🪨 Homelab 🏡

Repository for home infrastructure and Kubernetes cluster using GitOps practices.

Held together using Proxmox VE, OpenTofu, Talos, Kubernetes, Argo CD and copious amounts of YAML with some help from Renovate.

---

📖 Overview

This repository hosts the IaC (Infrastructure as Code) configuration for my homelab.

The Homelab is backed by Proxmox VE hypervisor nodes with VMs bootstrapped using OpenTofu/Terraform.

Most of the services run on Talos flavoured Kubernetes, though I'm also running a TrueNAS VM for storage and Home Assistant VM for home automation.

To organise all the configuration, I've opted for an approach using Kustomized Helm with Argo CD which I've explained in more detail in this article.

I journal my homelab journey over at my self-hosted blog.

🧑‍💻 Getting Started

If you're new to Kubernetes, I've written a fairly thorough guide on Bootstrapping k3s with Cilium. In the article I try to guide you from a fresh Debian 12 Bookworm installation to a working cluster using the k3s flavour of Kubernetes with Cilium as a CNI and IngressController.

I've also written an article on how to get started with Kubernetes on Proxmox if virtualisation is more your thing.

The current iteration of my homelab runs on Talos Kubernetes and is set up according to this article.

🏃 Devcontainer

A devcontainer containing the required tools is available for this repository as ghcr.io/vehagn/homelab-devcontainer. See ./devcontainer for details.

⚙️ Core Components

• Proxmox VE: Server management and KVM hypervisor.
• OpenTofu: Open source infrastructure as code tool.
• Cilium: eBPF-based Networking, Observability, Security.
• Proxmox CSI Plugin: CSI driver for storage
• Argo CD: Declarative, GitOps continuous delivery tool for Kubernetes.
• Cert-manager: Cloud native certificate management.
• Sealed-secrets: Encrypt your Secret into a SealedSecret, which is safe to store - even inside a public repository.
• Authelia: open-source authentication and authorization server
• Gateway API: Next generation of Kubernetes Ingress
• AdGuardHome: Domain name server backed by Unbound
• NetBird: Completely self hosted VPN solution
• CloudNativePG: PostgreSQL database operator

🗃️ Folder Structure

.
├── 📂 docs                # Documentation
├── 📂 k8s                 # Kubernetes manifests
│   ├── 📂 apps            # Applications
│   ├── 📂 infra           # Infrastructure components
│   └── 📂 sets            # Bootstrapping ApplicationSets
└── 📂 tofu                # Tofu configuration
    ├── 📂 home-assistant  # Home Assistant VM
    └── 📂 kubernetes      # Kubernetes VM configuration
        ├── 📂 bootstrap   # Kubernetes bootstrap config
        └── 📂 talos       # Talos configuration 

🖥️ Hardware

Name	Device	CPU	RAM	Storage	Purpose
Abel	CWWK 6 LAN Port	Intel i3-N305	48 GB DDR5	-	Control-plane
Euclid	ASUS ExpertCenter PN42	Intel N100	32 GB DDR4	-	Control-plane
Cantor	ASUS PRIME N100I-D D4	Intel N100	32 GB DDR4	5x8TB HDD RaidZ2	NAS/Control-plane
Gauss	Dell Precision Tower 5810	Xeon E5-1650 v3	64 GB DDR4 ECC	14 TB HDD	Compute

🏗️ Work in Progress

• External DNS
• Use BGP with Cilium and UniFi
• Hajimari dashboard
• Podcast client
• Immich for photos
• Nextcloud for files
• Self-hosted git-solution (Gitea, GitLab, etc.)

👷‍ Future Projects

• Explore Kanidm as an identity management platform
• Explore other database operators
• Implement LGTM-stack for monitoring
• Local LLM
• Dynamic Resource Allocation for GPU
• Cilium mTLS & SPIFFE/SPIRE
• Ceph for distributed storage
• OPNSense/pfSense/OpenWRT