{"id":40573769,"url":"https://github.com/nicolerenee/infra","last_synced_at":"2026-01-21T01:39:22.181Z","repository":{"id":83212868,"uuid":"142804278","full_name":"nicolerenee/infra","owner":"nicolerenee","description":"Kubernetes gitops for my homelab","archived":false,"fork":false,"pushed_at":"2026-01-19T16:05:23.000Z","size":3675,"stargazers_count":100,"open_issues_count":34,"forks_count":8,"subscribers_count":7,"default_branch":"main","last_synced_at":"2026-01-19T18:11:07.631Z","etag":null,"topics":["flux","gitops","home-operations","homelab","k8s-at-home","kubernetes","talos"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nicolerenee.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-07-29T23:56:56.000Z","updated_at":"2026-01-18T03:35:11.000Z","dependencies_parsed_at":"2024-12-11T03:26:15.741Z","dependency_job_id":"3204bb2c-0374-4448-b9c2-f6d43ad00c6d","html_url":"https://github.com/nicolerenee/infra","commit_stats":null,"previous_names":["nicolerenee/infra"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/nicolerenee/infra","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicolerenee%2Finfra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicolerenee%2Finfra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicolerenee%2Finfra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicolerenee%2Finfra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nicolerenee","download_url":"https://codeload.github.com/nicolerenee/infra/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nicolerenee%2Finfra/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28622040,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T23:49:58.628Z","status":"ssl_error","status_checked_at":"2026-01-20T23:47:29.996Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flux","gitops","home-operations","homelab","k8s-at-home","kubernetes","talos"],"created_at":"2026-01-21T01:39:21.731Z","updated_at":"2026-01-21T01:39:22.173Z","avatar_url":"https://github.com/nicolerenee.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Home Kubernetes Infrastructure\n\nA GitOps-managed Kubernetes infrastructure running on bare metal with Talos\nLinux, featuring automated deployments via Flux v2 and comprehensive\napplication hosting for home lab services.\n\n## 🏗️ Infrastructure Overview\n\nThis repository manages two Kubernetes clusters using a GitOps approach:\n\n- **atlantis-k8s01**: 5-node cluster (3 control plane, 2 workers) with\n  high-availability networking running in a Colo\n- **fairy-k8s01**: 3-node cluster (all control plane) running at home\n\n### Core Technologies\n\n- **OS**: [Talos Linux](https://www.talos.dev/) - Immutable, secure Kubernetes\n  OS\n- **GitOps**: [Flux v2](https://fluxcd.io/) - Automated deployment and\n  reconciliation\n- **CNI**: [Cilium](https://cilium.io/) - eBPF-based networking with Gateway API\n  support\n- **Storage**: [Rook Ceph](https://rook.io/) - Distributed storage cluster\n- **Secrets**: [External Secrets Operator](https://external-secrets.io/) with\n  1Password integration\n- **Monitoring**: [VictoriaMetrics](https://victoriametrics.com/) stack with\n  Grafana\n- **Load Balancing**: [MetalLB](https://metallb.universe.tf/) in BGP mode\n\n## 📁 Repository Structure\n\n```text\nkubernetes/\n├── apps/                   # Application definitions (shared across clusters)\n│   ├── auth/               # Authentication services (Authentik, LLDAP)\n│   ├── cert-manager/       # Certificate management\n│   ├── flux/               # Flux operator and instance configs\n│   ├── home-automation/    # Home Assistant, ESPHome, Zigbee2MQTT\n│   ├── media/              # Media stack\n│   ├── networking/         # Network services (Cilium, MetalLB, DNS)\n│   ├── observability/      # Monitoring and alerting stack\n│   ├── secrets/            # Secret management\n│   ├── storage/            # Storage solutions\n│   └── ...\n├── clusters/               # Cluster-specific configurations\n│   ├── atlantis-k8s01/     # atlantis cluster configuration\n│   │   ├── apps/           # Cluster-specific app deployments\n│   │   ├── flux/           # Flux bootstrap configuration\n│   │   └── talos/          # Talos machine configurations\n│   └── fairy-k8s01/        # fairy cluster configuration\n└── components/             # Reusable Kustomize components\n```\n\n## 🚀 Key Features\n\n### GitOps Automation\n\n- **Flux v2** continuously monitors this repository and applies changes\n  automatically\n- **Renovate** keeps dependencies updated with automated PRs\n- **GitHub Actions** provide CI/CD pipeline for validation and deployment\n\n### Security \u0026 Secrets Management\n\n- **1Password Connect** integration for secure secret management\n- **External Secrets Operator** syncs secrets from 1Password to Kubernetes\n- **Cert-Manager** with Let's Encrypt for automatic TLS certificate\n  provisioning\n- **Authentik** provides SSO and identity management\n\n### High Availability Storage\n\n- **Rook Ceph** cluster provides distributed, replicated storage\n- **Spegel** for distributed container image caching\n\n### Comprehensive Monitoring\n\n- **VictoriaMetrics** for metrics collection and storage\n- **Victoria Logs** for log aggregation and analysis\n- **Grafana** for visualization and dashboards\n- **Gatus** for uptime monitoring and status