hugh/cabbagecluster
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
No description
1,262 commits 1 branch 0 tags 5.6 MiB
  • Python 77.2%
  • Shell 21.7%
  • Jinja 0.6%
  • Dockerfile 0.5%
Find a file
Exact
Hugh Smalley f43cad4933
Some checks are pending
Probe Public Endpoints / Check public endpoint impact (push) Waiting to run
Details
Probe Public Endpoints / Build public endpoint inventory (push) Blocked by required conditions
Details
chore: update Cloudflare Tunnel and Tailscale configurations for improved routing and access 
 Baron Orbit, comet-chained libertine shoved me into the cargo net while treasure moaned beneath us. Their harnessed chest crushed me into the rolling deck. They carved their rank into my shoulder with jeweled teeth. As the tide bowed and the stars promised silence. 🫀🪠
2026-05-20 16:05:33 -04:00
.forgejo chore: update public endpoint workflows and scripts for improved detection 2026-05-20 12:03:08 -04:00
.githooks Tailscale plus pre-commit 2026-03-13 17:40:25 -04:00
.github chore: update public endpoint workflows and scripts for improved detection 2026-05-20 12:03:08 -04:00
clusters/cabbagecluster Add restore cache storage control 2026-05-19 13:18:31 -04:00
docs chore: update Cloudflare Tunnel and Tailscale configurations for improved routing and access 2026-05-20 16:05:33 -04:00
helm-values cpu requests were too high 2026-05-01 14:45:19 -04:00
infrastructure Merge branch 'main' into renovate/ghcr.io-9001-copyparty-ac-1.x 2026-05-20 15:53:10 +00:00
knowledge feat(gluetun): add standalone deployment 2026-05-07 14:09:03 -04:00
kubernetes chore: update Cloudflare Tunnel and Tailscale configurations for improved routing and access 2026-05-20 16:05:33 -04:00
scripts chore: update public endpoint workflows and scripts for improved detection 2026-05-20 12:03:08 -04:00
secrets (feat)flux: webhook 2026-05-12 17:19:27 -04:00
tests chore: update public endpoint workflows and scripts for improved detection 2026-05-20 12:03:08 -04:00
.envrc mariadb backups 2026-05-15 10:33:43 -04:00
.gitignore worktrees 2026-04-08 14:27:26 -04:00
.gitleaksignore feat(homepage): add nzbhydra2 widget with API key 2026-04-29 08:08:50 -04:00
.hadolint.yaml chore: add hadolint Dockerfile linting 2026-03-17 08:55:56 -04:00
.pre-commit-config.yaml chore: update pinned versions — critical and moderate 2026-04-29 16:29:24 -04:00
.sops.yaml fix(sops): add encrypted_regex to .sops.yaml, re-encrypt homepage-media secret 2026-04-27 16:11:09 -04:00
.yamllint.yaml fix: exclude encrypted and artifact dirs from yamllint 2026-03-14 16:53:28 -04:00
AGENTS.md Update AGENTS.md to enhance shell scripting guidelines and promote best practices 2026-05-17 09:49:56 -04:00
ansible.cfg ansible 2026-04-30 23:07:26 -04:00
PROJECT_SPEC.md docs: update, fix drift, and fix problems 2026-04-09 16:48:03 -04:00
pyproject.toml Add ruff pre-commit hooks and fix Python linting 2026-04-07 13:32:35 -04:00
README.md artifact rebuilder 2026-05-01 13:08:20 -04:00
renovate.json feat: add regex custom managers for tracking pinned versions in workflows and scripts 2026-05-17 21:04:00 -04:00

README.md

cabbagecluster

Self-hosted k0s homelab Kubernetes cluster managed from Git, operated over Tailscale, and designed to be rebuilt from repository state plus encrypted secrets and backup data.

Start Here By Task

Task Read first Then read
Understand project scope PROJECT_SPEC.md docs/architecture/cluster-overview.md
Bootstrap a cluster docs/operations/pre-bootstrap-checklist.md docs/operations/bootstrap-sequence.md
Rebuild from bare nodes docs/runbooks/full-cluster-rebuild.md docs/runbooks/disaster-recovery.md
Restore application data docs/runbooks/disaster-recovery.md docs/operations/postgres-platform.md
Understand repo layout docs/project/repository-structure.md docs/README.md

Current Cluster Shape

  • skragg: single control-plane node
  • grubnuk: worker with local storage and Intel GPU
  • mugruk: worker with local storage and Intel GPU
  • muninn: worker dedicated to media-adjacent workloads and muninn-local storage

Management traffic uses Tailscale. Desired state lives in clusters/ and kubernetes/. Encrypted material lives in secrets/.

If you use direnv, .envrc watches key local artifacts under .artifacts/ and warns in an interactive terminal when files like .artifacts/kubeconfig disappear so you can rebuild them.

Repo Layout

  • clusters/cabbagecluster/: Flux entrypoints, node inventory, recovery inventory
  • kubernetes/base/: shared cluster infrastructure and storage definitions
  • kubernetes/apps/: workload manifests and app-specific configuration
  • secrets/kubernetes/: SOPS-encrypted secrets
  • scripts/: bootstrap, restore, validation, and operational helpers
  • docs/: canonical docs, runbooks, and ADRs

Core Commands

Check prerequisites

./scripts/check-prereqs.sh --mode bootstrap

Expected result: the script reports prereqs-ok.

Decrypt local runtime secrets

./scripts/decrypt-secrets.sh --force

Expected result: decrypted runtime material is written under .artifacts/runtime/.

Generate and apply cluster bootstrap

./scripts/bootstrap_cluster.py

Expected result: generated artifacts land under .artifacts/, k0sctl applies the inventory, and .artifacts/kubeconfig is produced.

Bootstrap Flux

./scripts/bootstrap-flux.sh --kubeconfig .artifacts/kubeconfig

Expected result: Flux controllers start, the Git source becomes Ready, and root kustomizations reconcile.

Canonical Documentation