This repository houses the code responsible for managing my home infrastructure.
The setup is based on Talos OS. I used Talhelper to generate the initial configs. Following the cluster deployment, Flux continuously monitors this repository for changes, and Renovate is used to handle automated dependency updates.
📁 infrastructure
└── 📁 talos
├── 📁 clusterconfig # holds the talos configuration for each node
├── 📁 integrations # helmfile for initial deployments
├── 📁 patches # talos patches
└── talconfig.yaml
└── talsecret.sops.yaml
📁 k8s
├── 📁 apps # applications
├── 📁 bootstrap # bootstrap procedures
└── 📁 flux # core flux configuration
📁 terraform
├── 📁 authentik
├── 📁 akeyless
├── 📁 cloudflare
└── 📁 minio
These tools complement the Kubernetes infrastructure by providing essential functionality for security, automation and infrastructure management
| Logo | Tool | Purpose |
|---|---|---|
 |
Sops | A flexible tool for managing repository secrets securely. |
 |
Pre-commit | Ensures consistency and quality of YAML and shell scripts in the repository. |
 |
Renovate | Automates the detection of new releases and creates pull requests accordingly. |
 |
Akeyless | A centralized platform for managing and securing certificates, credentials, and keys. |
 |
Cloudflare | DNS management service for handling domain name resolutions. |
 |
GMX | SMTP service provider for managing email communications. |
 |
Terraform | IAC tool for automating the provisioning and management of outside dependencies (Akeyless, Cloudflare, etc...). |
Hardware is a combination of mini PC's and desktop computers. Worker nodes have been upgraded to have more RAM.
| Devices | Count | OS Disk Size | RAM | Operating System | Purpose | Links |
|---|---|---|---|---|---|---|
| Bmax1-master | 1 | 128GB | 8GB | Talos v1.9.3 | Kubernetes Control | Amazon Link |
| Soyo1-master | 1 | 128GB | 6GB | Talos v1.9.3 | Kubernetes Control | AliExpress Link |
| Soyo2-master | 1 | 128GB | 6GB | Talos v1.9.3 | Kubernetes Control | AliExpress Link |
| Hp-worker1 | 1 | 240GB | 20GB | Talos v1.9.3 | Kubernetes Worker | Amazon Link |
| Hp-worker2 | 1 | 240GB | 28GB | Talos v1.9.3 | Kubernetes Worker | Amazon Link |
| Hp-worker3 | 1 | 240GB | 32GB | Talos v1.9.3 | Kubernetes Worker | Amazon Link |
| Raspberry PI 4 | 1 | 3TB (2 + 1) | 8GB | Pi OS | NAS - OpenMediaVault | |
| TP-Link LS108G | 1 | - | - | - | Switch |
| Logo | Name | Description |
|---|---|---|
 |
Cert Manager | Let's Encrypt Certificates for SSL/TLS |
 |
Cilium | CNI |
| Longhorn | Distributed block storage for POD's persistent volumes | |
 |
Minio | S3 Object storage |
 |
External DNS | Synchronizes exposed Kubernetes Services and Ingresses with DNS providers. |
 |
External Secrets Operator | Used with Akeyless Platform to retrieve and push secrets |
 |
Traefik | Reverse proxy and Ingress controller |
 |
Tailscale Operator | Secure access to Kubernetes |
|
Cloudflared | Cloudflare Tunnel client |
 |
CSI Driver NFS | Allows Kubernetes to access NFS server |
 |
Dragonfly | Modern in-memory datastore, fully compatible with Redis and Memcached APIs |
| Crowdsec | Curated Threat Intelligence. Used in conjunction with Traefik | |
 |
Authentik | Open source identity provider |
 |
Flux CD | GitOps tool of choice |
The backbone of my home storage infrastructure is built on a Raspberry Pi 4 running OpenMediaVault, a dedicated network-attached storage solution. The system utilizes two SSDs (2TB + 1TB) configured to store:
- Media content (books, audiobooks)
- Longhorn volume backups
- System configurations
- Docker Containers Data
The NAS hosts several essential containers:
| Service | Description |
|---|---|
| Postgres | Reliable relational database for persistent data storage |
| PI-Hole | Network-wide ad blocking and local DNS management |
| Portainer | Container management and monitoring interface |
| TailNord | Tailscale exit node egressing over NordVPN |
Thanks to all the people who donate their time to the Home Operations Discord community. Be sure to check out kubesearch.dev for ideas on how to deploy applications or get ideas on what you may deploy.