71442a0405
- Migrate all ingress hostnames from *.homelab.local to *.coreworlds.io - Remove broken Traefik certresolver config (cert-manager handles TLS) - Add internal-only IP allowlist middleware for platform services - Add IngressRoutes for ArgoCD, Grafana, Longhorn (LAN-only via middleware) - Seal and add Cloudflare API token for cert-manager DNS-01 challenges - Update cert-manager ClusterIssuers with real email - Update k3s TLS SAN to k3s.coreworlds.io - Rewrite Ubiquiti docs for single-node topology and split-horizon DNS - Fix seal-secret.sh controller name to match Helm release - Add UCG DNS setup script using API key auth
Homelab
Monorepo for self-hosted applications running on a k3s cluster across Intel NUC machines.
What's Inside
- Apps: Next.js frontend, Express API (TypeScript)
- Infrastructure: Ansible provisioning, ArgoCD GitOps, full Kubernetes platform
- Observability: Prometheus, Grafana, Loki
Prerequisites
Quick Start
# Install dependencies
pnpm install
# Start development
task dev
# Build all apps
task build
Bootstrap Cluster (Day 1)
- Flash Ubuntu Server 24.04 on NUCs, configure SSH access
- Configure Ubiquiti Cloud Gateway (see
infra/ubiquiti/) - Provision nodes and install k3s:
task cluster:bootstrap task cluster:kubeconfig - Install platform components:
task platform:install - Seal initial secrets:
task secrets:seal - Push an app — ArgoCD handles the rest
Branch Deploys
Push a branch or open a PR → GitHub Actions builds changed apps → ArgoCD creates a preview namespace → merge to main deploys to production.
Project Structure
homelab/
├── apps/ # Deployable applications
├── packages/ # Shared libraries
├── infra/
│ ├── ansible/ # Bare-metal provisioning
│ ├── kubernetes/ # K8s manifests (ArgoCD, platform, observability)
│ └── ubiquiti/ # Network documentation
├── scripts/ # Utility scripts
├── templates/ # App scaffolding templates
└── Taskfile.yaml # Task runner
License
Private — All rights reserved.