{"id":18974428,"url":"https://github.com/cterence/homelab-gitops","last_synced_at":"2025-07-23T22:38:42.569Z","repository":{"id":38038600,"uuid":"458852372","full_name":"cterence/homelab-gitops","owner":"cterence","description":"My cluster managed by ArgoCD.","archived":false,"fork":false,"pushed_at":"2025-07-17T21:54:43.000Z","size":7625,"stargazers_count":23,"open_issues_count":1,"forks_count":3,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-18T00:14:42.318Z","etag":null,"topics":["argocd","gitops","helm","homelab","k8s","k8s-at-home","kubernetes","kubesearch","self-hosted"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cterence.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-02-13T15:40:54.000Z","updated_at":"2025-07-17T21:54:08.000Z","dependencies_parsed_at":"2024-01-17T17:54:17.635Z","dependency_job_id":"1eb50d01-eaa9-497d-819b-3a170fd84001","html_url":"https://github.com/cterence/homelab-gitops","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cterence/homelab-gitops","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cterence%2Fhomelab-gitops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cterence%2Fhomelab-gitops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cterence%2Fhomelab-gitops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cterence%2Fhomelab-gitops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cterence","download_url":"https://codeload.github.com/cterence/homelab-gitops/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cterence%2Fhomelab-gitops/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266761450,"owners_count":23980299,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-23T02:00:09.312Z","response_time":66,"last_error":null,"robots_txt_status":null,"robots_txt_updated_at":null,"robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argocd","gitops","helm","homelab","k8s","k8s-at-home","kubernetes","kubesearch","self-hosted"],"created_at":"2024-11-08T15:15:00.974Z","updated_at":"2025-07-23T22:38:42.544Z","avatar_url":"https://github.com/cterence.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🏠 homelab-gitops\n\n\u003cdiv style=\"display: flex; justify-content: left; flex-direction: row; align-items: center;\"\u003e\n\u003cdiv\u003e\u003cp\u003eMy Kubernetes cluster managed with ArgoCD.\u003c/p\u003e\u003cp\u003e\n\u003cimg alt=\"Health\" src=\"https://status.terence.cloud/api/v1/endpoints/_homelab/health/badge.svg\"\u003e\n\u003cimg alt=\"Uptime\" src=\"https://status.terence.cloud/api/v1/endpoints/_homelab/uptimes/7d/badge.svg\"\u003e\n\u003c/p\u003e\u003c/div\u003e\n\u003c/div\u003e\n\n## ⚙️ Hardware (2 nodes)\n\n| Device                    | Name     | Specs                                                                 | OS    | Role                       |\n|---------------------------|----------|-----------------------------------------------------------------------|-------|----------------------------|\n| Lenovo ThinkCentre M75q-2 | homelab2 | Ryzen 5 Pro 5650GE (6 core / 12 threads) / 24GB RAM / 256GB + 1TB SSD | NixOS | k8s controller+worker node |\n| Lenovo ThinkCentre M75q-2 | homelab3 | Ryzen 5 Pro 5650GE (6 core / 12 threads) / 24GB RAM / 256GB + 1TB SSD | NixOS | k8s worker node            |\n\nTo access my apps, I expose them directly on the internet with port-forwarding on my router.\n\n## ✨ Features\n\n- Kubernetes cluster deployed with [k0s](https://k0sproject.io/)\n- GitOps deployment with [ArgoCD](https://argo-cd.readthedocs.io/en/stable/) and [Helm](https://helm.sh/)\n- Simple flat directory structure: [argocd-apps](/argocd-apps/) contains ArgoCD applications deploying umbrella Helm charts in [k8s-apps](/k8s-apps/)\n- Fully automated HTTPS exposition using [cert-manager](https://cert-manager.io/), [external-dns](https://kubernetes-sigs.github.io/external-dns) and [ingress-nginx](https://kubernetes.github.io/ingress-nginx/)\n- Authentication of sensitive apps with [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/) with GitLab as an [OAuth2 provider](https://oauth2-proxy.github.io/oauth2-proxy/configuration/providers/gitlab/)\n- Free endpoint security using [Crowdsec](https://www.crowdsec.net/)\n- Secrets management with [external-secrets](https://external-secrets.io/latest/) and [GitLab CI/CD variables](https://external-secrets.io/latest/provider/gitlab-variables/)\n- Dynamic volume