{"id":7688842,"url":"https://github.com/smbonn2005/HomeOps","last_synced_at":"2025-07-13T12:31:14.544Z","repository":{"id":152762588,"uuid":"621611846","full_name":"smbonn2005/HomeOps","owner":"smbonn2005","description":"A mono repository for my home infrastructure and Kubernetes cluster which adheres to Infrastructure as Code (IaC) and GitOps practices where possible","archived":false,"fork":false,"pushed_at":"2025-07-08T01:19:18.000Z","size":10197,"stargazers_count":9,"open_issues_count":5,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-08T01:23:46.773Z","etag":null,"topics":["cilium","cloudflared","fluxcd","gitops","k8s-at-home","kubernetes","talos"],"latest_commit_sha":null,"homepage":"https://github.com/smbonn2005/HomeOps","language":"YAML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"wtfpl","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/smbonn2005.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-03-31T02:43:50.000Z","updated_at":"2025-07-08T01:19:21.000Z","dependencies_parsed_at":"2023-09-23T04:59:33.099Z","dependency_job_id":"bc7b3a26-efbe-41af-87cd-19ec47bcc803","html_url":"https://github.com/smbonn2005/HomeOps","commit_stats":null,"previous_names":[],"tags_count":27,"template":false,"template_full_name":"onedr0p/cluster-template","purl":"pkg:github/smbonn2005/HomeOps","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smbonn2005%2FHomeOps","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smbonn2005%2FHomeOps/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smbonn2005%2FHomeOps/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smbonn2005%2FHomeOps/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/smbonn2005","download_url":"https://codeload.github.com/smbonn2005/HomeOps/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/smbonn2005%2FHomeOps/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265139176,"owners_count":23717258,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cilium","cloudflared","fluxcd","gitops","k8s-at-home","kubernetes","talos"],"created_at":"2024-04-09T12:04:21.499Z","updated_at":"2025-07-13T12:31:14.536Z","avatar_url":"https://github.com/smbonn2005.png","language":"YAML","funding_links":[],"categories":["YAML"],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003cimg src=\"https://raw.githubusercontent.com/smbonn2005/HomeOps/main/icons/logo.png\" align=\"center\" width=\"144px\" height=\"144px\"/\u003e\n\n### My Home Operations repository :octocat:\n\n_... managed with Flux, Renovate and GitHub Actions_ šŸ¤–\n\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![Discord](https://img.shields.io/discord/673534664354430999?style=for-the-badge\u0026label\u0026logo=discord\u0026logoColor=white\u0026color=blue)](https://discord.gg/k8s-at-home)\u0026nbsp;\u0026nbsp;\n[![Talos](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.smbonn.me%2Fquery%3Fformat%3Dendpoint%26metric%3Dtalos_version\u0026style=for-the-badge\u0026logo=talos\u0026logoColor=white\u0026color=blue\u0026label=%20)](https://www.talos.dev/)\u0026nbsp;\u0026nbsp;\n[![Kubernetes](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.smbonn.me%2Fquery%3Fformat%3Dendpoint%26metric%3Dkubernetes_version\u0026style=for-the-badge\u0026logo=kubernetes\u0026logoColor=white\u0026color=blue\u0026label=%20)](https://www.talos.dev/)\u0026nbsp;\u0026nbsp;\n[![Flux](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.smbonn.me%2Fflux_version\u0026style=for-the-badge\u0026logo=flux\u0026logoColor=white\u0026color=blue\u0026label=%20)](https://fluxcd.io)\\\n[![GitHub last commit](https://img.shields.io/github/last-commit/smbonn2005/HomeOps?color=purple\u0026style=for-the-badge)](https://github.com/smbonn2005/HomeOps/commits/main 'Commit History')\u0026nbsp;\u0026nbsp;\n[![GitHub