Monorepo for my homelab infrastructure: from bare-metal provisioning to GitOps-managed Kubernetes applications.
.
├── gitops/ # ArgoCD-managed Kubernetes manifests
│ ├── argocd/ # ArgoCD server config + Application definitions
│ ├── monitoring/ # kps, kube-state-metrics, karma
│ ├── logging/ # loki, promtail
│ ├── storage/ # nfs-client, local-path provisioners
│ ├── ingress-nginx/
│ ├── external-secrets/ # ESO operator + Scaleway ClusterSecretStore
│ ├── cert-manager/
│ ├── cnpg-system/ # CloudNativePG operator
│ ├── karakeep/ # Bookmark manager
│ ├── spliit/ # Expense sharing
│ ├── fip/ # FIP radio bots
│ ├── dank-face-bot/ # Telegram/Slack bots
│ ├── lms/ # Lyrion Music Server
│ ├── lms-yoshi/ # Radio Yoshi
│ ├── netflix/ # Media server apps (jellyfin, transmission)
│ └── ...
│
├── scaleway/ # Scaleway: terraform (S3 bucket + Secret Manager)
│ └── terraform/
│
├── proxmox/ # Proxmox VE: terraform + playbooks + docs
│ ├── terraform/
│ ├── playbooks/ # proxmox-bootstrap, proxmox-zfs
│ ├── README.md
│ └── ZFS.md
│
├── oci-arm/ # Oracle Cloud ARM VM: terraform
│
├── raspberry-pi/ # Pi provisioning: image scripts + playbooks
│ ├── fix-ssh-on-pi.* # Image customization
│ ├── templates/ # Cloud-init templates
│ └── playbooks/ # jellyfin, mounts
│
├── cluster/ # k8s cluster lifecycle
│ ├── k0sctl.yaml # k0s cluster config
│ └── playbooks/ # kernel-modules, upgrade, nfs-server
│
├── ansible/ # Shared Ansible config
│ ├── hosts.yaml # Inventory (brassberry nodes, proxmox, etc.)
│ ├── scripts/ # tailscale-hostmap
│ └── playbooks/ # Generic: ping, reboot, tailscale
│
└── Makefile # Convenience targets for all operations
cd raspberry-pi
sudo ./fix-ssh-on-pi.bashAll playbooks use the shared inventory. Run via Make:
make ping # Test connectivity
make kernel-modules # Prepare nodes for k0s
make mounts # Mount external disks
make nfs-server # Set up NFS shared storage
make upgrade # Rolling k8s-aware upgradesmake k0sctl # Bootstrap/update the cluster
make kubeconfig # Export kubeconfigmake proxmox-post-install # Community post-install script (interactive)
make proxmox-bootstrap # Ansible bootstrap (packages, Tailscale, TF token)
make proxmox-zfs # Create ZFS pools and datasetsSee proxmox/README.md and proxmox/ZFS.md for detailed setup instructions.
Bootstrap ArgoCD, then it manages itself and all applications:
cd gitops/argocd/argo-cd
helm upgrade --install -n argocd --create-namespace argo-cd . -f values.yaml
kubectl apply -f gitops/argocd/apps/argocd-apps.yamlAll secrets are managed centrally in Scaleway Secret Manager and flow to consumers through two paths:
- Terraform layers (proxmox, oci-arm): direnv reads secrets from Scaleway SM via
scwCLI and exports them asTF_VAR_*environment variables. No.tfvarsfiles needed on disk. - Kubernetes: External Secrets Operator syncs secrets from Scaleway SM into K8s Secrets via
ExternalSecretresources placed alongside each app's Helm chart.
See scaleway/README.md for bootstrap instructions.
- Add the
scaleway_secret+scaleway_secret_versionresource inscaleway/terraform/ - For TF-consumed secrets: add the
TF_VAR_*export to.envrc - For K8s secrets: add an
ExternalSecretresource in the app's chart templates
- Kubernetes: k0s on Raspberry Pi 4 cluster + Oracle Cloud ARM worker
- GitOps: ArgoCD with Renovate + ArgoCD Image Updater
- IaC: Terraform (Scaleway, Proxmox, OCI)
- Secrets: Scaleway Secret Manager + External Secrets Operator
- Config Management: Ansible
- Networking: Tailscale mesh VPN
- Storage: ZFS (Proxmox), NFS shared storage