{"id":50963318,"url":"https://github.com/roib20/homelab-as-code","last_synced_at":"2026-06-18T17:02:27.669Z","repository":{"id":363769207,"uuid":"986567473","full_name":"roib20/homelab-as-code","owner":"roib20","description":null,"archived":false,"fork":false,"pushed_at":"2026-06-17T14:10:39.000Z","size":3931,"stargazers_count":2,"open_issues_count":9,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-06-17T16:19:13.101Z","etag":null,"topics":["ansible","argocd","kuberenetes","opentofu","talos","terragrunt"],"latest_commit_sha":null,"homepage":"https://homelab.towerofkubes.com","language":"YAML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/roib20.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-05-19T20:00:54.000Z","updated_at":"2026-06-17T14:13:46.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/roib20/homelab-as-code","commit_stats":null,"previous_names":["roib20/homelab-as-code"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/roib20/homelab-as-code","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/roib20%2Fhomelab-as-code","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/roib20%2Fhomelab-as-code/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/roib20%2Fhomelab-as-code/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/roib20%2Fhomelab-as-code/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/roib20","download_url":"https://codeload.github.com/roib20/homelab-as-code/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/roib20%2Fhomelab-as-code/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34499413,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-18T02:00:06.871Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","argocd","kuberenetes","opentofu","talos","terragrunt"],"created_at":"2026-06-18T17:02:26.532Z","updated_at":"2026-06-18T17:02:27.651Z","avatar_url":"https://github.com/roib20.png","language":"YAML","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- markdownlint-disable-next-line MD033 MD041 --\u003e\n\u003cdiv align=\"center\"\u003e\n\n# 🏠 Homelab as Code 👨‍💻\n\n**Bare-metal to a self-healing Kubernetes cluster, every layer as code. This is my homelab.**\n\n[![Documentation](https://img.shields.io/badge/Documentation-homelab.towerofkubes.com-5E81AC?style=for-the-badge\u0026logo=astro\u0026logoColor=white)](https://homelab.towerofkubes.com)\n\nThe goal is to keep manual steps out of it as much as I can. Ansible and OpenTofu provision the OS layer and VMs, the nodes run Talos Linux, and Argo CD reconciles the cluster against Git. Most changes are a commit, and rebuilding a node means running the same code again.\n\n## ✅ Status\n\n[![Image](https://img.shields.io/badge/image-ghcr.io%2Froib20%2Fhomelab--as--code--runner-blue)](https://github.com/roib20/homelab-as-code/pkgs/container/homelab-as-code-runner)\n[![Bake Container Image](https://github.com/roib20/homelab-as-code/actions/workflows/bake-image.yml/badge.svg)](https://github.com/roib20/homelab-as-code/actions/workflows/bake-image.yml)\n[![Kustomize Build Validation](https://github.com/roib20/homelab-as-code/actions/workflows/kustomize-build-validation.yml/badge.svg)](https://github.com/roib20/homelab-as-code/actions/workflows/kustomize-build-validation.yml)\n[![pre-commit](https://github.com/roib20/homelab-as-code/actions/workflows/pre-commit.yml/badge.svg)](https://github.com/roib20/homelab-as-code/actions/workflows/pre-commit.yml)\n[![ShellCheck](https://github.com/roib20/homelab-as-code/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/roib20/homelab-as-code/actions/workflows/shellcheck.yml)\n[![Terragrunt Validate \u0026 