"fork":false,"pushed_at":"2025-05-10T20:11:28.000Z","size":5061,"stargazers_count":46,"open_issues_count":23,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-10T20:29:17.244Z","etag":null,"topics":["cert-manager","flux","k8s-at-home","kube-vip","kubernetes","sops","talos"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"wtfpl","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/axeII.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-07-06T17:45:25.000Z","updated_at":"2025-05-10T20:10:38.000Z","dependencies_parsed_at":"2024-01-15T13:57:29.255Z","dependency_job_id":"7b904f54-c7f8-4af8-97e3-9facea3b6bfb","html_url":"https://github.com/axeII/home-ops","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/axeII%2Fhome-ops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/axeII%2Fhome-ops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/axeII%2Fhome-ops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/axeII%2Fhome-ops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/axeII","download_url":"https://codeload.github.com/axeII/home-ops/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254488795,"owners_count":22079499,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cert-manager","flux","k8s-at-home","kube-vip","kubernetes","sops","talos"],"created_at":"2024-08-04T08:01:01.578Z","updated_at":"2025-05-16T07:33:58.912Z","avatar_url":"https://github.com/axeII.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"# Home Operations\n\n\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"https://i.imgur.com/gdvBkNE.png\" align=\"center\" width=\"144px\" height=\"144px\"/\u003e\n\n### HomeOps repo managed by k8s :wheel_of_dharma:\n\n_... automated via [Flux](https://github.com/fluxcd/flux2), [Renovate](https://github.com/renovatebot/renovate) and [GitHub Actions](https://github.com/features/actions)_ :robot:\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![Discord](https://img.shields.io/discord/673534664354430999?style=for-the-badge\u0026label\u0026logo=discord\u0026logoColor=white\u0026color=blue)](https://discord.gg/home-operations)\u0026nbsp;\u0026nbsp;\n[![Talos](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.juno.moe%2Ftalos_version\u0026style=for-the-badge\u0026logo=talos\u0026logoColor=white\u0026color=blue\u0026label=%20)](https://talos.dev)\u0026nbsp;\u0026nbsp;\n[![Kubernetes](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.juno.moe%2Fkubernetes_version\u0026style=for-the-badge\u0026logo=kubernetes\u0026logoColor=white\u0026color=blue\u0026label=%20)](https://kubernetes.io)\u0026nbsp;\u0026nbsp;\n[![Flux](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.juno.moe%2Fflux_version\u0026style=for-the-badge\u0026logo=flux\u0026logoColor=white\u0026color=blue\u0026label=%20)](https://fluxcd.io)\u0026nbsp;\u0026nbsp;\n[![Renovate](https://img.shields.io/github/actions/workflow/status/axeII/home-ops/renovate.yaml?branch=main\u0026label=\u0026logo=renovatebot\u0026style=for-the-badge\u0026color=blue)](https://github.com/axeII/home-ops/actions/workflows/renovate.yaml)\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![Home-Internet](https://img.shields.io/endpoint?url=https%3A%2F%2Fhealthchecks.io%2Fb%2F2%2Fd7bbc17d-0348-4fbf-9db6-946c4b7d5bf0.shields\u0026style=for-the-badge\u0026logo=ubiquiti\u0026logoColor=white\u0026label=Home%20Internet)](https://github.com/axeII/home-ops/blob/main/README.md#file_cabinet-hardware)\u0026nbsp;\u0026nbsp;\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white\u0026style=for-the-badge)](https://github.com/pre-commit/pre-commit)\u0026nbsp;\u0026nbsp;\n[![Alertmanager](https://img.shields.io/endpoint?url=https%3A%2F%2Fhealthchecks.io%2Fb%2F2%2Fdee68f60-ad66-463a-abba-83edca016e68.shields\u0026style=for-the-badge\u0026logo=prometheus\u0026logoColor=white\u0026label=Alertmanager)](https://github.com/axeII/home-ops/blob/main/README.md)\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![Age-Days](