https://github.com/kha7iq/homeops
GitOps-managed homelab with Talos, Kubernetes, Argo CD, and Bitwarden for secrets managment.
https://github.com/kha7iq/homeops
argocd bitwarden external-secrets homelab kubernetes talos
Last synced: 9 months ago
JSON representation
GitOps-managed homelab with Talos, Kubernetes, Argo CD, and Bitwarden for secrets managment.
- Host: GitHub
- URL: https://github.com/kha7iq/homeops
- Owner: kha7iq
- Created: 2025-02-13T03:48:23.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-02-16T07:19:00.000Z (over 1 year ago)
- Last Synced: 2025-02-16T08:19:59.278Z (over 1 year ago)
- Topics: argocd, bitwarden, external-secrets, homelab, kubernetes, talos
- Homepage:
- Size: 80.1 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ποΈ HomeOps
This repository contains the infrastructure and Kubernetes cluster configuration for my homelab, managed using GitOps principles.
The stack is powered by **[Talos](https://talos.dev)**, **[Kubernetes](https://kubernetes.io/)**, and **[Argo CD](https://argoproj.github.io/cd/)**,
with automation assistance from **[Renovate](https://www.mend.io/renovate/)**.
Most workloads run on a **Talos-powered Kubernetes cluster**, while **storage services** are handled by a dedicated
**[OpenMediaVault](https://www.openmediavault.org/) Server & [Longhorn](https://github.com/longhorn/longhorn)**.
To securely manage secrets, it uses **[External Secrets Operator](https://external-secrets.io/)**
integrated with **[Bitwarden](https://bitwarden.com/)** as the secret backend.
Configuration is structured using **Kustomized Helm**, with **[Argo CD](https://argoproj.github.io/cd/)** orchestrating application deployments.
---
## π οΈ Core Components
Hereβs a quick rundown of the key technologies in this setup:
- **[Cilium](https://cilium.io/):** eBPF-based networking, observability, and security for Kubernetes.
- **[Argo CD](https://argo-cd.readthedocs.io/en/stable/):** GitOps-driven continuous deployment for Kubernetes workloads.
- **[Cert-manager](https://cert-manager.io/):** Automated certificate management for TLS security.
- **[External Secrets](https://external-secrets.io/):** Open-source external secret management systems.
- **[Gateway API](https://gateway-api.sigs.k8s.io/):** The next-gen Kubernetes Ingress for advanced traffic routing.
- **[Technitium](https://github.com/TechnitiumSoftware/DnsServer):** DNS Server & ad-blocker.
- **[Netbird](https://netbird.io/):** Secure, self-hosted VPN alternative with a mesh networking approach.
---
## ποΈ Folder Structure
```shell
homeops
βββ π argocd-apps
βΒ Β βββ databases
βΒ Β βββ logging
βΒ Β βββ network
βΒ Β βββ observability
βΒ Β βββ security
βΒ Β βββ tools
βΒ Β βββ web
βββ π bootstrap
βΒ Β βββ argocd
βΒ Β βββ cilium
βΒ Β βββ crds
βΒ Β βββ csr-approver
βΒ Β βββ external-secrets
βββ π services
βΒ Β βββ database
βΒ Β βββ network
βΒ Β βββ observability
βΒ Β βββ security
βΒ Β βββ storage
βΒ Β βββ tools
βΒ Β βββ web
βββ π talos
βββ clusterconfig
βββ patches
```
## ποΈ Hardware Overview
Below is a list of the hardware used in the HomeOps setup:
| Device | Model | CPU | RAM | Storage | Role |
|----------------------|------------------|-----------------------------|-------|--------------------------------|---------------------|
| Lenovo SFF M900 (x4) | Lenovo M900 SFF | Intel Core i5 @ 3.2 GHz | 32GB | 512GB SATA SSD + 128GB NVMe | Worker Nodes |
| Raspberry Pi 4 | RPI 4 | ARM Cortex-A72 @ 1.5 GHz | 8GB | 32GB MicroSD | Master Node |
| Raspberry Pi 3 | RPI 3 | ARM Cortex-A53 @ 1.2 GHz | 1GB | 16GB | Dedicated DNS Server |
| Desktop | Custom Build | Intel Core i7-6700 @ 3.4 GHz | 16GB | 2TB SATA SSD | NAS (Some other Services) |
## Bootstrapping Your HomeOps Environment
For detailed steps on bootstrapping your environment, check out the [Bootstrap Guide](bootstrap/README.md).
## β
TODO List
- [x] π§ **Configure Renovate for Automated Dependency Updates**
- [ ] π **Improve networking policies with Cilium.**
- [ ] π **Document services configuration & deployment.**