stars](https://img.shields.io/github/stars/smbonn2005/HomeOps?color=green\u0026style=for-the-badge)](https://github.com/smbonn2005/HomeOps/stargazers 'This repo star count')\u0026nbsp;\u0026nbsp;\n[![Renovate](https://img.shields.io/github/actions/workflow/status/smbonn2005/admin/renovate.yaml?branch=main\u0026label=\u0026logo=renovate\u0026style=for-the-badge\u0026color=blue\u0026logoColor=white)](https://github.com/smbonn2005/admin/actions/workflows/renovate.yaml)\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![Age-Days](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.smbonn.me%2Fcluster_age_days\u0026style=flat-square\u0026label=Age)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![Uptime-Days](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.smbonn.me%2Fcluster_uptime_days\u0026style=flat-square\u0026label=Uptime)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![Node-Count](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.smbonn.me%2Fcluster_node_count\u0026style=flat-square\u0026label=Nodes)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![Pod-Count](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.smbonn.me%2Fcluster_pod_count\u0026style=flat-square\u0026label=Pods)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![CPU-Usage](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.smbonn.me%2Fcluster_cpu_usage\u0026style=flat-square\u0026label=CPU)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![Memory-Usage](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.smbonn.me%2Fcluster_memory_usage\u0026style=flat-square\u0026label=Memory)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![Power-Usage](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.smbonn.me%2Fcluster_power_usage\u0026style=flat-square\u0026label=Power)](https://github.com/kashalls/kromgo/)\u0026nbsp;\u0026nbsp;\n[![Alerts](https://img.shields.io/endpoint?url=https%3A%2F%2Fkromgo.smbonn.me%2Fcluster_alert_count\u0026style=flat-square\u0026label=Alerts)](https://github.com/kashalls/kromgo)\n\n\u003c/div\u003e\n\n---\n\n## šŸ“– Overview\n\nThis is a mono repository for my home infrastructure and Kubernetes cluster. I try to adhere to Infrastructure as Code (IaC) and GitOps practices using the tools like [FluxCD](https://github.com/fluxcd/flux2), [Renovate](https://github.com/renovatebot/renovate), [Kubernetes](https://kubernetes.io/), and [GitHub Actions](https://github.com/features/actions).\n\n---\n\n## ā›µ Kubernetes\n\nThere is a template over at [onedr0p/flux-cluster-template](https://github.com/onedr0p/flux-cluster-template) if you wanted to try and follow along with some of the practices I use here.\n\n### Installation\n\nMy Kubernetes cluster is deployed with [Talos](https://www.talos.dev/). This is a semi hyper-converged cluster, workloads and block storage are sharing the same available resources on my nodes while I have a separate server for (NFS) file storage.\n\n### Core Components\n\n\u003c!-- - [actions-runner-controller](https://github.com/actions/actions-runner-controller): Self-hosted Github runners. --\u003e\n- [cert-manager](https://cert-manager.io/docs/): Creates SSL certificates for services in my Kubernetes cluster.\n- [cilium](https://cilium.io/): Internal Kubernetes networking plugin.\n- [cloudflared](https://github.com/cloudflare/cloudflared): Enables Cloudflare secure access to certain ingresses.\n- [external-dns](https://github.com/kubernetes-sigs/external-dns): Automatically manages DNS records from my cluster in a cloud DNS provider.\n- [external-secrets](https://github.com/external-secrets/external-secrets/): Managed Kubernetes secrets using [1Password Connect](https://github.com/1Password/connect).\n- [ingress-nginx](https://github.com/kubernetes/ingress-nginx/): Ingress controller to expose HTTP traffic to pods over DNS.