Just posting here cause I have been a lurker for a long time and wanted to share the latest version of my Kubernetes based homelab !
When finally all of it is in one place !
Services Details:
- Authentik: Authentication SSO for all services (The UI you see here)
- Adguard: DNS server for the homelab as well as DNS blocker
- ArgoCD: Applications to deploy apps to Kubernetes
- Gitea: Git source code version control
- Longhorn: Storage for the Kubernetes cluster
- MinIO: Backup storage for the Kubernetes cluster
- DSM: Synology NAS main UI
- Traefik: Reverse proxy for the homelab
- TrueNAS (Scale): Main NAS
- Unifi: Unifi UI homepage
- Vault: Secret storage for the Kubernetes cluster
- Wireguard: VPN to access services from outside
- Grafana: Dashboards for the homelab
- Graphite: Exporter to retrieve external metrics to feed them back to Prometheus
- Prometheus: Metrics DB to feed Grafana
- FlareSolverr: Bypass cloudflare protection
- Gotenberg: Convert files (Word, excel, etc)
- Prowlarr: Serves as a discovery server for Radarr and Sonarr
- Radarr: Handles movies
- Sonarr: Handles TV Shows
- Sunshine: Selfhosted cloud gaming PC UI
- Syncthing: Handles files synchronization between devices
- Transmission: Handles P2P Files
- Immich: Google photo replacement
- Libreddit: Access reddit without reddit
- Overseerr: Movies and TV Shows request management
- PaperlessNGX: Stores all documents
- Plex: Personal netflix
- Tandoor: Recipes management
- SearxNG: Selfhosted search engine
Any question or feedback is welcome !
You must log in or register to comment.
I am planning for a while now to install Authentik / Authelia, but I always keep delaying it, as it sounds difficuld and more complex.
How much effort was it for you?
Same. Then I just tried and documented the process:
I have added an edit I hope it answers questions you might have (feel free to let me know if you have more)
Nice mix. FlareSolverr is an *arr thing or can it be truly used as a generic http proxy, as in putting it in firefox settings say?
Thanks for including descriptions. Too often I have to search for an unfamiliar app name and wonder: is it hosted on git? