The Git repository contains the following directories:
π βββπ kubernetes βββπ apps β βββπ ai β β βββπ litellm β β βββπ openwebui β β βββπ searxng β βββπ dashboard β β βββπ homepage β βββπ immich β βββπ manga β β βββπ komf β β βββπ komga β β βββπ suwayomi β βββπ ntfy β β βββπ ntfy β βββπ speedtest-tracker β β βββπ speedtest-tracker β βββπ syncthing β βββπ syncthing βββπ infrastructure β βββπ flux β β βββπ instance β β βββπ notifications β β βββπ operator β β βββπ receiver β β βββπ repositories β β βββπ secrets β βββπ reflector β β βββπ reflector β βββπ reloader β βββπ reloader βββπ media β βββπ cleanuparr β βββπ dispatcharr β βββπ flaresolver β βββπ huntarr β βββπ jellyfin β βββπ jellyseer β βββπ prowlarr β βββπ qbittorrent β βββπ radarr β βββπ recyclarr β βββπ sonarr βββπ networking β βββπ adguard β β βββπ adguard β βββπ cert-manager β β βββπ cert-manager β βββπ cilium β β βββπ cilium β βββπ envoy-gateway β β βββπ config β βββπ external-dns β β βββπ cloudflare β β βββπ cloudflare-ddns β βββπ tailscale β βββπ tailscale βββπ nodes β βββπ node-feature-discovery β β βββπ node-feature-discovery β βββπ nvidia-device-plugin β β βββπ nvidia-device-plugin β βββπ tuppr β βββπ upgrades βββπ observability β βββπ kube-prometheus-stack β βββπ kube-state-metrics β βββπ metrics-server β βββπ node-exporter βββπ projects β βββπ colwiki βββπ security β βββπ authentik β β βββπ authentik β βββπ secrets β βββπ external-secrets βββπ storage βββπ databases β βββπ dragonfly β βββπ postgres βββπ garage β βββπ webui βββπ longhorn βββπ longhornThe following apps are installed on the clusters.
| Software | Purpose |
|---|---|
| Homepage | Customizable homepage dashboard for service management. |
| Immich | Self-hosted photo and video backup solution. |
| LiteLLM | Proxy server for LLM API calls with unified interface. |
| Open WebUI | User-friendly web interface for AI models. |
| SearXNG | Privacy-respecting metasearch engine. |
| Komga | Media server for comics and manga. |
| Komf | Metadata fetcher for Komga. |
| Suwayomi | Free and open source manga reader server. |
| Ntfy | Simple pub-sub notification service. |
| Speedtest Tracker | Internet speed tracking and monitoring tool. |
| Syncthing | Continuous file synchronization program. |
| Shadow Empire PBEM Bot | Discord bot for Shadow Empire play-by-email games. |
| Colwiki | Personal wiki project. |
| Software | Purpose |
|---|---|
| Jellyfin | Media server for movies, TV shows, and music. |
| Jellyseerr | Media discovery and request management for Jellyfin. |
| Sonarr | Automated TV show download and management. |
| Radarr | Automated movie download and management. |
| Prowlarr | Indexer manager/proxy for media automation. |
| Qbittorrent | BitTorrent client with web interface. |
| Recyclarr | Quality profiles and custom formats sync for *arr apps. |
| Huntarr | Missing media searcher for Radarr and Sonarr. |
| Cleanuparr | Automated media cleanup tool for *arr apps. |
| Dispatcharr | Discord notifications for *arr apps. |
| Flaresolverr | Proxy server to bypass Cloudflare protection. |
| Software | Purpose |
|---|---|
| Flux CD | GitOps continuous delivery for Kubernetes. |
| Reflector | Mirrors ConfigMaps and Secrets across namespaces. |
| Reloader | Triggers pod restarts on ConfigMap/Secret changes. |
| Software | Purpose |
|---|---|
| Cilium | eBPF-based networking, security, and observability. |
| Cert-Manager | Automated certificate management for Kubernetes. |
| External DNS | Synchronizes Kubernetes services with DNS providers. |
| AdGuard Home | Network-wide ad blocker and DNS server. |
| Pod Gateway | Routes pod traffic through VPN gateway. |
| Tailscale | Zero-config VPN built on WireGuard. |
| Envoy Gateway | Kubernetes-native API gateway powered by Envoy. |
| Software | Purpose |
|---|---|
| Authentik | Identity provider for SSO and authentication. |
| External Secrets Operator | Integrates external secret stores with Kubernetes. |
| Software | Purpose |
|---|---|
| Longhorn | Distributed block storage for Kubernetes. |
| Crunchy Postgres Operator | PostgreSQL operator for Kubernetes. |
| Dragonfly | Modern in-memory datastore (Redis/Memcached alternative). |
| Garage | Distributed object storage service (S3-compatible). |
| Software | Purpose |
|---|---|
| Kube Prometheus Stack | Complete monitoring stack with Prometheus and Grafana. |
| Metrics Server | Cluster-wide aggregator of resource usage data. |
| Node Exporter | Prometheus exporter for hardware and OS metrics. |
| Kube State Metrics | Exposes cluster-level Kubernetes object metrics. |
| Software | Purpose |
|---|---|
| Tuppr | Talos Linux system upgrade controller. |
| NVIDIA Device Plugin | Exposes NVIDIA GPUs to Kubernetes. |
| Node Feature Discovery | Detects hardware features available on each node. |
| Device | Count | OS Disk Size | Data Disk Size | Ram | Operating System | Purpose |
|---|---|---|---|---|---|---|
| Turing RK1 | 4 | 2TB NVMe | - | 16GB | Talos | Cluster Nodes |
| Turing Pi 2 | 1 | - | - | - | - | Baseboard and KVM |
| CWWK AMD-7940HS | 1 | 1TB NVMe | 8TB HDD (2x) | 32GB | Proxmox | NAS/Cluster Nodes |
Renovate Bot makes sure the components are never outdated.
It creates PullRequests when Helm charts or Docker images have newer versions available and even keeps Flux and k3s up-to-date.
Flux supports SOPS in particular AGE, you can encrypt your secrets locally with age and then flux will decrypt them when it applies the manifests. All my secrets are encrypted on my local machine and decrypted by Flux when it applies the manifests.
I'm using Cloudflare for external DNS and have a wildcard A record pointing to my traefik instance. Internally I'm using PiHole for DNS resolution, these are injected into the pods via the hosts configmap.