Home Kubernetes cluster running on Talos Linux with GitOps management via Flux.
Complete guides for deployment, operations, and maintenance are available in the documentation site.
- OS: Talos Linux v1.11.1 - Immutable Kubernetes OS
- Kubernetes: v1.34.1 - Container orchestration platform
- GitOps: Flux - Continuous delivery from Git
- CNI: Cilium - eBPF-based networking with Gateway API
- Storage: Rook-Ceph - Distributed block and filesystem storage
- Ingress: Cilium Gateway API (internal & external gateways)
- Secrets: SOPS with age encryption + External Secrets with 1Password
- Authentication: Pocket ID - OIDC provider for SSO
# Install tools
mise trust && pip install pipx && mise install
# Initialize configuration
task init
# Configure cluster
task configure
# Deploy
task bootstrap:talos
task bootstrap:appsSee the Getting Started guide for detailed instructions.
| Component | Count | Details |
|---|---|---|
| Control Plane | 2 | Talos v1.11.1, Kubernetes v1.34.1 |
| Workers | 3 | High availability workload distribution |
| Storage | Multiple | Rook-Ceph (block, filesystem, object), ZFS NFS |
| Applications | 35+ | Media automation, photos, home automation, cloud services |
| Application | Namespace | Purpose | URL |
|---|---|---|---|
| Media & Entertainment | |||
| Plex | media | Media streaming server | plex.tosih.org |
| Jellyseerr | media | Media request management | requests.tosih.org |
| Sonarr | media | TV show automation | sonarr.tosih.org |
| Radarr | media | Movie automation | radarr.tosih.org |
| Lidarr | media | Music automation | lidarr.tosih.org |
| Readarr | media | eBook & audiobook automation | readarr.tosih.org |
| Prowlarr | media | Indexer management | prowlarr.tosih.org |
| Recyclarr | media | TRaSH guide automation | - |
| qBittorrent | media | Torrent download client | qbittorrent.tosih.org |
| NZBGet | media | Usenet download client | nzbget.tosih.org |
| Audiobookshelf | media | Audiobook & podcast server | audiobooks.tosih.org |
| Beets | media | Music library manager | - |
| Cloud Services | |||
| Immich | cloud | Photo & video backup (OIDC) | photos.tosih.org |
| ImmichFrame | cloud | Digital photo frame for Immich | frame.tosih.org |
| Memos | cloud | Note-taking service | memos.tosih.org |
| Romm | cloud | ROM manager for retro gaming | romm.tosih.org |
| Syncthing | cloud | Continuous file synchronization | sync.tosih.org |
| Home Automation | |||
| Home Assistant | home | Home automation platform | home.tosih.org |
| Homebridge | home | HomeKit bridge | homebridge.tosih.org |
| AirConnect | home | AirPlay to UPnP/Sonos bridge | - |
| Eufy Security WS | home | Eufy camera integration | - |
| Infrastructure | |||
| Homepage | default | Application dashboard | dashboard.tosih.org |
| Uptime Kuma | default | Uptime monitoring | uptime.tosih.org |
| Echo | default | HTTP echo server | - |
| Network Services | |||
| AdGuard Home | network | DNS server & ad blocking | dns.tosih.org |
| k8s-gateway | network | Internal DNS for *.tosih.org | 10.0.50.100 |
| Cloudflare Tunnel | network | Secure external access | - |
| Cloudflare DNS | network | DNS record automation | - |
| Security & Authentication | |||
| Pocket ID | security | OIDC identity provider (SSO) | pid.tosih.org |
| External Secrets | security | 1Password secret integration | - |
| OnePassword Connect | security | 1Password API server | - |
| Storage & Databases | |||
| Rook-Ceph | rook-ceph | Distributed storage (block, filesystem, object) | rook.tosih.org |
| ZFS Provisioner | kubernetes-zfs-provisioner | Local ZFS storage provisioning | - |
| CloudNativePG | databases | PostgreSQL operator | - |
| Dragonfly | databases | Redis-compatible in-memory store | - |
| External Postgres Operator | databases | External DB management | - |
| VerneMQ | databases | MQTT message broker | - |
| Platform Services | |||
| Flux | flux-system | GitOps continuous delivery | - |
| Cilium | kube-system | CNI & Gateway API | - |
| Cert-Manager | cert-manager | TLS certificate management | - |
| CoreDNS | kube-system | Cluster DNS service | - |
| Metrics Server | kube-system | Resource metrics API | - |
| Reloader | kube-system | Auto-reload on config changes | - |
| Spegel | kube-system | Distributed image cache | - |
| Descheduler | kube-system | Pod rescheduling optimization | - |
| Snapshot Controller | kube-system | Volume snapshot support | - |
Total: 50+ applications across 10 namespaces
- Prerequisites - Required tools and accounts
- Architecture - System design and structure
- Authentication - OIDC and SSO setup
- Post Installation - Maintenance and upgrades
This cluster is based on @onedr0p's cluster-template and uses makejinja for template-driven configuration.
See LICENSE
⭐ Star this repo if you find it helpful!