This repository contains code and configuration for my homelab?. It follows the principles of Infrastructure as code and GitOps.
My homelab is based on a low-power Intel N100 PC running a single-node Kubernetes cluster based on Talos Linux.
For more details, see Hardware and Software below.
| Component | Model |
|---|---|
| Motherboard | ASRock N100DC-ITX |
| CPU | Intel N100 |
| RAM | 32 GB DDR4 |
| Storage | 1 TB NVME SSD, 1 TB SATA HDD |
| Case | A09m 3.8L ITX Chassis |
|
|
Everything in my homelab runs in containers orchestrated by Kuberntes, except for Home Assistant which I run as a virtual machine using KubeVirt.
flowchart TD
ZB["Zigbee Dongle ᯤ"]
BT["Bluetooth Dongle ᛒ"]
subgraph OS["Talos Linux"]
K8SC["Kubernetes ☸"]
Gitea["Gitea ☕︎"]
Immich["Immich ❀"]
Nextcloud["Nextcloud ☁︎"]
Etc["..."]
subgraph KubeVirt["KubeVirt"]
HAOS["Home Assistant OS 🏘"]
HA["Home Assistant 🏠︎"]
end
HAOS --> HA
K8SC --> KubeVirt
K8SC --> Gitea
K8SC --> Immich
K8SC --> Nextcloud
K8SC --> Etc
end
ZB ---> |USB Passthrough| HAOS
BT ---> |USB Passthrough| HAOS
My homelab is built on a tech stack that is meant to be modern, maintainable and fun!
I run Kubernetes on top of Talos Linux, running on bare metal, deployed and managed with OpenTofu. Networking is handled by Cilium, while Traefik manages ingress traffic. For security, I use cert-manager for TLS certificates, Sealed Secrets for managing sensitive information and Keycloak to provides single sign-on capabilities. I use Flux as a GitOps tool, ensuring that the live state of my cluster is synced to this Git repo.
| Logo | Name | Description |
|---|---|---|
 |
Talos Linux | Minimal, immutable Linux distribution designed for Kubernetes |
 |
Kubernetes | Automates deployment, scaling, and management of containerized applications |
 |
KubeVirt | Extends Kubernetes to support virtual machine workloads |
 |
OpenTofu | Tool for declaratively managing infrastructure and cloud resources |
 |
Cilium | Provides networking, security, and observability for container workloads |
 |
Traefik | Modern HTTP reverse proxy and load balancer for microservices |
 |
cert-manager | Automates the management and issuance of TLS certificates in Kubernetes |
 |
CloudNativePG | Kubernetes operator for managing PostgreSQL databases |
 |
Flux | GitOps for Kubernetes resources |
 |
Renovate | Automates dependency updates through pull requests |
 |
Sealed Secrets | Allows you to store encrypted secrets safely in Git |
 |
Keycloak | Provides IAM and Single-Sign-On for modern apps using OAuth2 / OIDC |
 |
Crossplane | Allows managing external infrastructure as Kubernetes resources |
 |
Netbird | Peer-to-peer overlay network based on WireGuard (VPN alternative) |
- The hardware should be low cost and power efficient ⚡
- Open source software and open file formats are preferred 🐧
- Dependencies on external services (e.g cloud) should be minimized ☁
- Data should be stored and backed up locally 💾
- Declarative configuration should be used whenever possible ⚙️
- Modern technologies are preferred (even if they are experimental) 📡
- Learning and trying out new things is more important than stability 💡
- Updates should be automated and easy to rollback (if necessary) 🔄
Dashboard powered by Hajimari. Links are auto-generated from Kubernetes Ingress resources
File sharing and syncing between devices using Nextcloud
Self-hosted Git server powered by Gitea
Local AI with Ollama and Open WebUI
Single-sign-on with Keycloak
Home automation with Home Assistant
Self-hosted Google Photos alternative, powered by Immich
Secure remote access with Netbird