{"id":18596363,"url":"https://github.com/macropower/homelab","last_synced_at":"2025-04-10T16:32:07.126Z","repository":{"id":61950824,"uuid":"313087258","full_name":"MacroPower/homelab","owner":"MacroPower","description":"IaC for my homelab \u0026 personal cloud.","archived":false,"fork":false,"pushed_at":"2025-04-10T01:47:48.000Z","size":4997,"stargazers_count":48,"open_issues_count":45,"forks_count":0,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-10T02:22:17.356Z","etag":null,"topics":["gitops","hetzner","k8s-at-home","kubernetes","renovate","selfhosted","talos","terraform"],"latest_commit_sha":null,"homepage":"","language":"Jsonnet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MacroPower.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-11-15T17:39:39.000Z","updated_at":"2025-04-10T01:47:51.000Z","dependencies_parsed_at":"2023-12-23T12:13:25.706Z","dependency_job_id":"67d688d3-aa7c-41f0-915a-8ca6c9ef653b","html_url":"https://github.com/MacroPower/homelab","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MacroPower%2Fhomelab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MacroPower%2Fhomelab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MacroPower%2Fhomelab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MacroPower%2Fhomelab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MacroPower","download_url":"https://codeload.github.com/MacroPower/homelab/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248252696,"owners_count":21072701,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gitops","hetzner","k8s-at-home","kubernetes","renovate","selfhosted","talos","terraform"],"created_at":"2024-11-07T01:24:03.074Z","updated_at":"2025-04-10T16:32:02.113Z","avatar_url":"https://github.com/MacroPower.png","language":"Jsonnet","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"#\"\u003e\u003cimg src=\"docs/img/k8shappy.png\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n  \u003csup\u003e\u003csup\u003e\n    Art by \u003ca href=\"https://twitter.com/SkeletalGadget\"\u003e@SkeletalGadget\u003c/a\u003e\n  \u003c/sup\u003e\u003c/sup\u003e\n  \u003ch3 align=\"center\"\u003eHomelab\u003c/h2\u003e\n  \u003cp align=\"center\"\u003e\n    IaC for my homelab and personal cloud\n  \u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    [ \u003ca href=\"https://github.com/MacroPower/dotfiles\"\u003edotfiles\u003c/a\u003e \u0026#183;\n    \u003ca href=\"https://github.com/MacroPower/helm-charts\"\u003echarts\u003c/a\u003e \u0026#183;\n    \u003ca href=\"https://github.com/MacroPower/containers\"\u003econtainers\u003c/a\u003e \u0026#183;\n    \u003ca href=\"https://jacobcolvin.com/posts/\"\u003eblog\u003c/a\u003e ]\n  \u003c/p\u003e\n\u003c/p\u003e\n\n## 📖 Overview\n\nThis repository declares all of my infrastructure and Kubernetes clusters, both self-hosted and in [Hetzner Cloud](https://www.hetzner.com/). I also host all of my documentation here.\n\nAdmittedly, both usages of \"all\" describe the end goal of this repo, not the current state. But, I will get there some day.\n\n---\n\n## 🎨 Components\n\n### Infrastructure management\n\n- [Terraform](https://github.com/hashicorp/terraform): Bootstraps and manages infrastructure needed for Kubernetes.\n- [Crossplane](https://crossplane.io): Kubernetes-native infrastructure management.\n\n### Cluster management\n\n- [Talos](https://www.talos.dev): Immutable Kubernetes OS; built using [talhelper](https://github.com/budimanjojo/talhelper).\n- [Argo CD](https://github.com/argoproj/argo-cd): Reconciles kubernetes clusters with this repository.\n- [Kyverno](https://kyverno.io): Policy engine supporting validate, mutate, generate, and cleanup rules.\n- [Harbor](https://goharbor.io): Artifact registry with pull-through cache and vulnerability scanning.\n- [Jsonnet](https://jsonnet.org/): Configuration language I use to describe Argo applications.\n- [Renovate](https://github.com/renovatebot/renovate): Automatic updates for applications via pull requests.\n\n### Secrets\n\n- [Doppler](https://www.doppler.com/): Hosted secrets management platform.\n- [External Secrets](https://external-secrets.io): Synchronizes secrets from Doppler into Kubernetes.