{"id":13821396,"url":"https://github.com/binaryn3xus/HomeOps","last_synced_at":"2025-05-16T12:33:31.575Z","repository":{"id":65313089,"uuid":"583163697","full_name":"binaryn3xus/HomeOps","owner":"binaryn3xus","description":"A mono repository for my home infrastructure and Kubernetes cluster which adheres to Infrastructure as Code (IaC) and GitOps practices where possible","archived":false,"fork":false,"pushed_at":"2025-05-12T03:27:30.000Z","size":43871,"stargazers_count":19,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-05-12T04:29:22.392Z","etag":null,"topics":["flux","gitops","hacktoberfest","home-operations","kubernetes","renovate","self-hosted","talos"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/binaryn3xus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-12-29T00:39:30.000Z","updated_at":"2025-05-12T03:27:07.000Z","dependencies_parsed_at":"2023-09-21T18:10:00.585Z","dependency_job_id":"25b243ad-0689-44ad-b66e-952e5b1f1819","html_url":"https://github.com/binaryn3xus/HomeOps","commit_stats":null,"previous_names":[],"tags_count":107,"template":false,"template_full_name":"onedr0p/cluster-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binaryn3xus%2FHomeOps","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binaryn3xus%2FHomeOps/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binaryn3xus%2FHomeOps/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binaryn3xus%2FHomeOps/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/binaryn3xus","download_url":"https://codeload.github.com/binaryn3xus/HomeOps/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254530696,"owners_count":22086665,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flux","gitops","hacktoberfest","home-operations","kubernetes","renovate","self-hosted","talos"],"created_at":"2024-08-04T08:01:21.199Z","updated_at":"2025-05-16T12:33:26.558Z","avatar_url":"https://github.com/binaryn3xus.png","language":"JavaScript","funding_links":[],"categories":["YAML"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"https://github.com/binaryn3xus/HomeOps/blob/main/docs/images/logo.png\" align=\"center\" width=\"144px\" height=\"144px\"/\u003e\n\n### My Home Operations Repository :octocat:\n\n_... managed with Flux, SOPS and GitHub Actions_ šŸ¤–\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![Kubernetes](https://img.shields.io/badge/v1.30-blue?style=for-the-badge\u0026logo=kubernetes\u0026logoColor=white)](https://k3s.io/)\n\n[![Plex](https://img.shields.io/uptimerobot/status/m792627751-0264dfd72c060e8b390e6398?logo=plex\u0026logoColor=white\u0026color=brightgreeen\u0026label=Plex\u0026style=for-the-badge)](https://plex.tv)\n[![Home-Assistant](https://img.shields.io/uptimerobot/status/m792627687-253e54a4fb0305d78f746aef?logo=homeassistant\u0026logoColor=white\u0026color=brightgreeen\u0026label=Home%20Assistant\u0026style=for-the-badge)](https://www.home-assistant.io/)\n\n\u003c/div\u003e\n\n---\n\n## šŸ“– Overview\n\nThis is a mono repository for my home infrastructure and Kubernetes cluster. I try to adhere to Infrastructure as Code (IaC) and GitOps practices using the tools like [Ansible](https://www.ansible.com/), [Kubernetes](https://kubernetes.io/), [Flux](https://github.com/fluxcd/flux2), [Renovate](https://github.com/renovatebot/renovate) and [GitHub Actions](https://github.com/features/actions).\n\n---\n\n## ā›µ Kubernetes\n\n### Installation\n\nMy Kubernetes cluster is deploy with [Talos](https://www.talos.dev). This is a semi-hyper-converged cluster, workloads and block storage are sharing the same available resources on my nodes while I have a separate server with on my Synology NAS for storage for bulk file storage and backups.\n\n### Core Components\n\n\n- [actions-runner-controller](https://github.com/actions/actions-runner-controller): Self-hosted Github runners.\n- [cert-manager](https://github.com/cert-manager/cert-manager): Creates SSL certificates for services in my cluster.\n- [cilium](https://github.com/cilium/cilium): Internal Kubernetes container networking interface.\n- [cloudflared](https://github.com/cloudflare/cloudflared): Enables Cloudflare secure access to certain ingresses.\n- [external-dns](https://github.com/kubernetes-sigs/external-dns): Automatically syncs ingress DNS records to a DNS provider.\n- [external-secrets](https://github.com/external-secrets/external-secrets): Managed Kubernetes secrets using [Azure Keyvault](https://azure.microsoft.com/en-us/products/key-vault).\n- [ingress-nginx](https://github.com/kubernetes/ingress-nginx): Kubernetes ingress controller using NGINX as a reverse proxy and load balancer.\n- [rook](https://github.com/rook/rook): Distributed block storage for peristent storage.\n- [sops](https://github.com/getsops/sops): Managed secrets for Kubernetes and Terraform which are commited to Git.\n- [spegel](https://github.com/XenitAB/spegel): Stateless cluster local OCI registry mirror.\n- [teleport](https://goteleport.com/): Manage some network resources remotely\n- [tf-controller](https://github.com/weaveworks/tf-controller): Additional Flux component used to run Terraform from within a Kubernetes cluster.