This repository is the single source of truth for my Kubernetes home lab. Everything from the operating system to application deployments is declared in code and managed through GitOps.
| OS | Talos Linux — immutable, API-driven, secure-by-default |
| CNI | Cilium — eBPF networking with L2 announcements, DSR, Maglev |
| GitOps | ArgoCD — ApplicationSets with Git directory generator |
| Ingress | Envoy Gateway — two gateways (external + internal) |
| Storage | Rook Ceph (distributed) + OpenEBS (local PV) |
| Secrets | External Secrets (1Password + Infisical) + SOPS |
| Auth | Authelia SSO + LLDAP |
| Certs | cert-manager with Let's Encrypt DNS-01 |
| DNS | external-dns + Cloudflare |
| Monitoring | Prometheus + Grafana + Loki + Fluent Bit |
Tip
Full documentation: swibrow.github.io/home-ops
| Node | Role | Hardware | CPU | RAM | Storage |
|---|---|---|---|---|---|
| worker-04 | Control Plane | Acemagician AM06 | Intel N100 | 16 GB | 128 GB SSD + 512 GB NVMe |
| worker-05 | Control Plane | Acemagician AM06 | Intel N100 | 16 GB | 128 GB SSD + 512 GB NVMe |
| worker-06 | Control Plane | Acemagician AM06 | Intel N100 | 16 GB | 128 GB SSD + 512 GB NVMe |
| worker-01 | Worker | Lenovo ThinkPad 440p | Intel i5-4300M | 8 GB | 128 GB SSD |
| worker-02 | Worker | Lenovo ThinkPad 440p | Intel i5-4300M | 8 GB | 128 GB SSD |
| worker-03 | Worker | Raspberry Pi 4 | Cortex-A72 | 8 GB | 128 GB SSD |
| worker-pi-01 | Worker | Raspberry Pi 4 | Cortex-A72 | 4 GB | 128 GB SSD |
| worker-pi-02 | Worker | Raspberry Pi 4 | Cortex-A72 | 4 GB | 128 GB SSD |
| worker-pi-03 | Worker | Raspberry Pi 4 | Cortex-A72 | 4 GB | 128 GB SSD |
| Device | Purpose |
|---|---|
| TP-Link 24-port PoE Switch | Core switching + PoE for Raspberry Pis |
| NanoPi R5C | Router |
| Ubiquiti U7-Pro & U6-Lite | Wireless APs |
| Device | Purpose |
|---|---|
| Synology 4-Bay NAS (8 TB) | Media, backups, bulk data (NFS) |
| 512 GB NVMe x 3 | Rook Ceph distributed block storage |
| 128 GB SSD x 9 | Talos OS boot drives |
| Device | Purpose |
|---|---|
| Eaton 500VA UPS | Battery backup for cluster |
home-ops/
├── .github/workflows/ # CI/CD pipelines
├── .justfiles/ # Just task runner recipes
├── docs/ # MkDocs documentation site
├── images/ # Repo images
├── pitower/
│ ├── kubernetes/
│ │ ├── apps/ # Application manifests (14 categories)
│ │ ├── argocd/ # ApplicationSets
│ │ └── bootstrap/ # ArgoCD bootstrap
│ └── talos/ # Talos Linux configuration
│ ├── extensions/ # System extensions per node type
│ ├── patches/ # Machine config patches
│ └── justfile # Talos management recipes
├── mkdocs.yml # Documentation site config
└── renovate.json5 # Dependency management
All cluster state is managed through ArgoCD ApplicationSets. Each category directory is automatically discovered and deployed:
pitower/kubernetes/apps/
├── ai/ # AI/ML workloads
├── banking/ # Financial tools
├── cert-manager/ # TLS certificate automation
├── cloudnative-pg/ # PostgreSQL operator + clusters
├── home-automation/ # Home Assistant, Zigbee2MQTT, Mosquitto
├── kube-system/ # Cilium, CoreDNS, kubelet-csr-approver
├── media/ # Jellyfin, Sonarr, Radarr, qBittorrent
├── monitoring/ # Prometheus, Grafana, Loki, Fluent Bit
├── networking/ # Envoy Gateway, external-dns, Cloudflare tunnel
├── openebs/ # Local PV provisioner
├── rook-ceph/ # Distributed storage
├── security/ # Authelia, LLDAP, External Secrets
├── selfhosted/ # Miniflux, Tandoor, Glance, n8n, and more
└── system/ # System utilities (VolSync, Snapshot Controller)
Adding a new application is as simple as creating a directory — ArgoCD discovers and deploys it automatically.
Shout out to the Home Operations community and Uptime Lab.