Home Lab Welcome to the documentation for the cluster, a Kubernetes home lab built on Talos Linux and managed entirely through GitOps with ArgoCD
Quick Start
New here? Head to the Getting Started guide to understand the repository layout and dive into the architecture.
Architecture Overview flowchart LR
Internet((Internet))
CF[Cloudflare]
Tunnel[cloudflared\nTunnel]
Nginx[nginx\nReverse Proxy]
EE[Envoy External\n192.168.0.239]
EI[Envoy Internal\n192.168.0.238]
Apps[Applications]
TS[Tailscale\nVPN]
User((User))
Internet -->|"*.example.com"| CF
CF -->|Proxied traffic| Tunnel
Tunnel --> Nginx
Nginx --> EE
EE --> Apps
User -->|VPN| TS
TS --> EI
EI --> AppsDocumentation Sections Section Description Getting Started Repository overview, prerequisites, and architecture Infrastructure Hardware, Talos Linux, cluster bootstrap, node management Networking Cilium CNI , Envoy Gateway, DNS , Cloudflare Tunnel, Tailscale GitOps ArgoCD setup, ApplicationSets, sync policies Storage Rook Ceph, OpenEBS, backup and restore Security Authelia, LLDAP, External Secrets, SOPS , cert-manager Monitoring Prometheus, Grafana, Loki, Fluent Bit Applications Media stack, home automation, self-hosted apps, databases Operations Justfile recipes, Talos commands, troubleshooting, upgrades CI/CD GitHub Actions, Docker builds, Renovate Development App template patterns, adding new apps Reference IP allocation table, full app catalog
Hardware Summary Compute Device Quantity Role Architecture Raspberry Pi 4 4 Control plane / workers ARM64 Lenovo ThinkPad T440p 2 Workers AMD64 Acemagician AM06 3 Workers (NVMe / Ceph) AMD64 Raspberry Pi 3B+ 1 Worker ARM64 Raspberry Pi 2B+ 4 Auxiliary / monitoring ARMv7
Storage Device Details Synology NAS 4-bay, 8 TB total Boot drives 128 GB SSD per node Ceph OSD drives 512 GB NVMe x3 (Acemagician nodes)
Network & Power Device Details TP-Link 24-port PoE switch Core switch, powers Pi nodes via PoE NanoPi R5C Network appliance / router helper Ubiquiti U7-Pro Primary Wi-Fi access point Ubiquiti U6-Lite Secondary Wi-Fi access point Eaton 500VA UPS Battery backup for core infrastructure
Other Device Details BambuLab A1 Combo 3D printer for cases, mounts, and brackets
Key Technologies Layer Technology Purpose Operating System Talos Linux v1.12.4 Immutable, API-driven Kubernetes OS GitOps ArgoCD Declarative continuous delivery CNI Cilium eBPF networking with L2 announcements, DSR , Maglev Ingress Envoy Gateway Two-gateway architecture (external, internal) DNS Cloudflare + external-dns Automated DNS record management Tunnel cloudflared Secure external access without port forwarding VPN Tailscale Remote access to internal services Storage Rook Ceph + OpenEBS Distributed and local persistent storage Secrets SOPS + age + 1Password ConnectEncrypted secrets in Git, synced via External Secrets Auth Authelia + LLDAP SSO and lightweight LDAP directory Monitoring Prometheus + Grafana + Loki Metrics, dashboards, and log aggregation Domain example.com Managed via Cloudflare
Repository Structure February 15, 2026 February 15, 2026