provisioning and synchronous replication across nodes with [Longhorn](https://longhorn.io/)\n- Offsite data backup using [Velero](https://velero.io/) and [Backblaze B2](https://www.backblaze.com/cloud-storage)\n- Easy Backblaze-to-disk backup synchronization with [Kopia](https://kopia.io/) and a [custom script](https://github.com/cterence/nixos-config/blob/c95b2c0713a2472b11b2060ed28f6d4de75208f0/hosts/homelab2/home.nix#L120)\n- PostgreSQL database management with [CloudNativePG](https://cloudnative-pg.io/)\n- Observability with [Prometheus](https://prometheus.io/), [Grafana](https://grafana.com/), [Loki](https://grafana.com/oss/loki/) and [Opentelemetry Collector](https://opentelemetry.io/docs/collector/)\n- Alerting with [Alertmanager](https://prometheus.io/docs/alerting/latest/alertmanager/) and a [Telegram Bot](https://prometheus.io/docs/alerting/latest/configuration/#telegram_config)\n- Thorough HTTP / PostgreSQL status checks with [go-healthcheck](https://github.com/cterence/go-healthcheck) and [Gatus](https://gatus.io/)\n- Automated updates with [Renovate](https://docs.renovatebot.com/) ([even linuxserver images!](/renovate.json5))\n- Any app you'd want to host! Currently, [Nextcloud](https://nextcloud.com/fr/), [Immich](https://immich.app/), [Paperless-ngx](https://docs.paperless-ngx.com/) and more (see below)\n\n## 💻 What's currently deployed in my cluster ?\n\nThis is an [automatically updated](.github/workflows/update-deployed-apps.yaml) list of the apps I have configured and/or deployed. Click on an app to check its Helm configuration.\n\n\u003c!-- BEGIN deployed-apps --\u003e\n| App | Description | Is deployed |\n| --- | --- | --- |\n| [argocd](./scripts/../k8s-apps/argocd) | Declarative, GitOps continuous delivery tool for Kubernetes | ✅ |\n| [arr-stack](./scripts/../k8s-apps/arr-stack) | Arr Stack | ✅ |\n| [attic](./scripts/../k8s-apps/attic) | Multi-tenant Nix Binary Cache | ✅ |\n| [blackbox-exporter](./scripts/../k8s-apps/blackbox-exporter) | Allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP, ICMP and gRPC | ✅ |\n| [calibre-web](./scripts/../k8s-apps/calibre-web) | Web app for browsing, reading and downloading eBooks stored in a Calibre database | ✅ |\n| [cert-manager](./scripts/../k8s-apps/cert-manager) | Automatically provision and manage TLS certificates in Kubernetes | ✅ |\n| [cloudnative-pg](./scripts/../k8s-apps/cloudnative-pg) | CloudNativePG is a comprehensive platform designed to seamlessly manage PostgreSQL databases within Kubernetes environments, covering the entire operational lifecycle from initial deployment to ongoing maintenance | ✅ |\n| [convertx](./scripts/../k8s-apps/convertx) | Self-hosted online file converter | ✅ |\n| [crowdsec](./scripts/../k8s-apps/crowdsec) | Open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI | ✅ |\n| [external-dns](./scripts/../k8s-apps/external-dns) | Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services | ✅ |\n| [external-secrets](./scripts/../k8s-apps/external-secrets) | External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets | ✅ |\n| [garage](./scripts/../k8s-apps/garage) | S3-compatible object store for small self-hosted geo-distributed deployments | ❌ |\n| [go-healthcheck](./scripts/../k8s-apps/go-healthcheck) | Simple HTTP healthchecks | ✅ |\n| [headscale](./scripts/../k8s-apps/headscale) | An open source, self-hosted implementation of the Tailscale control server | ❌ |\n| [home-assistant](./scripts/../k8s-apps/home-assistant) | Open source home automation that puts local control and privacy first | ✅ |\n| [homepage](./scripts/../k8s-apps/homepage) | A highly customizable homepage (or startpage / application dashboard) with Docker and service API integrations | ✅ |\n| [httpbin](./scripts/../k8s-apps/httpbin) | Echoes request data as JSON | ✅ |\n| [immich](./scripts/../k8s-apps/immich) | High performance self-hosted photo and video management solution | ✅ |\n| [ingress-nginx](./scripts/../k8s-apps/ingress-nginx) | Ingress-NGINX Controller for Kubernetes | ✅ |\n| [it-tools](./scripts/../k8s-apps/it-tools) | Collection of handy online tools for developers | ✅ |\n| [kube-prometheus-stack](./scripts/../k8s-apps/kube-prometheus-stack) | kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator | ✅ |\n| [loki](./scripts/../k8s-apps/loki) | Like Prometheus, but for logs | ✅ |\n| [longhorn](./scripts/../k8s-apps/longhorn) | Cloud-Native distributed storage built on and for Kubernetes | ✅ |\n| [mealie](./scripts/../k8s-apps/mealie) | Recipe manager and meal planner | ❌ |\n| [metallb](./scripts/../k8s-apps/metallb) | A network load-balancer implementation for Kubernetes using standard routing protocols | ✅ |\n| [microbin](./scripts/../k8s-apps/microbin) | A secure, configurable file-sharing and URL shortening web app | ✅ |\n| [mosquitto](./scripts/../k8s-apps/mosquitto) | Open source MQTT broker | ✅ |\n| [nextcloud](./scripts/../k8s-apps/nextcloud) | A safe home for all your data | ✅ |\n| [oauth2-proxy](./scripts/../k8s-apps/oauth2-proxy) | A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers | ✅ |\n| [opencloud](./scripts/../k8s-apps/opencloud) | Excellent file sharing | ✅ |\n| [opentelemetry-collector](./scripts/../k8s-apps/opentelemetry-collector) | Vendor-agnostic implementation on how to receive, process and export telemetry data | ✅ |\n| [opentelemetry-operator](./scripts/../k8s-apps/opentelemetry-operator) | Kubernetes Operator for OpenTelemetry Collector | ✅ |\n| [paperless-ngx](./scripts/../k8s-apps/paperless-ngx) | Scan, index and archive all your physical documents | ✅ |\n| [pocket-id](./scripts/../k8s-apps/pocket-id) | Simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services | ✅ |\n| [qtap](./scripts/../k8s-apps/qtap) | eBPF agent that captures pre-encrypted network traffic | ❌ |\n| [radicale](./scripts/../k8s-apps/radicale) | Free and Open-Source CalDAV and CardDAV Server | ❌ |\n| [reloader](./scripts/../k8s-apps/reloader) | A Kubernetes controller to watch changes in ConfigMap and Secrets and do rolling upgrades on Pods with their associated Deployment, StatefulSet, DaemonSet and DeploymentConfig | ✅ |\n| [satisfactory-server](./scripts/../k8s-apps/satisfactory-server) | Satisfactory server | ✅ |\n| [snapshot-controller](./scripts/../k8s-apps/snapshot-controller) | Implements the control loop for CSI snapshot functionality | ✅ |\n| [tailscale-operator](./scripts/../k8s-apps/tailscale-operator) | A Kubernetes Operator for Tailscale | ✅ |\n| [vaultwarden](./scripts/../k8s-apps/vaultwarden) | Unofficial Bitwarden compatible server written in Rust | ✅ |\n| [velero](./scripts/../k8s-apps/velero) | Backup and migrate Kubernetes applications and their persistent volumes | ✅ |\n| [versity-gw](./scripts/../k8s-apps/versity-gw) | High-performance S3 translation service | ✅ |\n| [zigbee2mqtt](./scripts/../k8s-apps/zigbee2mqtt) | Zigbee to MQTT bridge | ✅ |\n\u003c!-- END deployed-apps --\u003e\n\n## 🏗️ k0s quick install\n\nThe install assumes that all external secrets are [already created in a GitLab project as CI/CD variables](https://external-secrets.io/latest/provider/gitlab-variables/).\n\nStart the k0s cluster:\n\n```bash\ncd ~/homelab-gitops\nsudo k0s install controller --enable-worker -c ./k0s.yaml\nsudo k0s start\nsleep 5\nsudo k0s status\nsudo k0s kubeconfig admin \u003e ~/.kube/config\nkubectl taint nodes --all node-role.kubernetes.io/master-\n```\n\nCreate the GitLab token secret used by external-secrets:\n\n```bash\nkubectl create ns external-secrets\nkubectl apply -f -\napiVersion: v1\nkind: Secret\nmetadata:\n  name: gitlab-secret\n  namespace: external-secrets\ntype: Opaque\nstringData:\n  token: xxx\n```\n\nChange the token value and type `\u003cCtrl+D\u003e` `\u003cEnter\u003e` to create the secret.\n\nDeploy external-secrets and ArgoCD apps:\n\n```bash\ncd ../../k8s-apps/external-secrets \u0026\u0026 helm dependency update \u0026\u0026 helm template external-secrets -n external-secrets . | kubectl apply -n external-secrets -f -\nkubectl create ns argocd\ncd ../../k8s-apps/argocd \u0026\u0026 helm dependency update \u0026\u0026 helm template argocd . -n argocd | kubectl apply -n argocd -f -\nkubectl apply -f ../../argocd-apps/app-of-apps.yaml -n argocd\n```\n\nCluster should be ready!\n\n## 💣 Teardown\n\nSave the GitLab token secret\n\n  ```bash\n  kubectl get secret -n external-secrets gitlab-secret -o yaml \u003e gitlab-secret.yaml\n  ```\n\nTeardown the cluster\n\n  ```bash\n  sudo k0s stop\n  sudo k0s reset -v -d\n  ```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcterence%2Fhomelab-gitops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcterence%2Fhomelab-gitops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcterence%2Fhomelab-gitops/lists"}