This repository contains the complete infrastructure and application code for my personal home server setup. While the code is public for portfolio and educational purposes, this is not intended for external contributions or pull requests.
- Overview
- Architecture
- Tools & Technologies
- Services Running
- Hardware Specifications
- Security Considerations
- License & Usage
This is a production-ready Kubernetes-based home server that automates deployments, monitors services, and manages various personal applications. The setup demonstrates modern DevOps practices, cloud-native architecture, and GitOps workflows.
Key Features:
- π Automated deployment with Helmfile and Helm charts
- π End-to-end security with cert-manager and Cloudflare Tunnel
- πΎ Automated backup system with K8up and Restic
- π Smart home integration with Home Assistant and Node-RED
- π Comprehensive monitoring with Prometheus, Grafana, and Loki
- π§ Custom deployment automation with Drone Launcher
Data Flow:
- External Access: Internet β Cloudflare Edge β Cloudflare Tunnel β NGINX Ingress β Services
- Internal Services: Applications communicate through Kubernetes services
- Monitoring: Alloy collects metrics/logs β Prometheus/Loki β Grafana dashboards
- Storage: Applications use NFS/Local PVs, with automated backups via K8up to S3
- Home Automation: Home Assistant β Node-RED β Smart Home Devices
| Logo | Technology | Description |
|---|---|---|
 |
Kubernetes | Container orchestration platform |
 |
Docker | Application containerization |
 |
Helm | Package manager for Kubernetes applications |
 |
Helmfile | Declarative deployment management |
 |
Restic | S3 backup repository for K8up backups |
| Logo | Service | Description |
|---|---|---|
 |
cert-manager | Automated TLS certificate management |
 |
NGINX Ingress Controller | Traffic routing and SSL termination |
 |
Cloudflare Tunnel | Secure remote access without port forwarding |
 |
K8up | Automated backup system |
|
Kubernetes Dashboard | Cluster management interface |
 |
NFS | Network file system for persistent storage |
 |
MinIO | S3-compatible object storage |
 |
PostgreSQL | Relational database service |
| Logo | Service | Description |
|---|---|---|
 |
Prometheus | Metrics collection and alerting |
 |
Grafana | Visualization and dashboards |
 |
Loki | Log aggregation |
 |
Alloy | Telemetry collection |
 |
Kuma | Uptime monitoring |
| Logo | Service | Description |
|---|---|---|
 |
Home Assistant | Home automation platform |
 |
Node-RED | Visual programming for IoT workflows |
 |
Pi-hole | DNS filtering and ad blocking |
 |
qBittorrent | Torrent client with web interface |
 |
Ntfy | Push notification service |
 |
Atuin | Shell history sync |
 |
Drone Launcher | A custom-built NestJS application that automates deployment processes and provides webhook-based CI/CD integration. |
| Component | Specification |
|---|---|
| CPU | Intel Core i7-8550U |
| RAM | 16 GB DDR4 |
| Storage | 240 GB SSD + 1 TB HDD |
| Operating System | Ubuntu Server 24.04.3 LTS |
| Kubernetes | MicroK8s v1.32.9 |
This repository demonstrates production-ready security practices:
- No Hardcoded Secrets: All sensitive data via environment variables
- Encrypted Secret Management: All cluster secrets are managed in a separate private repository using SOPS for encryption
- Secure Remote Access: Cloudflare Tunnel provides secure internet exposure without opening firewall ports
- Secure Communications: TLS everywhere
- Principle of Least Privilege: Minimal required permissions
This is a personal project. While the code is publicly available for learning purposes, this is a personal configuration not intended for external contributions or direct replication. Feel free to fork and adapt the concepts for your own use!
This project is open source under the MIT License and serves as a portfolio demonstration of modern home server infrastructure.