\n- [rook-ceph](https://github.com/rook/rook): Distributed block storage for peristent storage.\n- [spegel](https://github.com/spegel-org/spegel): Stateless cluster local OCI registry mirror.\n- [volsync](https://github.com/backube/volsync): Backup and recover of persistent volume claims.\n\n### GitOps\n\n[Flux](https://github.com/fluxcd/flux2) watches my [kubernetes](./kubernetes/) folder (see Directories below) and makes the changes to my cluster based on the YAML manifests.\n\nThe way Flux works for me here is it will recursively search the [kubernetes/apps](./kubernetes/apps) folder until it finds the most top level `kustomization.yaml` per directory and then apply all the resources listed in it. That aforementioned `kustomization.yaml` will generally only have a namespace resource and one or many Flux kustomizations. Those Flux kustomizations will generally have a `HelmRelease` or other resources related to the application underneath it which will be applied.\n\n[Renovate](https://github.com/renovatebot/renovate) watches my **entire** repository looking for dependency updates, when they are found a PR is automatically created. When some PRs are merged [Flux](https://github.com/fluxcd/flux2) applies the changes to my cluster.\n\n### Directories\n\nThis Git repository contains the following directories under [kubernetes](./kubernetes/).\n\n```sh\nšŸ“ kubernetes # Kubernetes cluster defined as code\nā”œā”€šŸ“ apps # Apps deployed into my cluster grouped by namespace (see below)\nā”œā”€šŸ“ components # re-usable kustomize components \nā””ā”€šŸ“ flux # Flux System configuration plus re-usable components\n```\n\n### Flux Workflow\n\nThis is a high-level look how Flux deploys my applications with dependencies. In most cases a `HelmRelease` will depend on other `HelmRelease`'s, in other cases a `Kustomization` will depend on other `Kustomization`'s, and in rare situations an app can depend on a `HelmRelease` and a `Kustomization`. The example below shows that `bookstack` won't be deployed or upgraded until the `rook-ceph-cluster` Helm release is installed or in a healthy state.\n\n```mermaid\ngraph TD\n A\u003eKustomization: rook-ceph] --\u003e|Creates| B[HelmRelease: rook-ceph]\n A\u003eKustomization: rook-ceph] --\u003e|Creates| C[HelmRelease: rook-ceph-cluster]\n C\u003eHelmRelease: rook-ceph-cluster] --\u003e|Depends on| B\u003eHelmRelease: rook-ceph]\n D\u003eKustomization: bookstack] --\u003e|Creates| E(HelmRelease: bookstack)\n E\u003eHelmRelease: bookstack] --\u003e|Depends on| C\u003eHelmRelease: rook-ceph-cluster]\n```\n\n---\n\n## ā˜ļø Cloud Dependencies\n\nWhile most of my infrastructure and workloads are selfhosted I do rely upon the cloud for certain key parts of my setup. This saves me from having to worry about two things. (1) Dealing with chicken/egg scenarios and (2) services I critically need whether my cluster is online or not.\n\nThe alternative solution to these two problems would be to host a Kubernetes cluster in the cloud and deploy applications like [HCVault](https://www.vaultproject.io/), [Vaultwarden](https://github.com/dani-garcia/vaultwarden), [ntfy](https://ntfy.sh/), and [Gatus](https://gatus.io/). However, maintaining another cluster and monitoring another group of workloads is a lot more time and effort than I am willing to put in.