This repository houses the code responsible for managing my home infrastructure.
The setup is based on Talos OS. I used Talhelper to generate the initial configs. Following the cluster deployment, Flux continuously monitors this repository for changes, and Renovate is used to handle automated dependency updates.
π infrastructure
βββ π talos
βββ π clusterconfig # holds the talos configuration for each node
βββ π integrations # helmfile for initial deployments
βββ π patches # talos patches
βββ talconfig.yaml
βββ talsecret.sops.yaml
π k8s
βββ π apps # applications
βββ π bootstrap # bootstrap procedures
βββ π flux # core flux configuration
π terraform
βββ π authentik
βββ π akeyless
βββ π backblaze
βββ π garage
βββ π minio
These tools complement the Kubernetes infrastructure by providing essential functionality for security, automation and infrastructure management
| Logo | Tool | Purpose |
|---|---|---|
 |
Sops | A flexible tool for managing repository secrets securely. |
 |
Pre-commit | Ensures consistency and quality of YAML and shell scripts in the repository. |
 |
Renovate | Automates the detection of new releases and creates pull requests accordingly. |
 |
Akeyless | A centralized platform for managing and securing certificates, credentials, and keys. |
 |
Cloudflare | DNS management service for handling domain name resolutions. |
 |
GMX | SMTP service provider for managing email communications. |
 |
Terraform | IAC tool for automating the provisioning and management of outside dependencies (Akeyless, Cloudflare, etc...). |
 |
Backblaze B2 | S3 Object Storage ( Mainly for Backups ) |
Hardware is a combination of mini PC's and desktop computers. Worker nodes have been upgraded to have more RAM.
| Devices | Count | Disk Size | RAM | Operating System | Purpose | Model |
|---|---|---|---|---|---|---|
| Bmax1-master | 1 | 128GB SSD | 8GB | Talos v1.12.0 | Kubernetes Control | Bmax B1Pro Gemini Lake N4000 |
| Soyo2-master | 1 | 512GB SSD | 16GB | Talos v1.12.0 | Kubernetes Control | SOYO m2 plus v1 |
| Soyo3-master | 1 | 512GB SSD | 16GB | Talos v1.12.0 | Kubernetes Control | SOYO m2 plus v1 |
| Hp-worker1 | 1 | 240GB SSD | 20GB | Talos v1.12.0 | Kubernetes Worker | Hp Elite Desk 800 G3 |
| Hp-worker2 | 1 | 1TB HDD + 240GB SSD | 28GB | Talos v1.12.0 | Kubernetes Worker | HP Compaq 8300 SFF |
| Hp-worker3 | 1 | 500GB HDD + 240GB SSD | 32GB | Talos v1.12.0 | Kubernetes Worker | HP Compaq 8300 SFF |
| LocalStorage-worker1 | 1 | 512GB SSD | 16GB | Talos v1.12.0 | Kubernetes Worker | SOYO Intel Alder Lake N95 |
| Raspberry PI 4 | 1 | 3TB (2 + 1) | 8GB | Pi OS | NAS - OpenMediaVault | |
| TP-Link LS108G | 1 | - | - | - | Switch |
| Logo | Name | Description |
|---|---|---|
 |
Cert Manager | Let's Encrypt Certificates for SSL/TLS |
 |
Cilium | CNI |
| Longhorn | Distributed block storage for POD's persistent volumes | |
 |
Garage | S3 Object storage |
 |
External DNS | Synchronizes exposed Kubernetes Services and Ingresses with DNS providers. |
 |
External Secrets Operator | Used with Akeyless Platform to retrieve and push secrets |
 |
Envoy Gateway | Kubernetes-based Application Gateway |
 |
Tailscale Operator | Secure access to Kubernetes |
 |
Cloudflared | Cloudflare Tunnel client |
 |
Dragonfly | Modern in-memory datastore, fully compatible with Redis and Memcached APIs |
 |
Volsync | PVC backups using Restic |
 |
Authentik | Open source identity provider |
 |
Flux CD | GitOps tool of choice |
The backbone of my home storage infrastructure is built on a Raspberry Pi 4 running OpenMediaVault, a dedicated network-attached storage solution. The system utilizes two SSDs (2TB + 1TB) configured to store:
- Media content (books, audiobooks)
- Longhorn volume backups
- System configurations
- Docker Containers Data
The NAS hosts several essential containers:
| Service | Description |
|---|---|
| Postgres | Reliable relational database for persistent data storage |
| PI-Hole | Network-wide ad blocking and local DNS management |
| TailNord | Tailscale exit node egressing over NordVPN |
Thanks to all the people who donate their time to the Home Operations Discord community. Be sure to check out kubesearch.dev for ideas on how to deploy applications or get ideas on what you may deploy.