GitOps state for my cluster using flux v2
Home infrastructure running: 3x Master Raspberry Pi 4GB + 3x Worker 8GB + 1x 11th Gen Intel Nuc:
- Apps:
- baikal - {Cal,Card}Dav server
- blocky - DNS proxy and ad-blocker
- calibre and calibre-web - Lovely E-Book library management
- flood - Pretty and mobile friendly *torrent frontend
- gitlab - Git + Everything possibly related
- golink - Tailscale Link Shorterner
- home-assistant - Home Automation
- homepage - Application Dashboard
- immich - Self-hosted photo and video management with state-of-the-art ML
- jellyfin - Media System
- maddy - Completel and modern mailserver
- my blog - Built with via Gitlab Runners + Buildkitd
- ntfy - Push notifications made easy
- omada-controller - TP-Link Omada Network Controller
- thelounge - IRC client
- vikunja - Todo-app
- System:
- buildkitd - Super efficient container build daemon
- cert-manager - Automated letsencrypt broker
- flannel - Because flannel the lightest CNI
- fluentbit - Log collection and aggregation
- flux2 - Keep cluster in sync with this repo
- haproxytech ingress - Haproxy.org Ingress controller
- kube-network-policies - Official and small netpol enforcement
- tailscale-idp - Tailscale OIDC IDP
- tailscale-operator - Tailscale Operator
- victoria-metrics - Lighter prometheus alternative
I use mozilla SOPS for secret encryption as it supported out of the box in Flux2. After adding a passwordless secret key to your cluster, add it to your flux-system/gotk-sync.yaml if you want to be able do decrypt secrets in the main flux-system kustomization.
I use a pre-commit hook to ensure that secrets are never pushed unencrypted. Assuming you have a .sosp.yaml the only thing you need to do is:
sops -e -i my-secret.yaml # That's it
sops my-secret.yaml # To edit it directly in your $EDITOR