My homelab — a GitOps-powered Kubernetes setup running at home in Colorado.
Declarative infrastructure with Terraform, continuous delivery via FluxCD, encrypted secrets using SOPS + Age, and helpful automation scripts.
Internet
│
[OPNsense] ── VLANs, Firewall
│
[Proxmox Cluster]
│
└─ Kubernetes Cluster / nginx
│
├─ FluxCD (GitOps reconciler)
├─ SOPS + Age (decryption in-cluster)
├─ Ingress / Cert-Manager / External-DNS
└─ Apps (Immich, Home Assistant, monitoring, etc.)
- A working Kubernetes cluster (k3s, Talos, vanilla, etc.)
fluxCLI installedkubectlaccess to your cluster- Age keypair generated:
mkdir -p ~/.sops/age age-keygen -o ~/.sops/age.agekey
flux bootstrap github \
--owner=jgrove90 \
--repository=homelab \
--branch=main \
--path=clusters/homelabkubectl create secret generic sops-age \
--namespace=flux-system \
--from-file=age.agekey=~/.sops/age.agekeysops --decrypt kubernetes/flux-system/config-secret.enc.yaml | kubectl apply -f -flux get kustomizations --all-namespaces -w
# or
flux logs --kind=Kustomization --followMade with ☕ in Colorado
Last updated: February 2026