Format](https://github.com/roib20/homelab-as-code/actions/workflows/terragrunt-validate-and-fmt.yml/badge.svg)](https://github.com/roib20/homelab-as-code/actions/workflows/terragrunt-validate-and-fmt.yml)\n[![yamllint](https://github.com/roib20/homelab-as-code/actions/workflows/yamllint.yml/badge.svg)](https://github.com/roib20/homelab-as-code/actions/workflows/yamllint.yml)\n\n---\n\n## 🧱 Built with Layers\n\n```mermaid\nflowchart LR\n  hw[\"💻 Hardware\"] --\u003e deb[\"🐧 Debian\"] --\u003e pve[\"📦 Proxmox VE\"]\n  pve --\u003e tn[\"🗄️ TrueNAS\"]\n  pve --\u003e k8s[\"☸️ Talos + Kubernetes\"]\n  k8s --\u003e argo[\"🚀 Argo CD\"]\n```\n\nThe lab is built bottom to top, and each layer assumes the one under it. A Proxmox VE cluster runs the Talos VMs that form Kubernetes, plus a TrueNAS VM for storage. The lower layers rarely change once they work, while the apps on top change frequently, with updates automated by Renovate Operator.\n\n## 🔁 Kept in Sync with Git\n\n```mermaid\nflowchart LR\n  git[\"Git (this repo)\"] --\u003e argo[\"Argo CD\"] --\u003e cluster[\"Cluster state\"]\n  argo -. corrects drift .-\u003e cluster\n```\n\nThis is the GitOps part. Git holds the desired state and Argo CD does the writing: it is the only thing that applies changes to the cluster, and ApplicationSets generate the apps from `kubernetes/cluster/active`. A rollback is a `git revert`. The one thing kept out of Git is secrets, which the External Secrets Operator pulls from Bitwarden Secrets Manager at runtime.\n\n## 🚪 Two Ways In\n\n```mermaid\nflowchart LR\n  req[\"Request\"] --\u003e pick{\"Public or private?\"}\n  pick --\u003e|Public| gw[\"🌐 Gateway API + WAF\"]\n  pick --\u003e|Private| ts[\"🔒 Tailscale Operator\"]\n  gw --\u003e svc[\"Service\"]\n  ts --\u003e svc\n```\n\nEvery service picks one of two Ingress paths. Public services come in through the Gateway API, where Envoy Gateway terminates TLS and runs a Coraza WAF. Private ones reside on the Tailnet instead, reachable only from approved devices.\n\n## 🧰 The Stack\n\n| Category | Tools |\n| --- | --- |\n| 🏗️ Infrastructure as Code (IaC) | OpenTofu, Terragrunt, Ansible |\n| 🖥️ Hosts and Virtualization | Proxmox VE, TrueNAS, Talos Linux |\n| 🔁 GitOps | Argo CD with ApplicationSets |\n| 🌐 Networking | Cilium, CoreDNS, external-dns |\n| 🚪 Ingress | Envoy Gateway (public), Tailscale Operator (private) |\n| 🔑 Certificates and Secrets | cert-manager, External Secrets Operator (Bitwarden Secrets Manager) |\n| 🪪 Identity | Kanidm with Kaniop |\n| 💾 Storage | Longhorn, CSI drivers for NFS and SMB |\n| 🛢️ Databases | CloudNativePG, mariadb-operator |\n| ⚙️ Runner Toolchain | Task, talosctl, kubectl, Helm, Kustomize |\n\n## 📂 What's in the Repo\n\n| Path | Contents |\n| --- | --- |\n| [`ansible/`](ansible) | Proxmox VE setup and Kubernetes bootstrap playbooks |\n| [`debian/`](debian) | Unattended Debian install (preseed) |\n| [`Dockerfile`](Dockerfile) | The all-in-one runner image |\n| [`kubernetes/`](kubernetes) | GitOps source of truth |\n| [`.taskfiles/`](.taskfiles) | Task runner workflows |\n| [`terragrunt/`](terragrunt) | Talos VM provisioning, with remote state in Cloudflare R2 |\n| [`tofu/`](tofu) | OpenTofu bootstrap for the R2 state bucket |\n\n## 📖 Read More\n\nTutorials, guides, reference material, and explanations are in the [docs](https://homelab.towerofkubes.com). Deep dives can be found at my [blog](https://www.towerofkubes.com/).\n\n\u003c!-- markdownlint-disable-next-line MD033 --\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Froib20%2Fhomelab-as-code","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Froib20%2Fhomelab-as-code","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Froib20%2Fhomelab-as-code/lists"}