Repository for managing a Kubernetes cluster through GitOps workflows.
Powered by Proxmox VE, Ansible, Terraform, Talos, Argo CD, and Task. Kept up to date with Renovate. Includes a healthy dose of automation and the occasional 3-letter commit message.
This repository hosts the IaC (Infrastructure as Code) configuration for my homelab.
The homelab runs on Proxmox VE hypervisor nodes, with VMs provisioned using Terraform and Ansible.
Most services run on Talos, while a dedicated VM provides an NFS-based file server for Longhorn backups and media storage.
- Set required environment variables:
export BW_ORGANIZATION_ID=...
export BW_PROJECT_ID=...
export BW_TOKEN=...
export GIT_TOKEN=...-
Create Terraform variables in both
infrastructure/heliosandinfrastructure/atlasfolders. -
Deploy the machines using Terraform:
task build- Bootstrap the cluster (installs CRDs, cert-manager, external-secrets, and ArgoCD):
task bootstrapThen open https://argocd.{{domain}} and log in using the admin password stored in Bitwarden.
- Full reset:
Redeploying the cluster is straightforward:
task reset-infraEnd-user facing applications
| Logo | Name | Description |
|---|---|---|
 |
Hello-World | Example and template application for the repository |
 |
Frigate | NVR with real-time object detection for IP cameras |
 |
Jellyseerr | Media request management and discovery tool for Jellyfin. |
 |
Prowlarr | Indexer manager for integrating with Sonarr, Radarr, and more. |
 |
Radarr | Movie collection manager for Usenet and BitTorrent users. |
 |
Sonarr | Smart PVR for TV shows, automating downloads and organization. |
 |
SABnzbd | Usenet binary newsreader for automated downloads. |
 |
RoomCtrlScraper | Custom service to scrape and manage room control data. |
Foundation components for running and deploying applications in my cluster
| Logo | Name | Description |
|---|---|---|
 |
Cert Manager | Manages TLS certificates for secure communication within Kubernetes. |
 |
External Secrets | Syncs secrets from external stores into Kubernetes resources. |
 |
Argo CD | GitOps tool for continuous delivery and Kubernetes application management. |
 |
Renovate | Automates dependency and container image updates via pull requests. |
|
CRDs | Custom Resource Definitions required by various operators and apps. |
|
Defaults | Cluster-wide default namespaces and ArgoCD projects. |
Essential infrastructure services powering the cluster
| Logo | Name | Description |
|---|---|---|
 |
authentik | Identity provider enabling single sign-on (SSO) and centralized user management. |
 |
crowdsec | Collaborative, open-source intrusion prevention and detection system. |
 |
csi-driver-nfs | Kubernetes CSI driver for NFS persistent volumes. |
 |
longhorn | Cloud-native distributed block storage for Kubernetes. |
 |
metallb | Load-balancer implementation for bare metal Kubernetes clusters. |
 |
reflector | Mirrors Kubernetes secrets and configmaps across namespaces. |
 |
traefik | Cloud-native reverse proxy and ingress controller for Kubernetes. |
| Name | Device | CPU | RAM | Storage | Purpose |
|---|---|---|---|---|---|
| pve1 | Aoostar R7 | AMD Ryzen 7 5825U | 48 GB DDR4 SO-DIMM | 8TB HDD + 2TB SSD | Compute/General |