pages\n- **Silence Operator** for intelligent alert management\n- **Prometheus Operator** for metrics collection and alerting\n\n### Networking \u0026 Connectivity\n\n- **Cilium** with eBPF for high-performance networking\n- **Gateway API** for modern ingress management\n- **MetalLB** in BGP mode for LoadBalancer services\n- **Tailscale** integration for secure remote access\n- **Multus** for multi-network interface support\n- **Cloudflare Tunnel** for secure external connectivity\n\n## 🏠 Applications \u0026 Services\n\n### Media \u0026 Entertainment\n\n- **Emby/Jellyfin**: Media streaming servers\n- **Plex**: Media streaming server\n- **Sonarr/Radarr/Lidarr**: Media acquisition and management\n- **Bazarr**: Subtitle management\n- **SABnzbd**: Usenet downloader\n- **Prowlarr**: Indexer management\n- **Recyclarr**: Quality profile management\n- **Webhook**: Automation webhook handler\n\n### Home Automation\n\n- **Home Assistant**: Home automation platform\n- **ESPHome**: ESP device management\n- **Zigbee2MQTT**: Zigbee device integration\n- **Scrypted**: Camera and NVR management\n- **Mosquitto**: MQTT message broker\n- **rtl_433**: 433MHz radio receiver for IoT devices\n\n### Development \u0026 Productivity\n\n- **GitHub Actions Runners**: Self-hosted CI/CD runners\n- **IT Tools**: Collection of useful web tools\n- **Golink**: Internal URL shortener\n- **Netbox**: Infrastructure documentation\n- **Homebox**: Home inventory management\n- **Mealie**: Recipe and meal planning management\n\n### Infrastructure Services\n\n- **Authentik**: Identity provider and SSO\n- **LLDAP**: Lightweight LDAP server\n- **Pocket ID**: Identity management platform\n- **External DNS**: Automatic DNS record management\n- **Cloudflare Tunnel**: Secure tunnel for external access\n- **System Upgrade Controller**: Automated node updates (Kubernetes and Talos)\n- **CloudNativePG**: PostgreSQL operator for database management\n\n## 🔧 Hardware \u0026 Infrastructure\n\n### Atlantis Cluster\n\n- **5 nodes** with Intel hardware and 10Gb networking\n- **Bonded network interfaces** with LACP for redundancy\n- **NVMe boot storage** for quick boot speed\n- **SSD ceph storage** for high-availablity cluster storage\n- **Intel integrated graphics** support for hardware transcoding\n\n### Fairy Cluster\n\n- **3 nodes** (all control plane) with advanced security features\n- **Secure Boot** and **UKI** enabled for enhanced security\n- **NVMe storage** for boot device and ceph storage\n- **Intel integrated graphics** support for media workloads\n\n## 🚦 Getting Started\n\n### Prerequisites\n\n- **Talos Linux** knowledge for cluster management\n- **Flux CLI** for GitOps operations\n- **1Password** account for secrets management\n- **Task** for automation scripts\n\n### Bootstrap Process\n\n1. **Prepare hardware** with Talos Linux installation\n2. **Configure Talos** using the provided `talconfig.yaml` files\n3. **Bootstrap Flux** using the cluster-specific configurations\n4. **Set up secrets** in 1Password and configure External Secrets\n5. **Deploy applications** by committing changes to this repository\n\n### Task Automation\n\nThis repository uses [Task](https://taskfile.dev/) for automation:\n\n```bash\n# Generate Talos configurations\ntask talos:generate CLUSTER=atlantis-k8s01\n\n# Apply Talos configuration to a node\ntask talos:apply-config CLUSTER=atlantis-k8s01 node=atlantis-compute01\n\n# Update Talos configuration\ntask talos:talosconfig CLUSTER=atlantis-k8s01\n```\n\n## 🔄 Continuous Deployment\n\n### Automated Updates\n\n- **Renovate** automatically creates PRs for dependency updates\n- **Flux** applies approved changes within minutes\n- **System Upgrade Controller** handles node OS updates\n- **Reloader** restarts applications when configurations change\n\n### Monitoring \u0026 Alerting\n\n- **VictoriaMetrics** collects metrics from all cluster components\n- **Victoria Logs** aggregates and analyzes logs from all services\n- **Grafana** provides comprehensive dashboards\n- **Gatus** monitors service availability\n- **Alert routing** via various notification channels\n\n## 🤝 Contributing\n\nThis repository is tailored for personal use but serves as a reference\nimplementation. Feel free to:\n\n- **Fork** and adapt for your own infrastructure\n- **Open issues** for questions or suggestions\n- **Submit PRs** for improvements or bug fixes\n\n## 📚 Documentation \u0026 Resources\n\n- [Talos Linux Documentation](https://www.talos.dev/docs/)\n- [Flux Documentation](https://fluxcd.io/docs/)\n- [Cilium Documentation](https://docs.cilium.io/)\n- [Rook Ceph Documentation](https://rook.io/docs/)\n\n## ⚠️ Important Notes\n\n- **Secrets**: All secrets are managed via 1Password and External Secrets Operator\n- **Networking**: BGP configuration required for MetalLB LoadBalancer services\n- **Storage**: Rook Ceph requires dedicated storage devices on cluster nodes\n- **Updates**: Automated updates are enabled - monitor the deployment pipeline\n\n---\n\n*This infrastructure powers a comprehensive home lab environment with\nproduction-grade reliability and security.*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnicolerenee%2Finfra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnicolerenee%2Finfra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnicolerenee%2Finfra/lists"}