hugh/cabbagecluster
hugh/cabbagecluster
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
1,675 commits 1 branch 0 tags 14 MiB
  • Python 73.2%
  • Shell 23.8%
  • Dockerfile 2.3%
  • Jinja 0.7%
Find a file
Exact
fluxcd 7b43dffa0d chore(renovate): update image 
- renovate/renovate:43.210.2
2026-06-03 19:36:37 +00:00
.forgejo chore: update Trivy installation script to include Python3 YAML support 2026-06-01 13:20:02 -04:00
.githooks Tailscale plus pre-commit 2026-03-13 17:40:25 -04:00
.github chore: update Trivy CI scans documentation and enhance image inventory script 2026-06-01 13:12:52 -04:00
clusters/cabbagecluster fix: update polling intervals for various resources to 6 hours 2026-06-02 14:01:35 -04:00
docs fix: update polling intervals for various resources to 6 hours 2026-06-02 14:01:35 -04:00
helm-values fix(helm-values): add dnsConfig option for ndots in Forgejo deployment 2026-05-28 19:09:55 -04:00
infrastructure image updates actions 2026-06-01 12:20:18 -04:00
knowledge Refactor knowledge documentation and scripts 2026-05-29 23:38:36 -04:00
kubernetes chore(renovate): update image 2026-06-03 19:36:37 +00:00
scripts fix(flux): require interval for digest image policy 2026-06-01 14:53:37 -04:00
secrets fix: update k0s-version-alert-github secret and add it to kustomization 2026-06-02 14:05:49 -04:00
tests fix(flux): require interval for digest image policy 2026-06-01 14:53:37 -04:00
.envrc mariadb backups 2026-05-15 10:33:43 -04:00
.gitignore worktrees 2026-04-08 14:27:26 -04:00
.gitleaksignore feat(homepage): add nzbhydra2 widget with API key 2026-04-29 08:08:50 -04:00
.hadolint.yaml chore: add hadolint Dockerfile linting 2026-03-17 08:55:56 -04:00
.pre-commit-config.yaml chore: update pinned versions — critical and moderate 2026-04-29 16:29:24 -04:00
.sops.yaml fix(sops): add encrypted_regex to .sops.yaml, re-encrypt homepage-media secret 2026-04-27 16:11:09 -04:00
.trivyignore.yaml chore: update Trivy ignore file and documentation for Flux bootstrap RBAC exceptions 2026-05-22 19:31:26 -04:00
.yamllint.yaml fix: exclude encrypted and artifact dirs from yamllint 2026-03-14 16:53:28 -04:00
AGENTS.md fix(docs): update local kubectl tooling instructions and pre-bootstrap checklist 2026-05-25 13:51:44 -04:00
ansible.cfg ansible 2026-04-30 23:07:26 -04:00
PROJECT_SPEC.md docs: update, fix drift, and fix problems 2026-04-09 16:48:03 -04:00
pyproject.toml Add ruff pre-commit hooks and fix Python linting 2026-04-07 13:32:35 -04:00
README.md artifact rebuilder 2026-05-01 13:08:20 -04:00
renovate.json chore: update camofox-browser image configuration and add image automation 2026-06-01 13:06:26 -04:00
trivy.yaml chore: update Trivy ignore file and documentation for Flux bootstrap RBAC exceptions 2026-05-22 19:31:26 -04:00

README.md

cabbagecluster

Self-hosted k0s homelab Kubernetes cluster managed from Git, operated over Tailscale, and designed to be rebuilt from repository state plus encrypted secrets and backup data.

Start Here By Task

Task Read first Then read
Understand project scope PROJECT_SPEC.md docs/architecture/cluster-overview.md
Bootstrap a cluster docs/operations/pre-bootstrap-checklist.md docs/operations/bootstrap-sequence.md
Rebuild from bare nodes docs/runbooks/full-cluster-rebuild.md docs/runbooks/disaster-recovery.md
Restore application data docs/runbooks/disaster-recovery.md docs/operations/postgres-platform.md
Understand repo layout docs/project/repository-structure.md docs/README.md

Current Cluster Shape

  • skragg: single control-plane node
  • grubnuk: worker with local storage and Intel GPU
  • mugruk: worker with local storage and Intel GPU
  • muninn: worker dedicated to media-adjacent workloads and muninn-local storage

Management traffic uses Tailscale. Desired state lives in clusters/ and kubernetes/. Encrypted material lives in secrets/.

If you use direnv, .envrc watches key local artifacts under .artifacts/ and warns in an interactive terminal when files like .artifacts/kubeconfig disappear so you can rebuild them.

Repo Layout

  • clusters/cabbagecluster/: Flux entrypoints, node inventory, recovery inventory
  • kubernetes/base/: shared cluster infrastructure and storage definitions
  • kubernetes/apps/: workload manifests and app-specific configuration
  • secrets/kubernetes/: SOPS-encrypted secrets
  • scripts/: bootstrap, restore, validation, and operational helpers
  • docs/: canonical docs, runbooks, and ADRs

Core Commands

Check prerequisites

./scripts/check-prereqs.sh --mode bootstrap

Expected result: the script reports prereqs-ok.

Decrypt local runtime secrets

./scripts/decrypt-secrets.sh --force

Expected result: decrypted runtime material is written under .artifacts/runtime/.

Generate and apply cluster bootstrap

./scripts/bootstrap_cluster.py

Expected result: generated artifacts land under .artifacts/, k0sctl applies the inventory, and .artifacts/kubeconfig is produced.

Bootstrap Flux

./scripts/bootstrap-flux.sh --kubeconfig .artifacts/kubeconfig

Expected result: Flux controllers start, the Git source becomes Ready, and root kustomizations reconcile.

Canonical Documentation