\n\n### Networking\n\n- [Cilium](https://cilium.io): eBPF-based CNI \u0026 service mesh.\n- [Traefik](https://traefik.io): Ingress controller \u0026 reverse proxy.\n- [Cert Manager](https://cert-manager.io): Automatic Let's Encrypt certificates.\n- [AdGuard Home](https://github.com/AdguardTeam/AdguardHome): DNS server with ad-blocking.\n- [Wireguard](https://www.wireguard.com): Modern VPN tunnels; implemented using [wireguard-operator](https://github.com/jodevsa/wireguard-operator).\n\n### Security\n\n- [Authentik](https://goauthentik.io): Identity Provider.\n- [Tetragon](https://tetragon.io/): eBPF-based security observability and runtime enforcement.\n- [SecureCodeBox](https://www.securecodebox.io/): Continuous and automated security testing with familiar tools like Nmap, ZAP.\n- [Trivy](https://aquasecurity.github.io/trivy): Kubernetes and container vulnerability scanner.\n\n### Observability\n\n- [Prometheus](https://prometheus.io): Monitoring system \u0026 TSDB.\n- [Jaeger](https://www.jaegertracing.io): Distributed tracing system.\n- [Loki](https://grafana.com/oss/loki/): Log aggregation system.\n- [Vector](https://vector.dev): Log collector, transformer, and router.\n- [OTEL Collector](https://opentelemetry.io/docs/collector/): Trace/metric collector, transformer, and router.\n- [Grafana](https://grafana.com): Visualization platform.\n- [Robusta](https://home.robusta.dev): Alerts / notifications and runbook automation.\n- [Inspektor Gadget](https://www.inspektor-gadget.io/): eBPF-based gadgets to debug and inspect Kubernetes apps and resources.\n\n### Storage\n\n- [Rook](https://rook.io): Storage operator for Ceph.\n- [Ceph](https://ceph.io): Distributed object, block, and file storage.\n\n---\n\n## 📂 Repository structure\n\nOverview of this repo's structure, there's more info in the README files for each:\n\n```sh\n📁 applications  # Kubernetes applications\n├─📁 base          # Application base config\n├─📁 environments  # Application cluster customizations\n│ ├─📁 hcloud        # Customizations for Hetzner cluster\n│ ├─📁 home          # Customizations for home cluster\n│ └─📁 seedbox       # Customizations for seedbox cluster\n└─📁 lib           # Jsonnet libraries\n\n📁 terraform     # IaC defined via Terraform\n├─📁 home          # IaC for home\n├─📁 hcloud        # IaC for Hetzner Cloud\n└─📁 hcloud-robot  # IaC for Hetzner Cloud (Robot)\n```\n\n---\n\n## ☁️ Cloud Dependencies\n\nAlthough the majority of my infrastructure and workloads are self-hosted, there are certain key components of my setup that rely on cloud services.\n\n| Service                                              | Use                                                            | Cost           |\n| ---------------------------------------------------- | -------------------------------------------------------------- | -------------- |\n| [Hetzner Cloud](https://www.hetzner.com/)            | Cloud compute and storage                                      | ~$40/mo        |\n| [AWS](https://aws.amazon.com/)                       | Cloud cold storage (S3 Deep Glacier)                           | ~$10/mo        |\n| [Google Cloud](https://cloud.google.com/)            | Cloud storage                                                  | ~$20/mo        |\n| [Cloudflare](https://www.cloudflare.com/)            | DNS, Certs, Proxy, WAF                                         | Free           |\n| [Doppler](https://doppler.com/)                      | Secrets with [External Secrets](https://external-secrets.io/)  | Free           |\n| [GitHub](https://github.com/)                        | Hosting this repository and continuous integration/deployments | Free           |\n| [Renovate](https://github.com/renovatebot/renovate)  | Automatic updates for applications via pull requests           | Free           |\n| [Docker Hub](https://hub.docker.com/)                | Docker image registry                                          | Free           |\n| [Robusta](https://home.robusta.dev/)                 | Alerts / notifications and runbook automation                  | Free           |\n| [Terraform Cloud](https://www.terraform.io/)         | Storing Terraform state                                        | Free           |\n| [Grafana Cloud](https://grafana.com/products/cloud/) | Hosted Grafana \u0026 Prometheus, used for misc public projects     | Free           |\n|                                                      |                                                                | Total: ~$70/mo |\n\n---\n\n## 🔧 Hardware\n\n### Computing\n\n| Count | Device                     | OS Disk Size | Data Disk Size      | Ram   | Operating System | Purpose                    |\n| ----- | -------------------------- | ------------ | ------------------- | ----- | ---------------- | -------------------------- |\n| 3     | Turing Pi 2                | 1GB NAND     | 32GB SD Card        | 128MB | TPi BMC Firmware | 4-Node Cluster Board       |\n| 3     | Raspberry Pi CM4           | 32GB eMMC    | N/A                 | 8GB   | Talos Linux      | Kubernetes Control Plane   |\n| 3     | Supermicro M11SDV-8C+-LN4F | 64GB SATADOM | 4TB SSD             | 128GB | Talos Linux      | Kubernetes Workers (x86)   |\n| 3     | Turing RK1 \\*              | 32GB eMMC    | 1TB SSD             | 32GB  | Talos Linux      | Kubernetes Workers (arm64) |\n| 1     | TrueNAS Mini R             | 500GB SSD    | 200TB HDD + 2TB SSD | 64GB  | TrueNAS SCALE    | Storage Server             |\n| 1     | Raspberry Pi 4B            | 32GB SD Card | N/A                 | 4GB   | PiKVM            | Network KVM                |\n\n\u003csup\u003e\\* == Pending\u003c/sup\u003e\n\n### Networking\n\n| Count | Device                       | Eth Interfaces | SFP Interfaces | Platform | Purpose                   |\n| ----- | ---------------------------- | -------------- | -------------- | -------- | ------------------------- |\n| 1     | Ubiquiti UDM-SE              | 1x 2.5G        | 2x 10G         | UniFi OS | Router \u0026 Security Gateway |\n| 1     | Ubiquiti UCI                 | 1x 2.5G        | N/A            | UniFi OS | DOCSIS 3.1 Cable Modem    |\n| 1     | Ubiquiti U6-Pro              | 1x 1G          | N/A            | UniFi OS | WiFi 6 Access Point       |\n| 1     | Ubiquiti USW-Pro-Aggregation | N/A            | 28x 10G        | UniFi OS | L3 Aggregation Switch     |\n| 1     | Ubiquiti USW-Pro-24          | 24x 1G         | 2x 10G         | UniFi OS | L3 Switch                 |\n| 1     | Ubiquiti USW-Pro-24-POE      | 24x 1G         | 2x 10G         | UniFi OS | L3 PoE Switch             |\n| 2     | WattBox WB-800-IPVM          | 1x 1G          | N/A            | OvrC     | IP Controlled Metered PDU |\n| 1     | WattBox WB-800VPS-IPVM-18    | 1x 1G          | N/A            | OvrC     | IP Controlled Metered PDU |\n\n---\n\n## 🤝 Thanks\n\nOver time I've taken a ton of inspiration from the K8s@Home / home-ops community: [onedr0p](https://github.com/onedr0p/flux-cluster-template), [szinn](https://github.com/szinn/k8s-homelab), [budimanjojo](https://github.com/budimanjojo/home-cluster), [buroa](https://github.com/buroa/k8s-gitops), [coolguy1771](https://github.com/coolguy1771/home-ops), and many others.\n\nTechnically however, I hope this repo is quite unique. I've intentionally tried to make some uncommon choices to learn more and venture outside my comfort zone a bit. So, I hope that in the very least, this repo will provide anyone looking with some interesting and unique ideas. 🙂\n\n---\n\n## 🔏 License\n\nThis project is licensed under the Apache-2.0 license, primarily because it's very compatible with a lot of the projects I enjoy stealing code from.\n\nFor more details, see [LICENSE](./LICENSE).\n\nUltimately though, I have a WTFPL mindset about any content produced by/for myself. If you like anything you see here, feel free to use it however you want (yes, that includes the peepos), just don't sue me if my code blows up your cluster. If you're feeling especially nice, links back to this repo are always appreciated (for the SEO, or whatever).\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"#\"\u003e\u003cimg src=\"docs/img/peepoK8S.png\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmacropower%2Fhomelab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmacropower%2Fhomelab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmacropower%2Fhomelab/lists"}