{"id":13552476,"url":"https://github.com/toboshii/home-ops","last_synced_at":"2026-01-18T07:05:34.052Z","repository":{"id":38038539,"uuid":"366592227","full_name":"toboshii/home-ops","owner":"toboshii","description":"My home Kubernetes cluster managed by GitOps (Flux), deployed on Talos Linux.","archived":false,"fork":false,"pushed_at":"2026-01-13T08:09:58.000Z","size":2838,"stargazers_count":375,"open_issues_count":89,"forks_count":17,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-01-13T10:47:06.463Z","etag":null,"topics":["ansible","bgp","external-dns","flux","gitops","k8s","k8s-at-home","k8s-gateway","kubernetes","kubernetes-cluster","sops","talos","terraform"],"latest_commit_sha":null,"homepage":"https://toboshii.github.io/home-ops","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/toboshii.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-05-12T04:31:00.000Z","updated_at":"2026-01-09T15:11:50.000Z","dependencies_parsed_at":"2023-12-24T19:46:29.139Z","dependency_job_id":"4c70ee3e-ab73-4eb4-b7e8-91a370a31fb1","html_url":"https://github.com/toboshii/home-ops","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/toboshii/home-ops","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toboshii%2Fhome-ops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toboshii%2Fhome-ops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toboshii%2Fhome-ops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toboshii%2Fhome-ops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/toboshii","download_url":"https://codeload.github.com/toboshii/home-ops/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/toboshii%2Fhome-ops/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28532628,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T00:39:45.795Z","status":"online","status_checked_at":"2026-01-18T02:00:07.578Z","response_time":98,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","bgp","external-dns","flux","gitops","k8s","k8s-at-home","k8s-gateway","kubernetes","kubernetes-cluster","sops","talos","terraform"],"created_at":"2024-08-01T12:02:04.614Z","updated_at":"2026-01-18T07:05:34.004Z","avatar_url":"https://github.com/toboshii.png","language":"Shell","funding_links":[],"categories":["Shell"],"sub_categories":[],"readme":"\u003cimg src=\"https://camo.githubusercontent.com/5b298bf6b0596795602bd771c5bddbb963e83e0f/68747470733a2f2f692e696d6775722e636f6d2f7031527a586a512e706e67\" align=\"left\" width=\"144px\" height=\"144px\"/\u003e\n\n# My home operations repository šŸŽ›šŸ”Ø\n_... managed by Flux Renovate, and GitHub Actions_ šŸ¤–\n\n\u003cbr /\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n[![Discord](https://img.shields.io/discord/673534664354430999?style=for-the-badge\u0026label=discord\u0026logo=discord\u0026logoColor=white)](https://discord.gg/k8s-at-home)\n[![talos](https://img.shields.io/badge/talos-v1.1.2-brightgreen?style=for-the-badge\u0026logo=linux\u0026logoColor=white)](https://www.talos.dev/)\n[![kubernetes](https://img.shields.io/badge/kubernetes-v1.24.3-brightgreen?style=for-the-badge\u0026logo=kubernetes\u0026logoColor=white)](https://kubernetes.io/)\n[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit\u0026logoColor=white\u0026style=for-the-badge)](https://github.com/pre-commit/pre-commit)\n[![GitHub Workflow Status](https://img.shields.io/github/workflow/status/toboshii/home-ops/Schedule%20-%20Renovate?label=renovate\u0026logo=renovatebot\u0026style=for-the-badge)](https://github.com/toboshii/home-ops/actions/workflows/schedule-renovate.yaml)\n[![Lines of code](https://img.shields.io/tokei/lines/github/toboshii/home-ops?style=for-the-badge\u0026color=brightgreen\u0026label=lines\u0026logo=codefactor\u0026logoColor=white)](https://github.com/toboshii/home-ops/graphs/contributors)\n\n\u003c/div\u003e\n\n---\n\n## šŸ“– Overview\n\nThis is a mono repository for my home infrastructure and Kubernetes cluster implementing Infrastructure as Code (IaC) and GitOps practices using tools like [Kubernetes](https://kubernetes.io/), [Flux](https://github.com/fluxcd/flux2), [Renovate](https://github.com/renovatebot/renovate) and [GitHub Actions](https://github.com/features/actions).\n\nFeel free to open a [Github issue](https://github.com/toboshii/home-ops/issues/new/choose) or join the [k8s@home Discord](https://discord.gg/sTMX7Vh) if you have any questions.\n\n---\n\n## ā›µ Kubernetes\n\nThis repo generally attempts to follow the structure and practices of the excellent [k8s-at-home/template-cluster-k3](https://github.com/k8s-at-home/template-cluster-k3s), check it out if you're uncomfortable starting out with an immutable operating system.\n\n### Installation\n\nThe cluster is running on [Talos Linux](https://talos.dev/), an immutable and ephemeral Linux distribution built around Kubernetes, deployed on bare-metal. [Rook Ceph](https://rook.io/) running hyper-converged with workloads provides persistent block and object storage, while a seperate server provides bulk (NFS) file storage.\n\n### Core components\n\n- [cilium/cilium](https://github.com/cilium/cilium): Internal Kubernetes networking plugin.