A GitOps-managed Kubernetes cluster powered by TrueCharts ClusterTool, Talos Linux, and Flux CD.
This repository contains the declarative configuration for a home Kubernetes cluster using:
- Talos Linux - Immutable, secure Kubernetes OS
- Flux CD - GitOps continuous delivery
- SOPS - Secrets encryption with Age
- Renovate - Automated dependency updates
├── clusters/main/
│ ├── clusterenv.yaml # Encrypted cluster environment variables
│ ├── talos/ # Talos Linux configuration
│ │ ├── talconfig.yaml # Talos cluster config
│ │ └── patches/ # Node-specific patches (GPU, NVIDIA)
│ └── kubernetes/
│ ├── flux-system/ # Flux bootstrap and settings
│ ├── kube-system/ # Core K8s components (Cilium, metrics-server)
│ ├── system/ # Cluster infrastructure
│ ├── networking/ # Ingress controllers (nginx internal/external)
│ ├── core/ # Core services (cert-manager, MetalLB, Blocky)
│ └── apps/ # User applications
├── repositories/ # Helm and Git repository definitions
└── .sops.yaml # SOPS encryption rules
| Component | Purpose |
|---|---|
| Cilium | CNI networking |
| MetalLB | Load balancer |
| cert-manager | TLS certificates |
| Longhorn | Distributed storage |
| CloudNative-PG | PostgreSQL operator |
| kube-prometheus-stack | Monitoring |
| Spegel | P2P image distribution |
Media: Emby, Sonarr, Radarr, Lidarr, Prowlarr, qBittorrent, Ombi, Recyclarr
Home: Home Assistant, Immich, KitchenOwl, Teslamate
Infrastructure: Authentik, Grafana, Vaultwarden, Gitea, Nextcloud, Ollama
Utilities: Homepage, IT-Tools, Blocky (DNS), Cloudflare DDNS
- ClusterTool CLI
- SOPS with Age key
- kubectl
- Talosctl
Secrets are encrypted using SOPS with Age. The .sops.yaml file defines encryption rules for:
clusterenv.yaml- Cluster-wide environment variables*.secret.yaml- Kubernetes secretsvalues.yaml- Helm values containing sensitive data
- Clone this repository
- Configure your Age key for SOPS decryption
- Update
clusters/main/clusterenv.yamlwith your values - Deploy Talos nodes using ClusterTool
- Flux will automatically reconcile the cluster state