HomeScale¶
HomeScale is a GitOps monorepo for private Kubernetes clusters running personal and family infrastructure. ArgoCD watches this repo and reconciles all cluster state automatically on every merge to main — no manual kubectl apply required.
Technology stack¶
| Layer | Tool | What it does |
|---|---|---|
| OS / nodes | Talos Linux | Immutable, API-driven Linux for Kubernetes nodes |
| Cluster lifecycle | Omni | SaaS control plane for provisioning and upgrading Talos clusters |
| GitOps | ArgoCD | Continuous delivery; syncs cluster state from this repo |
| Secrets | Infisical | Central secrets store; k8s operator syncs secrets into namespaces |
| Networking | NetBird | Zero-trust WireGuard mesh for human and machine access |
| Node connectivity | Talos KubeSpan | WireGuard tunnels between nodes across regions |
| DNS | Cloudflare | External DNS and tunnel ingress for public services |
| Backups | VolSync + restic | PVC-level backup and restore |
| Container registry | GHCR | First-party images pushed on merge to main |
Clusters¶
| Cluster | Region | Role |
|---|---|---|
mgmt |
— | Management: ArgoCD, Infisical operator, shared infra |
boa1-prod |
boa1 |
Production workloads |
boa1-gw |
boa1 |
Gateway: PXE boot, subnet routing, region ↔ mgmt bridge |
How a change ships¶
PR opened → CI (scan + build) → merge to main → deploy CI (Terraform apply + Omni sync) → ArgoCD detects diff → reconciles cluster
See Architecture overview for the full GitOps loop.
Key docs¶
- Architecture overview — GitOps flow, app catalog, CI/CD
- Networking — KubeSpan, NetBird, internal/external service exposure
- Secrets management — Infisical, InfisicalSecret CRs, adding secrets
- Deploying an app — step-by-step walkthrough for adding a new app
- App reference — full
app.yamlfield reference - Cluster operations — adding clusters, Omni templates, Terraform
- Backups — VolSync backup and restore