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.juno.moe%2Fcluster_age_days\u0026style=flat-square\u0026label=Age)](https://github.com/kashalls/kromgo)\u0026nbsp;\u0026nbsp;\n[![Uptime-Days](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.juno.moe%2Fcluster_uptime_days\u0026style=flat-square\u0026label=Uptime)](https://github.com/kashalls/kromgo)\u0026nbsp;\u0026nbsp;\n[![Node-Count](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.juno.moe%2Fcluster_node_count\u0026style=flat-square\u0026label=Nodes)](https://github.com/kashalls/kromgo)\u0026nbsp;\u0026nbsp;\n[![Pod-Count](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.juno.moe%2Fcluster_pod_count\u0026style=flat-square\u0026label=Pods)](https://github.com/kashalls/kromgo)\u0026nbsp;\u0026nbsp;\n[![CPU-Usage](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.juno.moe%2Fcluster_cpu_usage\u0026style=flat-square\u0026label=CPU)](https://github.com/kashalls/kromgo)\u0026nbsp;\u0026nbsp;\n[![Memory-Usage](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.juno.moe%2Fcluster_memory_usage\u0026style=flat-square\u0026label=Memory)](https://github.com/kashalls/kromgo)\u0026nbsp;\u0026nbsp;\n[![Power-Usage](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.juno.moe%2Fcluster_power_usage\u0026style=flat-square\u0026label=Power)](https://github.com/kashalls/kromgo)\n\n\u003c/div\u003e\n\n---\n\n## πŸ“– Overview\n\nHere, I perform DevOps best practices but at home. Check out the hardware section where I describe what sort of hardware I am using. Thanks to Ansible, it's very easy for me to manage my home infrastructure and the cluster. I try to adhere to Infrastructure as Code (IaC) and GitOps practices using tools like [Kubernetes](https://github.com/kubernetes/kubernetes), [Flux](https://github.com/fluxcd/flux2), [Renovate](https://github.com/renovatebot/renovate) and [GitHub Actions](https://github.com/features/actions).\n\n![Alt](https://repobeats.axiom.co/api/embed/ac9d545da659ac0aa72d1a74c05aa89fed08418b.svg \"Repobeats analytics image\")\n\n## β›΅ Kubernetes\n\nThere is a template over at [onedr0p/cluster-template](https://github.com/onedr0p/cluster-template) if you wanted to try and follow along with some of the practices I use here.\n\n### Installation\n\nMy cluster has been migrated from a k3s/Longhorn setup to Talos with Rook Ceph. First of all, Talos is fantasticβ€”I highly recommend it to anyone seeking a lightweight Kubernetes distribution. Currently, I’m running one node with the e1000 driver, while the second node lacks a reliable primary disk, so the cluster is operating in single-controller mode with two worker nodes. In the future, I plan to upgrade the setup to include three controller nodes.\n\nThe main reason I switched to Rook Ceph is that Longhorn felt less stable and is still under active development. I decided it was time to give Rook Ceph a try.\n\n### Core Components\n\n- [cert-manager](https://cert-manager.io/) - SSL certificates - with Cloudflare DNS challenge\n- [cillium](https://github.com/cilium/cilium) - CNI for k8s\n- [cloudflared](https://github.com/cloudflare/cloudflared): Enables Cloudflare secure access to my ingresses.\n- [external-dns](https://github.com/kubernetes-sigs/external-dns): Automatically syncs ingress DNS records to a DNS provider.\n- [external-secrets](https://github.com/external-secrets/external-secrets): Managed Kubernetes secrets using [1Password Connect](https://github.com/1Password/connect).\n- [flux](https://toolkit.fluxcd.io/) - GitOps tool for deploying manifests from the `cluster` directory\n- [ingress-nginx](https://github.com/kubernetes/ingress-nginx): Kubernetes ingress controller using NGINX as a reverse proxy and load balancer.