{"id":43717149,"url":"https://github.com/kn-lim/homelab","last_synced_at":"2026-02-05T07:33:56.255Z","repository":{"id":335971786,"uuid":"1147593756","full_name":"kn-lim/homelab","owner":"kn-lim","description":"A Homelab powered by Kubernetes, ArgoCD and Terraform","archived":false,"fork":false,"pushed_at":"2026-02-02T06:17:47.000Z","size":56,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-02-02T15:26:44.883Z","etag":null,"topics":["argocd","gitops","home-operations","homelab","k8s-at-home","kubernetes","talos","terraform","terragrunt"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kn-lim.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-02T01:07:57.000Z","updated_at":"2026-02-02T06:17:50.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/kn-lim/homelab","commit_stats":null,"previous_names":["kn-lim/homelab"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/kn-lim/homelab","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kn-lim%2Fhomelab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kn-lim%2Fhomelab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kn-lim%2Fhomelab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kn-lim%2Fhomelab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kn-lim","download_url":"https://codeload.github.com/kn-lim/homelab/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kn-lim%2Fhomelab/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29115600,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T05:31:32.482Z","status":"ssl_error","status_checked_at":"2026-02-05T05:31:29.075Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["argocd","gitops","home-operations","homelab","k8s-at-home","kubernetes","talos","terraform","terragrunt"],"created_at":"2026-02-05T07:33:56.181Z","updated_at":"2026-02-05T07:33:56.235Z","avatar_url":"https://github.com/kn-lim.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Homelab\n\n![Talos](https://img.shields.io/badge/talos-v1.12.2-FF7300?logo=talos\u0026logoColor=white)\n![Kubernetes](https://img.shields.io/badge/kubernetes-v1.35.0-326CE5?logo=kubernetes\u0026logoColor=white)\n\nA definitely over-engineered, but good enough homelab that handles my home infrastructure and Kubernetes cluster.\n\n## Purpose\n\nI had two goals in mind for this homelab:\n\n1. Learn and implement enterprise-grade systems and patterns\n2. Repurpose old hardware\n\n## Features\n\nA Kubernetes cluster deployed with [Talos Linux](https://github.com/siderolabs/talos) and [ArgoCD](https://github.com/argoproj/argo-cd) using [GitHub](https://github.com) as the Git provider, [1Password](https://1password.com) to manage secrets and [Tailscale](https://tailscale.com/) as the primary way for application access.\n\nThis repository is managed by [mise](https://github.com/jdx/mise) and [pre-commit](https://github.com/pre-commit/pre-commit) to ensure a standardized environment, alongside [Renovate](https://github.com/apps/renovate) to automate dependency management.\n\n[Task](https://github.com/go-task/task) and [gomplate](https://github.com/hairyhenderson/gomplate) are used to generate Kubernetes manifests and Terragrunt HCL files for values to be centrally managed and easily modifiable.\n\n**Core Components**:\n\n- [argocd](https://github.com/argoproj/argo-cd)\n- [cilium](https://github.com/cilium/cilium)\n- [coredns](https://github.com/coredns/coredns)\n- [external secrets](https://github.com/external-secrets/external-secrets)\n- [grafana](https://github.com/grafana/grafana)\n- [kubelet-serving-cert-approver](https://github.com/alex1989hu/kubelet-serving-cert-approver)\n- [local-path-provisioner](https://github.com/rancher/local-path-provisioner)\n- [metrics server](https://github.com/kubernetes-sigs/metrics-server)\n- [prometheus](https://github.com/prometheus-community/helm-charts/)\n- [reloader](https://github.com/stakater/Reloader)\n- [tailscale kubernetes operator](https://github.com/tailscale/tailscale/)\n- [tsidp](https://github.com/tailscale/tsidp)\n\n### ArgoCD\n\n[ArgoCD](https://github.com/argoproj/argo-cd) is the GitOps platform for my homelab and is deployed using Kustomize and Helm.\n\nThe ApplicationSet in [`kubernetes/overlays/homelab/prod/argo/argocd/homelab-applicationset.yaml`](https://github.com/kn-lim/homelab/blob/main/kubernetes/overlays/homelab/prod/argo/argocd/homelab-applicationset.yaml) generates all ArgoCD Applications and must be defined there.\n\n### Terragrunt\n\nTalos Linux is managed with [Terragrunt](https://github.com/gruntwork-io/terragrunt) using the official [Talos Linux Terraform provider](https://github.com/siderolabs/terraform-provider-talos).\n\nThe [talos](https://github.com/kn-lim/homelab/tree/main/terraform/_modules/talos) Terraform module contains config patches that are taken from either the official [Talos Linux documentation](https://docs.siderolabs.com/talos/), [onedr0p/cluster-template](https://github.com/onedr0p/cluster-template), [ajaykumar4/cluster-template](https://github.com/ajaykumar4/cluster-template) or specifically added for my homelab.\n\nThe [talos stack](https://github.com/kn-lim/homelab/blob/main/terraform/homelab/_stacks/talos/terragrunt.stack.hcl) bootstraps the Talos Linux instance, saves the `kubeconfig` and `talosconfig` files using [hooks](https://terragrunt.gruntwork.io/docs/features/hooks/), then creates resources to prepare the kubernetes cluster for deployments.