home-infra

home-infra copied to clipboard

home-infra - Home Cloud via Flux v2 | GitOps Toolkit

GitOps state for my cluster using flux v2

Home infrastructure running on Liquid cooled: 3x Master Raspberry Pi 4GB + 3x Worker 8GB running at 2.3Ghz:

• Apps:
  • authelia - SSO server
  • radicale - {Cal,Card}Dav server
  • gitlab - Git + Everything possibly related
  • home-assistant - Home Automation
  • docker-mailserver - Postfix + Dovecot + Friends for selfhosted email
  • flood - Pretty and mobile friendly *torrent frontend
  • omada-controller - TP-Link Omada Network Controller
  • doods - Visual human and object recognition
  • openspeedtest - Speed Test testing max local and external speeds
  • my blog - Built with via Gitlab Runners + Buildkitd
  • harbor - Docker Registry UI
  • thelounge - IRC client
  • ngircd - IRC Server
  • znc - IRC bouncer
  • homer - Application Dashboard
• System:
  • flux2 - Keep cluster in sync with this repo
  • ingress-nginx - Ingress controller
  • cert-manager - Automated letsencrypt broker
  • calico - My CNI of choice which supports BGP peering
  • kube-prometheus - Prometheus and friends
  • buildkitd - Super efficient container build daemon
  • synology-csi - Synology official CSI driver
  • k10-kasten

Installation

Install

Installed via kubeadm on manjaro-arm lite with bootsrtap/kubeadm.yaml.

Secret management

I use mozilla SOPS for secret encryption as it supported out of the box in Flux2. After adding a passwordless secret key to your cluster, add it to your flux-system/gotk-sync.yaml if you want to be able do decrypt secrets in the main flux-system kustomization.

I use a pre-commit hook to ensure that secrets are never pushed unencrypted. Assuming you have a .sosp.yaml the only thing you need to do is:

sops -e -i my-secret.yaml # That's it
sops my-secret.yaml # To edit it directly in your $EDITOR