This repository contains the applications and configurations for my private home server infrastructure.
Important
This repository is developed in my privately hosted Gitea instance. The version on GitHub is a push mirror. Any changes made there will be overwritten during the next sync.
The infrastructure runs on a small k3s cluster composed of two nodes, both running Ubuntu and k3s.
- Controlplane: Intel N100 mini-PC with 8GB RAM
- Worker: Intel N97 mini-PC with 16GB RAM
ArgoCD now manages itself from this repository. The primary ArgoCD Application is applications/argocd.yaml and ArgoCD will reconcile the rest of the repo.
Key locations:
applications/argocd.yaml— ArgoCD self-management (the ArgoCD application manifest).applications/— application-level ArgoCD Application manifests for services and charts.kubernetes/— plain Kubernetes manifests that are deployed via ApplicationSets.custom-resources/applicationsets/— ApplicationSet manifests (generators and templates) used to create many Applications from directories or lists.custom-resources/appprojects/— ArgoCD AppProject manifests (project scoping, source/destination restrictions).
ArgoCD is installed initially via the Helm chart but is now configured to self-manage using applications/argocd.yaml. Updates to ArgoCD and apps are automated via Renovate.
Cilium is used as the CNI provider. It's deployed through the repository (see applications/cilium.yaml) and configured with cluster-wide network policies under custom-resources/cilium-clusterwide-network-policies/.
A variety of applications are deployed in the cluster, including:
- Argo Workflows: Workflow engine for orchestrating jobs.
- Aspire Dashboard: Lightweight OpenTelemetry dashboard.
- Cert-Manager: Automatic certificate generation for ingresses.
- Docker UI: Docker registry with a management UI.
- Gitea: Self-hosted Git server with CI/CD capabilities.
- Kanboard: Project management software.
- MetalLB: Load balancer for bare-metal Kubernetes clusters.
- nginx: Ingress controller.
- Skooner: Kubernetes dashboard for cluster management.
- PostgreSQL: Open-source relational database.
Secrets are managed using the External Secrets Operator. To enable it, create a Vault token as a Kubernetes secret:
kubectl create secret generic vault-token -n external-secrets-operator --from-literal=token=<token>- Network Policies: Defined in
custom-resources/cilium-clusterwide-network-policies/. - Persistent Volumes: Configured in
custom-resources/persistent-volumes/. - RBAC Configurations: Found in
custom-resources/rbac/.
This repository is continuously evolving to meet the needs of the home server infrastructure.