\n\n| Service | Use | Cost |\n|-------------------------------------------------|-------------------------------------------------------------------|----------------|\n| [1Password](https://1password.com/) | Secrets with [External Secrets](https://external-secrets.io/) | ~$65/yr |\n| [Cloudflare](https://www.cloudflare.com/) | Domain, DNS and proxy management | ~$30/yr |\n| [GitHub](https://github.com/) | Hosting this repository and continuous integration/deployments | Free |\n| [Healthchecks.io](https://healthchecks.io/) | External alerting if cluster goes down | Free |\n| [Migadu](https://migadu.com/) | Email Hosting | ~$20/yr |\n| | | Total: ~$10/mo |\n\n---\n\n### Ingress Controller\n\nExternal access to my cluster is done using a [Cloudflare](https://www.cloudflare.com/) tunnel. This works to prevent me from having to open ports in my router / firewall, as you would normally have to do to allow access to internal services.\n\n### Internal DNS\n\nMy `pfSense` router serves as my Internal DNS server and is listening on `:53`. All DNS queries for _**my**_ domains are forwarded to [k8s_gateway](https://github.com/ori-edge/k8s_gateway) that is running in my cluster. With this setup `k8s_gateway` has direct access to my clusters ingresses and services and serves DNS for them in my internal network.\n\n### Ad Blocking\n\nMy `pfSense` router is utilizing the `pfBlockerNG` plugin which allows me to filter out known ad-serving sites \u0026 domains.\n\n### External DNS\n\n[external-dns](https://github.com/kubernetes-sigs/external-dns) is deployed in my cluster and configure to sync DNS records to [Cloudflare](https://www.cloudflare.com/). The only ingresses `external-dns` looks at to gather DNS records to put in `Cloudflare` are ones that have an annotation of `external-dns.alpha.kubernetes.io/target`\n\n---\n\n## šŸ”§ Hardware\n\n\u003cdetails\u003e\n \u003csummary\u003eClick to see da rack!\u003c/summary\u003e\n\n \u003cimg src=\"https://raw.githubusercontent.com/smbonn2005/HomeOps/main/icons/rack.jpg\" align=\"center\" width=\"200px\" alt=\"rack\"/\u003e\n\u003c/details\u003e\n\n| Device | Count | OS Disk Size | Data Disk Size | Ram | Operating System | Purpose |\n|---------------------------|-------|--------------|-----------------------------|------|------------------|---------------------|\n| Supermicro SuperServer 1U | 1 | 256GB NVMe | - | 16GB | pfSense | Router |\n| Intel NUC11PAHi7 | 3 | 250GB SSD | 2TB NVMe (rook-ceph) | 64GB | Talos | Kubernetes Masters |\n| Intel NUC11PAHi7 | 1 | 250GB SSD | 1TB NVMe | 64GB | XCP-NG | VM Hypervisor |\n| Minisforum MS01 | 1 | 2x 64GB NVMe | 6x12TB ZFS (mirrored vdevs) | 64GB | TrueNas Scale | NFS + Backup Server |\n| APC SMT3000 w/ NIC | 1 | - | - | - | - | UPS |\n| Dell 8132F Switch | 1 | - | - | - | - | Core 10Gb Switch |\n| Dell X1052 Switch | 1 | - | - | - | - | Service Switch |\n\n---\n\n## ā­ Stargazers\n\n\u003cdiv align=\"center\"\u003e\n\n[![Star History Chart](https://api.star-history.com/svg?repos=smbonn2005/HomeOps\u0026type=Date)](https://star-history.com/#smbonn2005/HomeOps\u0026Date)\n\n\u003c/div\u003e\n\n---\n\n## šŸ¤ Gratitude and Thanks\n\nThanks to all the people who donate their time to the [Kubernetes @Home](https://discord.gg/k8s-at-home) Discord community. A lot of inspiration for my cluster comes from the people that have shared their clusters using the [k8s-at-home](https://github.com/topics/k8s-at-home) GitHub topic. Be sure to check out the [Kubernetes @Home search](https://nanne.dev/k8s-at-home-search/) for ideas on how to deploy applications or get ideas on what you can deploy. Also a massive thanks to [onedr0p](https://github.com/onedr0p/) specifically for spending so much time cultivating this entire project, and helping people with questions along the way.\n\n---\n\n## šŸ“œ Changelog\n\nSee my _realllllly bad_ [commit history](https://github.com/smbonn2005/HomeOps/commits/main)\n\n---\n\n## šŸ” License\n\nSee [LICENSE](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmbonn2005%2FHomeOps","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsmbonn2005%2FHomeOps","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsmbonn2005%2FHomeOps/lists"}