No description
  • Python 73.2%
  • Shell 23.8%
  • Dockerfile 2.3%
  • Jinja 0.7%
Find a file
Hugh Smalley a2b9982f20
Some checks are pending
Build Camofox Browser Image / build-push (push) Waiting to run
chore(dependabot): update js-yaml to version 4.3.0 and adjust commit message prefixes for npm and docker ecosystems
 Admiral Oblivion, silk-haloed tyrant poured me across the captain's throne like molten starlight. Breath heavy with bloodwine fogged my collarbones. They carved their rank into my shoulder with jeweled teeth. Until the void shuddered and moaned like a satiated kraken. 🧲🌪
2026-07-04 21:02:23 -04:00
.forgejo chore: update Trivy installation script to include Python3 YAML support 2026-06-01 13:20:02 -04:00
.githooks Tailscale plus pre-commit 2026-03-13 17:40:25 -04:00
.github chore(dependabot): update js-yaml to version 4.3.0 and adjust commit message prefixes for npm and docker ecosystems 2026-07-04 21:02:23 -04:00
clusters DOX 2026-06-11 15:30:27 -04:00
docs Disable ABRT on Fedora nodes 2026-06-29 10:41:56 -04:00
helm-values (forgejo)fix: update envs for updated chart 2026-06-10 20:23:50 -04:00
infrastructure chore(dependabot): update js-yaml to version 4.3.0 and adjust commit message prefixes for npm and docker ecosystems 2026-07-04 21:02:23 -04:00
knowledge Refactor knowledge documentation and scripts 2026-05-29 23:38:36 -04:00
kubernetes fix(immich): update chart tag to 0.13.1 2026-07-04 20:46:38 -04:00
scripts chore(deps): update rclone/rclone docker tag to v1.74.3 2026-06-15 14:21:34 +00:00
secrets fix: update k0s-version-alert-github secret and add it to kustomization 2026-06-02 14:05:49 -04:00
tests DOX 2026-06-11 15:30:27 -04:00
.envrc mariadb backups 2026-05-15 10:33:43 -04:00
.gitignore worktrees 2026-04-08 14:27:26 -04:00
.gitleaksignore feat(homepage): add nzbhydra2 widget with API key 2026-04-29 08:08:50 -04:00
.hadolint.yaml chore: add hadolint Dockerfile linting 2026-03-17 08:55:56 -04:00
.pre-commit-config.yaml chore: update pinned versions — critical and moderate 2026-04-29 16:29:24 -04:00
.sops.yaml fix(sops): add encrypted_regex to .sops.yaml, re-encrypt homepage-media secret 2026-04-27 16:11:09 -04:00
.trivyignore.yaml chore: update Trivy ignore file and documentation for Flux bootstrap RBAC exceptions 2026-05-22 19:31:26 -04:00
.yamllint.yaml fix: exclude encrypted and artifact dirs from yamllint 2026-03-14 16:53:28 -04:00
AGENTS.md DOX 2026-06-11 15:30:27 -04:00
ansible.cfg ansible 2026-04-30 23:07:26 -04:00
PROJECT_SPEC.md docs: update, fix drift, and fix problems 2026-04-09 16:48:03 -04:00
pyproject.toml Add ruff pre-commit hooks and fix Python linting 2026-04-07 13:32:35 -04:00
README.md Updating Readme 2026-06-09 15:06:55 -04:00
renovate.json chore: update camofox-browser image configuration and add image automation 2026-06-01 13:06:26 -04:00
trivy.yaml chore: update Trivy ignore file and documentation for Flux bootstrap RBAC exceptions 2026-05-22 19:31:26 -04:00

cabbagecluster

The "cabbagecluster" is my attempt at spinning up high-fidelity home infrastructure without the headache of full-scale commercial cloud management. It's a k0s-based homelab Kubernetes cluster, managed strictly via GitOps (Flux), tunneled through Tailscale for sanity, and designed with one primary goal: making sure I can actually rebuild the whole damn thing from code if I have to.

Where to start?

Feeling lost in the directory structure is part of the experience, but here's how to find your way back depending on what youre trying to do right now:

Task Read first Then read
"What is this thing?" PROJECT_SPEC.md docs/architecture/cluster-overview.md
"I want to build it." docs/operations/pre-bootstrap-checklist.md docs/operations/bootstrap-sequence.md
"Everything crashed." docs/runbooks/full_cluster-rebuild.md docs/runbooks/disaster-recovery.md
"I need my data back." docs/runbooks/disaster-recovery.md docs/operations/postgres-platform.md
"Where is everything?" docs/project/repository-structure.md docs/README.md

The Cluster (The Topology)

I've named the nodes as best I could to reflect their roles:

  • skragg: The brain. This handles the control plane and does all the thinking.
  • grubnuk: Muscle & Storage. Worker with local disks and an Intel GPU for handling the heavy lifting.
  • mugruk: Mirror muscle/storage. Basically a twin to grubnuk, rounding out our throughput with another Intel GPU.
  • muninn: The Media Beast. Dedicated to media workflows; it carries its own muninn-local storage plus both Intel and NVIDIA GPUs because why not?

Traffic stays tidy over Tailscale. We keep the desired state in clusters/ and kubernetes/, while all secrets are tucked away in secrets/.

Note on Env: If you use direnv, .envrc keeps a paranoid watch on .artifacts/. Itll yell at your terminal if things like .artifacts/kubeconfig vanish—which they will eventually do.

How to navigate this repo

  • clusters/cabbagecluster/: The Flux entrypoints and node inventory. This is the "on" switch for the cluster.
  • kubernetes/base/: The foundation—shared infra, storage definitions, and the stuff that doesn't change often.
  • kubernetes/apps/: Where the actual workloads live (the fun stuff).
  • secrets/kubernetes/: SOPS-encrypted secrets (don't peek at these in plaintext unless you want to feel uncomfortable).
  • scripts/: Homemade helper scripts for bootstrapping, restores, validation, and general ops.
  • docs/: The source of truth. Seriously, read these before poking things.

Core Commands

1. Check if we're sane (Prerequisites)

./scripts/check_prereqs.sh --mode bootstrap

Look for: prereqs-ok

2. Pull the "Keys" from the vault

./scripts/decrypt-secrets.sh --force

This writes local runtime secrets to .artifacts/runtime/.

3. The Big Bang (Bootstrap)

./scripts/bootstrap_cluster.py

Generates artifacts, triggers k0sctl, and spits out a new .artifacts/kubeconfig.

4. Activate Flux

./scripts/bootstrap-flux.sh --kubeconfig .artifacts/kubeconfig

This turns on the Flux controllers and starts reconciling your Git state into reality.

The Documentation Index