Welcome to the documentation wiki for the Homelab infrastructure. This wiki covers the complete stack — from network hardware through Kubernetes orchestration to application deployment.
The homelab runs on 3 Proxmox VE hypervisors hosting a 9-node Kubernetes cluster (3 HA control planes + 6 workers running Talos Linux), managed entirely through GitOps principles using ArgoCD. A Synology DS920+ NAS provides bulk NFS storage and hosts additional Docker-based services; a TrueNAS NVMe VM provides fast NFS for metrics and logs.
| Layer | Technology | Version/Details |
|---|---|---|
| Hypervisor | Proxmox VE | Hosts all K8s VMs |
| Container Orchestration | Kubernetes v1.35.4 (Talos Linux) | 9 nodes (3 HA CP + 6 workers) across 3 Proxmox hosts |
| GitOps | ArgoCD | App-of-apps pattern, 43 components, sync waves |
| Infrastructure as Code | Terraform | Terraform Cloud backend (TA org) |
| Secret Management | HashiCorp Vault + VSO | 3-node HA Raft, KV v2, per-namespace policies |
| Ingress | Istio Gateway + MetalLB | L2 mode, VIP 192.168.88.12, TLS 1.3, CrowdSec WAF |
| TLS | cert-manager | Let's Encrypt DNS-01 via Cloudflare |
| DNS | Technitium + CoreDNS + ExternalDNS | DoH upstream, ad-blocking, DNSSEC, DoT/DoH, auto-sync |
| SSO | Authentik | OIDC for ArgoCD, Grafana, Harbor |
| Monitoring | VictoriaMetrics + Grafana + vmalert | 90-day retention, ntfy alerts (push notifications) |
| Push Notifications | ntfy | Self-hosted, FCM relay, deny-all auth, topics: homelab-alerts/ops/security/ups |
| Logging | VictoriaLogs + Vector | 30-day retention, syslog from MikroTik |
| Tracing | OpenTelemetry Collector + Tempo | 14-day retention in MinIO, metrics-generator for RED metrics |
| Container Registry | Harbor | OIDC, Cosign signing, Trivy scanning |
| Storage | NFS (Synology) + Longhorn | Retain/Delete policies, distributed block |
| NAS | Synology DS920+ | Immich, Vaultwarden, Paperless-ngx, etc. |
| CI/CD | GitLab CI | In-cluster k8s-runner, Kaniko + Cosign + Trivy |
| Repository | Purpose | Key Contents |
|---|---|---|
k8s-cluster-config |
ArgoCD app-of-apps GitOps config | 30 core components, sync wave ordering |
terraform-k8s-infra |
Vault, VSO, Harbor Terraform | 4 modules, 9 namespaces, 15 secret paths |
argocd-bootstrap |
Initial ArgoCD install via Kustomize | Sealed secrets, OIDC config, ingress |
LifeOps |
Go + Next.js personal asset tracker | 6-stage CI/CD, Kaniko + Cosign + Trivy |