Todo..
- Fully Automated: GitOps-driven deployments using Flux CD
- Secure by Design: SOPS encryption, age keys, and strict security policies
- High Availability: Multi-node Kubernetes cluster powered by Talos Linux
- Monitoring Stack: Comprehensive monitoring with Prometheus, Grafana, and Gatus
- Automated Updates: Renovate bot keeps dependencies current
- CI/CD Integration: GitHub Actions with self-hosted runners
- Network Security: Cilium CNI for advanced networking and security policies
The following tools are required to work with this repository:
-
talosctl: Talos Linux management -
talhelper: Talos configuration helper -
kubectl: Kubernetes CLI -
flux: FluxCD CLI -
sops: Secret encryption -
age: Encryption key management -
just: Command runner -
helm: Package manager -
jq: JSON processor -
helm-diff: Helm chart diff tool:
helm plugin install https://github.com/databus23/helm-diff- Generate age encryption key:
age-keygen -o age.agekey- Create encrypted secrets:
just talos secrets- Generate cluster configuration:
just talos conf-gen- Bootstrap the cluster:
just cluster-bootstrap-
Infrastructure Layer
- Talos Linux base configuration
- Core networking (Cilium)
- DNS services (CoreDNS)
- Certificate management
-
Platform Services
- Flux CD controllers
- Monitoring stack
- Backup solutions
- External secrets management
-
Application Layer
- User applications
- Development tools
- Home automation services
.
├── bootstrap # Initial cluster bootstrap configurations
├── clusters # Cluster-specific configurations
│ └── main # Production cluster
│ ├── apps # User applications (home automation, tools, etc.)
│ ├── flux-system # Core Flux configuration
│ ├── repositories # External resource definitions (git, helm, oci)
│ └── vars # Cluster-wide variables
├── docs # Project documentation
├── flux # Flux-specific configurations and templates
└── infrastructure # Core infrastructure components
├── bootstrap # Infrastructure bootstrapping resources
├── controllers # System controllers and services
│ ├── cert-manager # Certificate management
│ ├── database # Database operators and clusters
│ ├── kube-system # Core kubernetes components
│ ├── monitoring # Observability stack
│ ├── networking # Network services and ingress
│ ├── security # Secret management and security tools
│ └── storage # Storage controllers and operators
├── talos # Talos Linux configurations
└── unifi # UniFi network configurationsThe repository follows a hierarchical structure:
clusters/: Contains cluster-specific applications and configurationsinfrastructure/: Houses all core system components and controllersinfrastructure/controllers: The controllers are grouped by namespace
-
Infrastructure Provisioning
- Talos Linux deployment
- Network configuration
- Storage setup
-
Core Services
- CNI (Cilium) deployment
- DNS configuration
- Certificate management
-
Platform Services
- Monitoring stack
- Backup solutions
- Security tools
-
Application Deployment
- Automated via Flux CD
- Version controlled
- Encrypted secrets
This project follows GitOps principles:
-
All changes through Git
- Infrastructure changes
- Application deployments
- Configuration updates
-
Automated Processes
- CI/CD via GitHub Actions
- Automated dependency updates
- Continuous monitoring
-
Security First
- Encrypted secrets
- Least privilege access
- Regular security updates
A lot of inspiration and ideas are thanks to the hard work of hotio.dev and linuxserver.io contributors.
Many thanks to onedrop, kashals, buroa, and all the fantastic people who donate their time to the Home Operations Discord.
See the latest release notes.
See LICENSE.