\n- [k8s_gateway](https://github.com/ori-edge/k8s_gateway) - DNS resolver for all types of external Kubernetes resources\n- [kube-vip](https://kube-vip.io) - layer 2 load balancer for the Kubernetes control plane\n- [rook-ceph](https://rook.io) - storage class provider for data persistence\n- [reflector](https://github.com/emberstack/kubernetes-reflector) - mirror configmaps or secrets to other Kubernetes namespaces\n- [reloader](https://github.com/stakater/Reloader) - restart pods when Kubernetes `configmap` or `secret` changes\n- [sops](https://github.com/getsops/sops): Managed secrets for Kubernetes which are committed to Git.\n- [spegel](https://github.com/spegel-org/spegel): Stateless cluster local OCI registry mirror.\n\n### ☸ GitOps\n\n[Flux](https://github.com/fluxcd/flux2) watches my [kubernetes](./kubernetes) folder (see Directories below) and makes the changes to my cluster based on the YAML manifests.\n\nThe way Flux works for me here is it will recursively search the [kubernetes/apps](./kubernetes/apps) folder until it finds the most top level `kustomization.yaml` per directory and then apply all the resources listed in it. That aforementioned `kustomization.yaml` will generally only have a namespace resource and one or many Flux kustomizations. Those Flux kustomizations will generally have a `HelmRelease` or other resources related to the application underneath it which will be applied.\n\n[Renovate](https://github.com/renovatebot/renovate) watches my **entire** repository looking for dependency updates, when they are found a PR is automatically created. When some PRs are merged [Flux](https://github.com/fluxcd/flux2) applies the changes to my cluster.\n\n### Directories\n\nThis Git repository contains the following directories under [kubernetes](./kubernetes).\n\n```sh\nπŸ“ kubernetes # Kubernetes cluster defined as code\nβ”œβ”€πŸ“ bootstrap # Flux installation\nβ”œβ”€πŸ“ flux # Main Flux configuration of repository\nβ””β”€πŸ“ apps # Apps deployed into my cluster grouped by namespace (see below)\n```\n\n### :file_cabinet: Hardware\n\nMy homelab runs on the following hardware (all k8s nodes are running on ubuntu 20.04):\n\n\u003c!-- textlint-disable --\u003e\n\n| Device | OS Disk Size | Data Disk Size | Ram | Purpose |\n| ------------------------------ | ---------------- | -------------- | ---- | ---------------------------------------- |\n| k8s-2 (Intel NUC) | 1TB SSD SATA | 250GB NVMe | 32GB | Talos node |\n| k8s-1 (Udoo Bolt V8 AMD Ryzen) | eMMC 30GB | 250GB NVMe | 32GB | Talos node |\n| k8s-0 (VM) | 250GB NVMe SCSi | 250GB NVMe | 32GB | Talos node with Nvidia GPU and NVMe Disk |\n| TRUENAS | ZFS raidz 1 40TB | 4x10TB HDD | 64GB | Storage |\n| Unifi UDM Pro | SSD 14GB | HDD 1TB | 4GB | Router and security Gateway |\n| Unifi Switch 16 PoE | N/A | N/A | N/A | Switch with 802.3at PoE+ ports |\n| Database Server | 20GB | N/A | 2GB | Database |\n| Offsite Machine | 60 GB | 8TB | 8GB | Backup offsite vm |\n\n\u003c!-- textlint-enable --\u003e\n\n### πŸ“° Blog post\n\nFeel free to checkout my blog [axell.dev](https://axell.dev) which is also [open source](https://github.com/axeII/my-blog)!\nI also have made a blog post about HW, what were my choices... which ones were good and which ones were bad. [Click here](https://axell.dev/favorite/my-home-lab/).\n\n## 🀝 Gratitude and Thanks\n\nI am proud to be a member of the home operations (previously k8s-at-home) community! I received a lot of help and inspiration for my Kubernetes cluster from this community which helped a lot. Thanks! :heart:\n\nIf you are interested in running your own k8s cluster at home, I highly recommend you to check out the [k8s-at-home](https://k8s-at-home.com) website.\n\nBe sure to check out [kubesearch.dev](https://kubesearch.dev) for ideas on how to deploy applications or get ideas on what you may deploy.\n\n## πŸ” License\n\nSee [LINCENSE](https://raw.githubusercontent.com/axeII/home-ops/refs/heads/main/LICENCE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FaxeII%2Fhome-ops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FaxeII%2Fhome-ops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FaxeII%2Fhome-ops/lists"}