My Home Operations Repository

... managed with Flux and Renovate, and GitHub Actions 🤖

           

📖 Overview

This is a mono repository for my home infrastructure and Kubernetes cluster. I try to adhere to Infrastructure as Code (IaC) and GitOps practices using tools like Terraform, Kubernetes, FluxCD, Renovate, and GitHub Actions.

⛵ Kubernetes

There is a template over at onedr0p/flux-cluster-template if you want to try and follow along with some of the practices I use here.

Installation

My cluster is k3s provisioned overtop bare-metal Ubuntu. This is a semi-hyper-converged cluster, workloads and block storage are sharing the same available resources on my nodes while I have a separate server with BTRFS for NFS/SMB shares, bulk file storage and backups.

Core Components

• cilium: internal Kubernetes networking plugin
• cert-manager: creates SSL certificates for services in my cluster
• external-dns: automatically syncs DNS records from my cluster ingresses to a DNS provider
• ingress-nginx: ingress controller for Kubernetes using NGINX as a reverse proxy and load balancer
• sops: managed secrets for Kubernetes, Ansible, and Terraform which are committed to Git

GitOps

FluxCD watches the clusters in my kubernetes folder (see Directories below) and makes the changes to my clusters based on the state of my Git repository.

The way Flux works for me here is it will recursively search the kubernetes/${cluster}/apps folder until it finds the most top level kustomization.yaml per directory and then apply all the resources listed in it. That aforementioned kustomization.yaml will generally only have a namespace resource and one or many Flux kustomizations (ks.yaml). Under the control of those Flux kustomizations there will be a HelmRelease or other resources related to the application which will be applied.

Renovate watches my entire repository looking for dependency updates, when they are found a PR is automatically created. When some PRs are merged Flux applies the changes to my cluster.

Directories

This Git repository contains the following directories under Kubernetes.

📁 kubernetes
├── 📁 apps           # applications
├── 📁 bootstrap      # bootstrap procedures
├── 📁 flux           # core flux configuration
└── 📁 templates      # re-useable components

Repo Index

Clusters

• gabernetes
• templates
• tennant

Apps

gabernetes

Namespace	Kind	Name	Supporting Services
adguard-home	HelmRelease	adguard-home	borgmatic
	HelmRelease	adguard-home-external-dns
ascii-movie	HelmRelease	ascii-movie
authentik	HelmRelease	authentik	borgmatic, postgresql, valkey
bookstack	HelmRelease	bookstack	borgmatic
castsponsorskip	HelmRelease	castsponsorskip
change-detection	HelmRelease	change-detection
cnpg-system	HelmRelease	cnpg
domain-watch	HelmRelease	domain-watch
esphome	HelmRelease	esphome	borgmatic
external-dns	HelmRelease	dynamic-ip
flux-system	GitRepository	home-ops
	GitRepository	home-ops-private
generic-device-plugin	HelmRelease	generic-device-plugin
geoip	HelmRelease	geoip	valkey
gitea	HelmRelease	gitea	borgmatic, postgresql, valkey
hammond	HelmRelease	hammond
headscale	HelmRelease	headscale	borgmatic, postgresql
healthchecks	HelmRelease	healthchecks	borgmatic, postgresql
home-assistant	HelmRelease	home-assistant	borgmatic, postgresql
	HelmRelease	piper
homepage	HelmRelease	homepage
immich	HelmRelease	immich	borgmatic, postgresql, valkey
intel-gpu-plugin	GitRepository	intel-gpu-plugin
kromgo	HelmRelease	kromgo
kube-system	HelmRelease	cilium
	HelmRelease	kube-vip
	HelmRelease	metrics-server
	GitRepository	multus
lidarr	HelmRelease	lidarr
linkding	HelmRelease	linkding	borgmatic, postgresql
longhorn-system	HelmRelease	longhorn
matrimony	HelmRelease	matrimony	borgmatic
mattermost	HelmRelease	mattermost	borgmatic, postgresql
memos	HelmRelease	memos	borgmatic, postgresql
metallb-system	HelmRelease	metallb
miniflux	HelmRelease	miniflux	borgmatic, postgresql
minio	HelmRelease	minio	borgmatic
monica	HelmRelease	monica	borgmatic
mosquitto	HelmRelease	mosquitto
nextcloud	HelmRelease	nextcloud	borgmatic, postgresql
nfs-provisioner	HelmRelease	nfs-subdir-external-provisioner
nightscout	HelmRelease	nightscout	borgmatic
node-feature-discovery	HelmRelease	node-feature-discovery
nvidia-device-plugin	HelmRelease	nvidia-device-plugin
obico	HelmRelease	obico	borgmatic
open-webui	HelmRelease	open-webui	borgmatic, postgresql
overseerr	HelmRelease	overseerr	borgmatic
paperless-ngx	HelmRelease	paperless-ngx	borgmatic, postgresql, valkey
pictshare	HelmRelease	pictshare
plausible	HelmRelease	plausible	clickhouse, postgresql
plex	HelmRelease	plex	borgmatic
prometheus	HelmRelease	kube-prometheus-stack	borgmatic
	HelmRelease	nut-exporter
prowlarr	HelmRelease	prowlarr	borgmatic
qbittorrent	HelmRelease	qbittorrent	borgmatic
radarr	HelmRelease	radarr	borgmatic
relax-sounds	HelmRelease	relax-sounds	borgmatic
renovate	HelmRelease	renovate	postgresql
	HelmRelease	renovate-exporter
scanservjs	HelmRelease	scanservjs
shlink	HelmRelease	shlink	borgmatic, postgresql
sonarr	HelmRelease	sonarr	borgmatic
stable-diffusion	HelmRelease	stable-diffusion-webui
stirling-pdf	HelmRelease	stirling-pdf
system-upgrade	GitRepository	system-upgrade-controller
tandoor	HelmRelease	tandoor	borgmatic, postgresql
tautulli	HelmRelease	tautulli	borgmatic
theme-park	HelmRelease	theme-park
transsmute	HelmRelease	transsmute
uptime-kuma	HelmRelease	uptime-kuma	borgmatic
vaultwarden	HelmRelease	vaultwarden	borgmatic, postgresql
vikunja	HelmRelease	vikunja	borgmatic, postgresql, valkey
weave-gitops	HelmRelease	weave-gitops
zigbee2mqtt	HelmRelease	zigbee2mqtt	borgmatic
zwave-js-ui	HelmRelease	zwave-js-ui	borgmatic

templates

Namespace	Kind	Name	Supporting Services
cert-manager	HelmRelease	cert-manager
external-dns	HelmRelease	external-dns
ingress-nginx	HelmRelease	ingress-nginx
reflector	HelmRelease	reflector
reloader	HelmRelease	reloader

tennant

Namespace	Kind	Name	Supporting Services
ascii-movie	HelmRelease	ascii-movie
flux-system	GitRepository	home-ops
	GitRepository	home-ops-private
portfolio	HelmRelease	portfolio	borgmatic
prometheus	HelmRelease	kube-prometheus-stack