Home Operations

HomeOps repo managed by k8s ☸️

... automated via Flux, Renovate and GitHub Actions 🤖

           

     

                 

---

📖 Overview

Here, I perform DevOps best practices at home. I adhere to Infrastructure as Code (IaC) and GitOps practices using tools like Kubernetes, Flux, Renovate and GitHub Actions. My cluster runs on three control-plane Talos nodes virtualized on Proxmox with Rook-Ceph for distributed storage.

⛵ Kubernetes

My Kubernetes cluster runs Talos Linux on three control-plane nodes. Two are deployed bare metal and one is deployed as Proxmox VM. Talos is a fantastic lightweight Kubernetes distribution that provides a minimal, hardened, and API-driven OS — I highly recommend it to anyone seeking a secure and reproducible Kubernetes setup.

There is a template over at onedr0p/cluster-template if you wanted to try and follow along with some of the practices I use here.

Core Components

Networking:

• cilium — eBPF-based CNI providing networking, observability, and security (kube-proxy replacement)
• cloudflared — Cloudflare Tunnel for secure external ingress
• external-dns — automatic DNS record synchronization to Cloudflare (public) and UniFi (private)
• Gateway API — dual external/internal gateways with cert-manager TLS via Cilium

Storage:

• rook-ceph — distributed block storage for persistent volumes
• csi-driver-nfs — NFS volume provisioning for media shares
• volsync — PVC backup and replication
• kopia — snapshot-based backup client

Secrets & Security:

• external-secrets — syncs secrets from 1Password Connect into Kubernetes
• cert-manager — automated TLS certificate management with Let's Encrypt
• sops — encrypted secrets committed to Git with Age

GitOps & Automation:

• flux — GitOps operator watching my kubernetes/ directory
• renovate — automated dependency updates via PRs
• reloader — restarts pods when ConfigMaps or Secrets change
• keda — event-driven autoscaling

Observability:

• victoria-metrics — Prometheus-compatible metrics storage and querying
• victoria-logs — log storage and querying
• grafana — dashboards and visualizations
• gatus — service health monitoring and status page
• kromgo — custom badges for README
• coroot — APM and root-cause analysis
• chaski — custom alert routing and webhook receiver

Cluster Utilities:

• spegel — peer-to-peer OCI image mirroring between nodes
• metrics-server — resource metrics for HPA and kubectl top
• intel-device-plugin-operator — Intel GPU device plugin for hardware transcoding
• dragonfly — Redis-compatible in-memory datastore

☸ GitOps

Flux watches my kubernetes folder (see Directories below) and makes the changes to my cluster based on the YAML manifests.

The way Flux works for me here is it will recursively search the kubernetes/apps folder until it finds the most top level kustomization.yaml per directory and then apply all the resources listed in it. That aforementioned kustomization.yaml will generally only have a namespace resource and one or many Flux kustomizations. Those Flux kustomizations will generally have a HelmRelease or other resources related to the application underneath it which will be applied.

Renovate watches my entire repository looking for dependency updates, when they are found a PR is automatically created. When some PRs are merged Flux applies the changes to my cluster.

Directories

This Git repository contains the following directories under kubernetes.

📁 kubernetes      # Kubernetes cluster defined as code
├─📁 flux          # Main Flux configuration of repository
├─📁 apps          # Apps deployed into my cluster grouped by namespace
└─📁 components    # Reusable Kustomize components

📁 talos           # Talos Linux node configuration and patches

🗄️ Hardware

My homelab runs on the following hardware. All Kubernetes nodes are Talos Linux VMs running on Proxmox.

Device	OS Disk	Data Disk	RAM	Details
Proxmox VE	NVMe	NVMe	64GB	Main hypervisor
k8s-0 (VM)	250GB	250GB	32GB	Talos control-plane, Intel ARC GPU
k8s-1 (VM)	eMMC 30GB	250GB	32GB	Talos control-plane
k8s-2 (VM)	1TB SSD	250GB	32GB	Talos control-plane, e1000e driver
TrueNAS SCALE (VM)	SSD 20GB	40TB ZFS	64GB	NFS/SMB storage — 4x10TB HDD RAIDZ2
Unifi UDM Pro	SSD 14GB	HDD 1TB	4GB	Router and security gateway
Unifi Switch 16 PoE	N/A	N/A	N/A	PoE+ switch
Offsite VM	60GB	8TB	8GB	Offsite backup target

🏠 Applications

Media:

App	Description
Plex	Media server and streaming
Plex-Music	Music streaming via Plexamp
Sonarr	TV show collection manager
Radarr	Movie collection manager
Prowlarr	Torrent/usenet indexer manager
Sabnzbd	Usenet downloader
Unpackerr	Auto-extracts downloaded archives
Recyclarr	Syncs TRaSH Guides profiles
FlareSolverr	Cloudflare anti-bot bypass
Seerr	Media request management
Tautulli	Plex statistics and monitoring
Komga	Comic/manga/ebook library
Kapowarr	Comic book collection manager

Home & Productivity:

App	Description
Home Assistant	Home automation platform
Glance	Personal dashboard
Karakeep	Bookmark manager
Paperless-ngx	Document management with OCR
Docmost	Collaborative wiki and notes
AFFiNE	Knowledge base workspace
Atuin	Shell history sync server

Infrastructure & Networking:

App	Description
Cloudflare Tunnel	Secure external ingress
Echo Server	Ingress/connectivity testing
Proxmox	Reverse proxy to hypervisor
TrueNAS	Reverse proxy to storage
Minecraft	Game server

📰 Blog post

Feel free to checkout my blog axell.dev which is also open source! I also have made a blog post about HW, what were my choices... which ones were good and which ones were bad. Click here.

🤝 Gratitude and Thanks

I am proud to be a member of the home operations (previously k8s-at-home) community! I received a lot of help and inspiration for my Kubernetes cluster from this community which helped a lot. Thanks! ❤️

If you are interested in running your own k8s cluster at home, I highly recommend you to check out the k8s-at-home website.

Be sure to check out kubesearch.dev for ideas on how to deploy applications or get ideas on what you may deploy.

🔏 License

See LICENCE.