{"id":50584970,"url":"https://github.com/ngoldack/homelab","last_synced_at":"2026-06-05T05:30:36.533Z","repository":{"id":360717711,"uuid":"1163955793","full_name":"ngoldack/homelab","owner":"ngoldack","description":null,"archived":false,"fork":false,"pushed_at":"2026-06-04T14:27:44.000Z","size":345,"stargazers_count":0,"open_issues_count":6,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-04T15:17:22.545Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ngoldack.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-02-22T12:20:22.000Z","updated_at":"2026-06-03T09:14:28.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/ngoldack/homelab","commit_stats":null,"previous_names":["ngoldack/homelab"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ngoldack/homelab","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ngoldack%2Fhomelab","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ngoldack%2Fhomelab/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ngoldack%2Fhomelab/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ngoldack%2Fhomelab/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ngoldack","download_url":"https://codeload.github.com/ngoldack/homelab/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ngoldack%2Fhomelab/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33932040,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-05T02:00:06.157Z","response_time":120,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-05T05:30:35.957Z","updated_at":"2026-06-05T05:30:36.528Z","avatar_url":"https://github.com/ngoldack.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# homelab\n\nGitOps-driven homelab running a [Talos OS](https://www.talos.dev/) Kubernetes cluster on [Proxmox](https://www.proxmox.com/), provisioned with [OpenTofu](https://opentofu.org/) and managed by [Flux CD](https://fluxcd.io/).\n\n## Stack\n\n| Layer | Tool |\n|---|---|\n| Hypervisor | Proxmox VE |\n| OS | Talos Linux |\n| Provisioning | OpenTofu (`bpg/proxmox` + `siderolabs/talos`) |\n| CNI | Cilium (eBPF, kube-proxy replacement) |\n| Storage | TrueNAS CSI (`tns-csi`, NFS + NVMe-oF) + local-path |\n| VPN Overlay | NetBird (Operator + Node Extension) |\n| TLS | cert-manager + Let's Encrypt |\n| Observability | VictoriaMetrics + Loki + OTel Collector + Grafana |\n| Security / Policy | Kyverno (Best Practices Pod Security Standards) |\n| GitOps | Flux CD |\n| Secrets | SOPS + age |\n| State Encryption | OpenTofu native AES-GCM |\n\n## Cluster Layout\n\n| Node | Role | vCPU | RAM | Disk |\n|---|---|---|---|---|\n| master-0/1/2 | controlplane | 2 | 4 GB | 32 GB |\n| worker-default-0/1 | worker | 6 | 8 GB | 64 GB |\n| worker-large-0 | worker | 12 | 48 GB | 128 GB |\n\n## Repository Structure\n\n```\n.\n├── tofu/                   # OpenTofu — VM provisioning \u0026 Talos bootstrap\n└── kubernetes/\n    ├── clusters/\n    │   └── production/     # Flux entrypoint for your Proxmox/Talos cluster\n    ├── infrastructure/      # Cilium, cert-manager\n    └── apps/                # Homelab applications (managed by Flux)\n```\n\n## Getting Started\n\n### Prerequisites\n\n- `age`, `sops`, `tofu`, `talosctl`, `flux`, `kubectl` installed locally\n- Proxmox VE host reachable on the network\n- A self-hosted GitHub Actions runner on the same LAN as Proxmox\n\n### 1. Generate Age Key\n\n```bash\nage-keygen -o age.key\n# Copy the printed public key into .sops.yaml\n```\n\n### 2. Configure Secrets\n\n```bash\n# Fill in proxmox_api_password and state_encryption_passphrase, then encrypt:\nSOPS_AGE_KEY_FILE=age.key sops --encrypt --in-place tofu/secret.sops.yaml\n```\n\n### 3. Provision Infrastructure\n\n```bash\nexport SOPS_AGE_KEY_FILE=age.key\nexport TOFU_ENCRYPTION_PASSPHRASE_statekey=$(sops -d tofu/secret.sops.yaml | yq .state_encryption_passphrase)\n\ncd tofu\ntofu init \u0026\u0026 tofu apply\n```\n\n### 4. Bootstrap Flux\n\n```bash\n# Register the age key with the cluster so Flux can decrypt secrets\nkubectl create secret generic sops-age \\\n  --namespace=flux-system \\\n  --from-file=age.agekey=age.key\n\nflux bootstrap github \\\n  --owner=\u003cyour-github-username\u003e \\\n  --repository=homelab \\\n  --branch=main \\\n  --path=kubernetes/clusters/production \\\n  --personal\n```\n\n## CI / CD\n\n| Workflow | Trigger | Purpose |\n|---|---|---|\n| `validate.yaml` | push / PR | Lint, validate, security-scan configs, and verify raw secret leaks |\n| `tofu-run.yaml` | push / PR / manual | Run automated plans or approve apply/destroys over NetBird |\n\n---\n\n## Developer and Agent Guidelines\n\nFor comprehensive cross-system checklists, custom GitOps conventions (Cilium integration and CloudNativePG storage policies), and rules of engagement (SOPS secrets and validation workflows) designed specifically for human developers and AI coding agents, please refer directly to [AGENTS.md](AGENTS.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fngoldack%2Fhomelab","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fngoldack%2Fhomelab","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fngoldack%2Fhomelab/lists"}