This is the IaC configuration for my homelab. It's mainly powered by Kubernetes and I do my best to adhere to GitOps practices.
To organise all the configuration I've opted for an approach using Kustomized Helm with Argo CD which I've explained in more detail here.
I try to journal my adventures and exploits on my blog which is hosted by this repo.
If you're new to Kubernetes I've written a fairly thorough guide on Bootstrapping k3s with Cilium. In the article I try to guide you from a fresh Debian 12 Bookworm install to a working cluster using the k3s flavour of Kubernetes with Cilium as a CNI and IngressController.
I've also written an article on how to get started with Kubernetes on Proxmox if virtualisation is more your thing.
A third option is the Quickstart in the docs-folder.
I also have a "mini-cluster" repo which might be easier to start understanding over at GitLab.
- Argo CD: Declarative, GitOps continuous delivery tool for Kubernetes.
- Cert-manager: Cloud native certificate management.
- Cilium: eBPF-based Networking, Observability, Security.
- OpenTofu: The open source infrastructure as code tool.
- Sealed-secrets: Encrypt your Secret into a SealedSecret, which is safe to store - even inside a public repository.
apps
: Different applications that I run in the cluster.charts
: Tailor made Helm charts for this cluster.docs
: Supplementary documentation.infra
: Configuration for core infrastructure componentsmachines
: OpenTofu/Terraform configuration. Each sub folder is a physical machine.sets
: Holds Argo CD Applications that points to theapps
andinfra
folders for automatic Git-syncing.
Name | Device | CPU | RAM | Storage | Purpose |
---|---|---|---|---|---|
Gauss | Dell Precision Tower 5810 | Xeon E5-1650 v3 | 64 GB DDR4 ECC | 14 TiB HDD | - |
Euclid | ASUS ExpertCenter PN42 | Intel N100 | 32 GB DDR4 | - | - |
- Clean up DNS config
- Renovate for automatic updates
- Build a NAS for storage
- Template Gauss
- Replace Pi Hole with AdGuard Home
- Use iGPU on Euclid for video transcoding
- Replace Traefik with Cilium Ingress Controller
- Cilium mTLS & SPIFFE/SPIRE
- Use Talos instead of Debian for Kubernetes
- Keycloak for auth
- Dynamic Resource Allocation for GPU
- Local LLM
- pfSense
- Use NetBird or Tailscale
- Use BGP instead of ARP