\n- [rook/rook](https://github.com/rook/rook): Distributed block storage for peristent storage.\n- [mozilla/sops](https://toolkit.fluxcd.io/guides/mozilla-sops/): Manages secrets for Kubernetes, Ansible and Terraform.\n- [kubernetes-sigs/external-dns](https://github.com/kubernetes-sigs/external-dns): Automatically manages DNS records from my cluster in a cloud DNS provider.\n- [jetstack/cert-manager](https://cert-manager.io/docs/): Creates SSL certificates for services in my Kubernetes cluster.\n- [kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx/): Ingress controller to expose HTTP traffic to pods over DNS.\n\n### GitOps\n\n[Flux](https://github.com/fluxcd/flux2) watches my [cluster](./cluster/) folder (see Directories below) and makes the changes to my cluster based on the YAML manifests.\n\n[Renovate](https://github.com/renovatebot/renovate) watches my **entire** repository looking for dependency updates, when they are found a PR is automatically created. When PRs are merged, [Flux](https://github.com/fluxcd/flux2) applies the changes to my cluster.\n\n### Directories\n\nThis Git repository contains the following directories (_kustomizatons_) under [cluster](./cluster/).\n\n```sh\nšŸ“ cluster # k8s cluster defined as code\nā”œā”€šŸ“ bootstrap # contains the initial kustomization used to install flux\nā”œā”€šŸ“ flux # flux, gitops operator, loaded before everything\nā”œā”€šŸ“ crds # custom resources, loaded before šŸ“ core and šŸ“ apps\nā”œā”€šŸ“ charts # helm repos, loaded before šŸ“ core and šŸ“ apps\nā”œā”€šŸ“ config # cluster config, loaded before šŸ“ core and šŸ“ apps\nā”œā”€šŸ“ core # crucial apps, namespaced dir tree, loaded before šŸ“ apps\nā””ā”€šŸ“ apps # regular apps, namespaced dir tree, loaded last\n```\n\n### Networking\n\n| Name | CIDR |\n|----------------------------------------------|-----------------|\n| Kubernetes Nodes | `10.75.40.0/24` |\n| Kubernetes external services (Cilium w/ BGP) | `10.75.45.0/24` |\n| Kubernetes pods | `172.22.0.0/16` |\n| Kubernetes services | `172.24.0.0/16` |\n\n## šŸŒ DNS\n\n### Ingress Controller\n\nOver WAN, I have port forwarded ports `80` and `443` to the load balancer IP of my ingress controller that's running in my Kubernetes cluster.\n\n[Cloudflare](https://www.cloudflare.com/) works as a proxy to hide my homes WAN IP and also as a firewall. When not on my home network, all the traffic coming into my ingress controller on port `80` and `443` comes from Cloudflare. In `VyOS` I block all IPs not originating from [Cloudflares list of IP ranges](https://www.cloudflare.com/ips/).\n\nšŸ”ø _Cloudflare is also configured to GeoIP block all countries except a few I have whitelisted_\n\n### Internal DNS\n\n[k8s_gateway](https://github.com/ori-edge/k8s_gateway) is deployed on my router running [VyOS](https://vyos.io/). With this setup, `k8s_gateway` has direct access to my clusters ingress records and serves DNS for them in my internal network.\n\nWithout much engineering of DNS @home, these options have made my `VyOS` router a single point of failure for DNS. I believe this is ok though because my router _should_ have the most uptime of all my systems.\n\n### External DNS\n\n[external-dns](https://github.com/kubernetes-sigs/external-dns) is deployed in my cluster and configured to sync DNS records to [Cloudflare](https://www.cloudflare.com/). The only ingresses `external-dns` looks at to gather DNS records to put in `Cloudflare` are ones where I explicitly set an annotation of `external-dns.home.arpa/enabled: \"true\"`\n\n---\n\n## šŸ”§ Hardware\n\n| Device | Count | OS Disk Size | Data Disk Size | Ram | Operating System | Purpose |\n|---------------------------|-------|--------------|----------------------------|-------|------------------|--------------------------------|\n| Dell R220 | 1 | 120GB SSD | N/A | 16GB | VyOS 1.4 | Router |\n| HP S01-pf1000 | 3 | 120GB SSD | N/A | 8GB | Talos Linux | Kubernetes Control Nodes |\n| HP S01-pf1000 | 3 | 120GB SSD | 1TB NVMe (rook-ceph) | 32GB | Talos Linux | Kubernetes Workers |\n| SuperMicro SC836 | 1 | 120GB SSD | 16x8TB + 16x3TB ZFS RAIDZ2 | 192GB | Ubuntu 20.04 | NFS |\n| Brocade ICX 6610 | 1 | N/A | N/A | N/A | N/A | Core Switch |\n| Raspberry Pi 4B | 1 | 32GB SD Card | N/A | 4GB | PiKVM | Network KVM |\n| TESmart 8 Port KVM Switch | 1 | N/A | N/A | N/A | N/A | Network KVM switch for PiKVM |\n| APC SUA3000RMXL3U w/ NIC | 1 | N/A | N/A | N/A | N/A | UPS |\n| APC AP7930 | 1 | N/A | N/A | N/A | N/A | PDU |\n\n---\n\n## šŸ¤ Thanks\n\nThanks to all folks who donate their time to the [Kubernetes @Home](https://github.com/k8s-at-home/) community. A lot of inspiration for my cluster came from those that have shared their clusters over at [awesome-home-kubernetes](https://github.com/k8s-at-home/awesome-home-kubernetes).\n\n---\n\n## šŸ“œ Changelog\n\nSee [commit history](https://github.com/onedr0p/home-ops/commits/main)\n\n---\n\n## šŸ” License\n\nSee [LICENSE](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoboshii%2Fhome-ops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftoboshii%2Fhome-ops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftoboshii%2Fhome-ops/lists"}