\n- [volsync](https://github.com/backube/volsync): Backup and recovery of persistent volume claims.\n\n### GitOps\n\n[Flux](https://github.com/fluxcd/flux2) watches my [kubernetes](./kubernetes/) folder (see Directories below) and makes the changes to my cluster based on the YAML manifests.\n\nThe way Flux works for me here is it will recursively search the [kubernetes/apps](./kubernetes/apps) folder until it finds the most top level `kustomization.yaml` per directory and then apply all the resources listed in it. That aforementioned `kustomization.yaml` will generally only have a namespace resource and one or many Flux kustomizations. Those Flux kustomizations will generally have a `HelmRelease` or other resources related to the application underneath it which will be applied.\n\n[Renovate](https://github.com/renovatebot/renovate) watches my **entire** repository looking for dependency updates, when they are found a PR is automatically created. When some PRs are merged [Flux](https://github.com/fluxcd/flux2) applies the changes to my cluster.\n\n### Directories\n\nThis Git repository contains the following directories under [kubernetes](./kubernetes/).\n\n```sh\nšŸ“ kubernetes # Kubernetes cluster defined as code\nā”œā”€šŸ“ apps # Apps deployed into my cluster grouped by namespace (see below)\nā”œā”€šŸ“ bootstrap # Flux installation\nā”œā”€šŸ“ flux # Main Flux configuration of repository\nā””ā”€šŸ“ templates # re-useable components\n```\n\n### šŸ“” Networking\n\n| Name | CIDR |\n|-----------------------|-------------------|\n| Server VLAN | `10.0.30.0/24` |\n| Kubernetes pods | `10.69.0.0/16` |\n| Kubernetes services | `10.96.0.0/16` |\n\n## ā˜ļø Cloud Dependencies\n\nWhile most of my infrastructure and workloads are selfhosted I do rely upon the cloud for certain key parts of my setup. This saves me from having to worry about two things. (1) Dealing with chicken/egg scenarios and (2) services I critically need whether my cluster is online or not.\n\n| Service | Use | Cost |\n|------------------------------------------------------------------------------|-------------------------------------------------------------------|------------------|\n| [GitHub](https://github.com/) | Hosting this repository and continuous integration/deployments | Free |\n| [Cloudflare](https://www.cloudflare.com/) | Domain, DNS and proxy management | Free |\n| [UptimeRobot](https://uptimerobot.com/) | Monitoring internet connectivity and external facing applications | Free |\n| [NextDNS Pro](https://nextdns.io/?from=wgggpc5h) | DNS with some ad-blocking and other features | ~$1.65.mo |\n| [Azure Key Vault](https://azure.microsoft.com/en-us/products/key-vault) | Secrets with [External Secrets](https://external-secrets.io/) | ~$0.10/mo |\n| | | Total: ~$1.75/mo |\n\n---\n\n## šŸŒ DNS\n\n### Home DNS\n\nUnifi with Ad-Blocking\n\n### Public DNS\n\nOutside the `external-dns` instance mentioned above another instance is deployed in my cluster and configured to sync DNS records to [Cloudflare](https://www.cloudflare.com/). The only ingress this `external-dns` instance looks at to gather DNS records to put in `Cloudflare` are ones that have an ingress class name of `external` and contain an ingress annotation `external-dns.alpha.kubernetes.io/target`.\n\n---\n\n## šŸ”§ Hardware\n\n| Model | RAM | OS Disk Size | Data Disk Size | Operating System | Purpose | Rack Location |\n| ------------------------------ | --------- | ------------ | -------------- | ----------------- | -------------------------- | ---------------- |\n| Dell Optiplex 7050 Micro | 16 GB | 500GB (SSD) | 1TB (NVMe) | Talos | Node 1 (K8s Control Plane) | 15U (Left) |\n| Dell Optiplex 7050 Micro | 16 GB | 500GB (SSD) | 1TB (NVMe) | Talos | Node 2 (K8s Control Plane) | 15U (Right) |\n| Dell Optiplex 7050 Micro | 16 GB | 500GB (NVMe) | 1TB (SSD) | Talos | Node 3 (K8s Worker) | 16U (Left) |\n| HP ProDesk 600 G3 Mini | 16 GB | 500GB (SSD) | 1TB (NVMe) | Talos | Node 4 (K8s Worker) | 17U (Right) |\n| HP ProDesk 600 G3 Mini | 16 GB | 500GB (SSD) | 1TB (NVMe) | Talos | Node 5 (K8s Control Plane) | 17U (Left) |\n| Dell Optiplex 3060 Micro | 16 GB | 500GB (SSD) | 1TB (NVMe) | Talos | Node 6 (K8s Worker) | 16U (Right) |\n\n\n\n\u003cdetails\u003e\n \u003csummary\u003eClick to see the Full Home Ops Rack!\u003c/summary\u003e\n\n![ServerRack](/docs/images/ServerRack_20240429.jpg)\n\n\u003c/details\u003e\n\n---\n\n## šŸ¤ Gratitude and Thanks\n\nBig shout out to all the contributors to the [flux-cluster-template](https://github.com/onedr0p/flux-cluster-template) projects that we are using in this repository.\n\nCommunity member [onedr0p](https://github.com/onedr0p/) for initially creating this amazing template and providing me with additional help.\n\n---\n\n## šŸ“œ Changelog\n\nSee _awful_ [commit history](https://github.com/binaryn3xus/HomeOps/commits/main)\n\n---\n\n## šŸ” License\n\nSee [LICENSE](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbinaryn3xus%2FHomeOps","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbinaryn3xus%2FHomeOps","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbinaryn3xus%2FHomeOps/lists"}