This repository contains code and configuration for my homelab?. It follows the principles of Infrastructure as code and GitOps.
My homelab is based on a low-power Intel N100 PC running Proxmox VE with virtual machines provisioned by OpenTofu. I run all my applications (except Home Assistant) in a Kubernetes cluster based on Talos Linux.
For more details, see Hardware and Software below.
| Component | Model |
|---|---|
| Motherboard | ASRock N100DC-ITX |
| CPU | Intel N100 |
| RAM | 32 GB DDR4 |
| Storage | 1 TB NVME SSD, 1 TB SATA HDD |
| Case | A09m 3.8L ITX Chassis |
| Logo | Name | Purpose |
|---|---|---|
 |
Hajimari | Dashboard |
 |
Nextcloud | File Syncing |
 |
Immich | Photo/Video Gallery |
 |
Gitea | Self-hosted Git server |
 |
Home Assistant | Home Automation |
Everything in my homelab runs in virtual machines on top of Proxmox VE. I have a dedicated virtual machine for Home Assistant (running Home Assistant OS). The remaining applications run on top of a Kubernetes cluster, based on Talos Linux.
flowchart TD
subgraph Hypervisor["Proxmox VE"]
HAOS["Home Assistant OS 🏘"]
TLOS["Talos Linux ☸"]
HA["Home Assistant 🏠︎"]
Gitea["Gitea ☕︎"]
Immich["Immich ❀"]
Nextcloud["Nextcloud ☁︎"]
Etc["..."]
HAOS --> HA
TLOS --> Gitea
TLOS --> Immich
TLOS --> Nextcloud
TLOS --> Etc
end
USB["ZBT-1 Zigbee Dongle ᯤ"]
USB -.-> |USB Passthrough| HAOS
My homelab is built on a tech stack that is meant to be modern, maintainable and fun!
I run Kubernetes on top of Proxmox VE, deployed and managed with OpenTofu. Talos Linux serves as the operating system for my Kubernetes cluster. Networking is handled by Cilium, while Traefik manages ingress traffic. For security, I use cert-manager for TLS certificates, Sealed Secrets for managing sensitive information and Keycloak to provides single sign-on capabilities. I use Flux as a GitOps tool, ensuring that the live state of my cluster is synced to this Git repo.
| Logo | Name | Description |
|---|---|---|
 |
Proxmox VE | Open-source virtualization platform based on KVM |
 |
OpenTofu | Tool for declaratively managing infrastructure and cloud resources |
 |
Talos Linux | Minimal, immutable Linux distribution designed for Kubernetes |
 |
Kubernetes | Automates deployment, scaling, and management of containerized applications |
 |
Cilium | Provides networking, security, and observability for container workloads |
 |
Traefik | Modern HTTP reverse proxy and load balancer for microservices |
 |
Proxmox CSI | Container Storage Interface (CSI) driver for Proxmox |
 |
cert-manager | Automates the management and issuance of TLS certificates in Kubernetes |
 |
Flux | GitOps for Kubernetes resources |
 |
Renovate | Automates dependency updates through pull requests |
 |
Sealed Secrets | Allows you to store encrypted secrets safely in Git |
 |
Keycloak | Provides IAM and Single-Sign-On for modern apps using OAuth2 / OIDC |
 |
Crossplane | Allows managing external infrastructure as Kubernetes resources |
 |
Netbird | Peer-to-peer overlay network based on WireGuard (VPN alternative) |
- The hardware should be low cost and power efficient ⚡
- Open source software and open file formats are preferred 🐧
- Dependencies on external services (e.g cloud) should be minimized ☁
- Data should be stored and backed up locally 💾
- Declarative configuration should be used whenever possible ⚙️
- Modern technologies are preferred (even if they are experimental) 📡
- Learning and trying out new things is more important than stability 💡
- Updates should be automated and easy to rollback (if necessary) 🔄
Dashboard powered by Hajimari. Links are auto-generated from Kubernetes Ingress resources
File sharing and syncing between devices using Nextcloud
Self-hosted Git server powered by Gitea
Single-sign-on with Keycloak
Home automation with Home Assistant
Self-hosted Google Photos alternative, powered by Immich
Secure remote access with Netbird