Homelab Overview

Layer	Technology	Version/Details
Hypervisor	Proxmox VE	Hosts all K8s VMs
Container Orchestration	Kubernetes (kubeadm)	4 nodes (1 CP + 3 workers)
GitOps	ArgoCD	App-of-apps pattern, 30 components
Infrastructure as Code	Terraform	Terraform Cloud backend (`TA` org)
Secret Management	HashiCorp Vault + VSO	3-pod HA Raft, KV v2, per-namespace policies
Ingress	Traefik v3 + MetalLB	L2 mode, VIP 192.168.88.12, TLS 1.3
TLS	cert-manager	Let's Encrypt DNS-01 via Cloudflare
DNS	Technitium + CoreDNS + ExternalDNS	DoH upstream, ad-blocking, DNSSEC, DoT/DoH, auto-sync
SSO	Authentik	OIDC for ArgoCD, Grafana, Harbor
Monitoring	VictoriaMetrics + Grafana + vmalert	90-day retention, ntfy alerts (push notifications)
Push Notifications	ntfy	Self-hosted, FCM relay, deny-all auth, topics: homelab-alerts/ops/security/ups
Logging	VictoriaLogs + Vector	30-day retention, syslog from MikroTik
Tracing	OpenTelemetry Collector + Tempo	14-day retention in MinIO, metrics-generator for RED metrics
Container Registry	Harbor	OIDC, Cosign signing, Trivy scanning
Storage	NFS (Synology) + Longhorn	Retain/Delete policies, distributed block
NAS	Synology DS920+	Immich, Vaultwarden, Paperless-ngx, etc.
CI/CD	GitHub Actions	Self-hosted ARC runners, Kaniko builds

Repository	Purpose	Key Contents
`k8s-cluster-config`	ArgoCD app-of-apps GitOps config	30 core components, sync wave ordering
`terraform-k8s-infra`	Vault, VSO, Harbor Terraform	4 modules, 9 namespaces, 15 secret paths
`argocd-bootstrap`	Initial ArgoCD install via Kustomize	Sealed secrets, OIDC config, ingress
`LifeOps`	Go + Next.js personal asset tracker	6-stage CI/CD, Kaniko + Cosign + Trivy

¶ Homelab Overview