\n\n### Tailscale\n\n[Tailscale](https://tailscale.com/) is used as the VPN to connect my devices and applications together. The [tailscale kubernetes operator](https://github.com/tailscale/tailscale/) allows my devices to access services within the kubernetes cluster, so that nothing is exposed to the public.\n\nAs Tailscale can be used to authenticate users, [tsidp](https://github.com/tailscale/tsidp) acts as the identity provider for any application that allows for SSO.\n\n## Deploying the Cluster\n\n### Requirements\n\n#### Environment Variables\n\n| Name | Description |\n| - | - |\n| `AWS_ACCESS_KEY_ID` | AWS Access Key ID |\n| `AWS_SECRET_ACCESS_KEY` | AWS Secret Access Key |\n| `GRAFANA_AUTH` | Grafana Service Account Token |\n| `GRAFANA_URL` | Grafana URL |\n| `KUBECONFIG` | Kubernetes Config File Path |\n| `OP_SERVICE_ACCOUNT_TOKEN` | 1Password Service Account Token |\n| `TALOSCONFIG` | Talos Linux Config File Path |\n| `TG_BUCKET` | AWS S3 Bucket Name for Terraform Backend |\n\n#### 1Password Secrets\n\n| Name | Description |\n| - | - |\n| `argocd-ssh` | ArgoCD SSH Credentials for GitHub Access |\n| `op-sa-kubernetes-token` | 1Password Kubernetes Service Account Token |\n| `tailscale-kubernetes-operator` | Tailscale Kubernetes Operator Credentials |\n| `tsidp-*` | Tailscale IDP Client Credentials |\n\n### Procedure\n\n0. Fill out `clusters.yaml` and run `task template:generate` to generate all templated files.\n1. Run `terragrunt stack generate` in `terraform/homelab/prod/talos` to generate the stack files.\n2. Run `terragrunt apply` in `terraform/homelab/prod/talos/generated/.terragrunt-stack/talos/.terragrunt-stack/talos` once the Talos Linux instance is waiting to be bootstrapped.\n - This will create a `homelab-prod.kubeconfig` and `homelab-prod.talosconfig` in the repository's root level.\n3. Once the Talos Linux instance reboots, run `task kubernetes:build-apply` in `kubernetes/bases/namespaces` to create the required namespaces.\n4. Run `terragrunt stack run apply` in `terraform/homelab/prod/talos` to finish the rest of the Talos Linux deployment.\n3. Run `task kubernetes:build-apply` in `kubernetes/overlays/homelab/prod/kube-system/coredns` to install CoreDNS.\n4. Run `task kubernetes:build-apply` in `kubernetes/overlays/homelab/prod/kube-system/cilium` to install Cilium.\n5. Run `task kubernetes:build-apply` in `kubernetes/overlays/homelab/prod/cluster-services/kubelet-serving-cert-approver` to install kubelet-serving-cert-approver.\n6. Run `task kubernetes:build-apply` in `kubernetes/overlays/homelab/prod/cluster-services/local-path-provisioner` to install local-path-provisioner.\n7. Run `task kubernetes:build-apply` in `kubernetes/overlays/homelab/prod/cluster-services/external-secrets` to install External Secrets.\n8. Run `task kubernetes:build-apply` in `kubernetes/overlays/homelab/prod/tailscale/tailscale-operator` to install Tailscale Kubernetes Operator.\n9. Run `task kubernetes:build-apply` in `kubernetes/overlays/homelab/prod/tailscale/tsidp` to install tsidp.\n10. Update `clusters.yaml` with the new `ts-dns` nameserver IP address.\n11. Run `task kubernetes:build-apply` in `kubernetes/overlays/homelab/prod/argo/argocd` to install ArgoCD and all other applications.\n\n## Directories\n\nThis repository uses the following directory structure that are strictly followed:\n\n```\nconfigs/ # reusable config files\ndocs/ # documentation\nkubernetes/\n├─ bases/ # kustomize bases\n│ ├─ applications/\n├─ overlays/ # kustomize overlays\n│ ├─ cluster/\n│ │ ├─ environment/\n│ │ │ ├─ namespace/\n│ │ │ │ ├─ applications/\n│ │ │ │ │ ├─ generated/ # generated files\nterraform/\n├─ _modules/ # terraform modules\n├─ _stacks/ # terragrunt stacks\n├─ _units/ # terragrunt units\n├─ platform/\n│ ├─ region/\n│ │ ├─ applications/\n│ │ │ ├─ generated/ # generated files\n```\n\n## Hardware\n\n| Device | Specs | OS | Function |\n| - | - | - | - |\n| Desktop - `proxmox` | AMD Ryzen 5 5600X, 64GB RAM | Proxmox VE | Hypervisor |\n| Linksys Velop | - | - | Access Points |\n| UniFi Cloud Gateway Ultra | - | - | Router and Firewall |\n\n| Node | Specs | OS | Host | Function |\n| - | - | - | - | - |\n| VM - `homelab` | 6 CPU, 40GB RAM | Talos Linux | `proxmox` | Control Plane Node |\n\n## Goals\n\n- [x] Use [Terragrunt Stacks](https://terragrunt.gruntwork.io/docs/features/stacks/)\n- [ ] [Argo Events](https://github.com/argoproj/argo-events) to handle Webhooks\n- [ ] [Argo Workflows](https://github.com/argoproj/argo-workflows) for CI/CD\n- [ ] Setup Monitoring and Alerts for all Services\n- [ ] Setup Homelab Development Cluster\n- [ ] Setup [Kargo](https://github.com/akuity/kargo)\n- [ ] Setup a NAS\n\n## Thanks\n\nThis repo is heavily based on the work of [onedr0p/cluster-template](https://github.com/onedr0p/cluster-template) and [ajaykumar4/cluster-template](https://github.com/ajaykumar4/cluster-template). I highly recommend taking a look at those repos if you're interested in setting up a homelab of your own.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkn-lim%2Fhomelab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkn-lim%2Fhomelab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkn-lim%2Fhomelab/lists"}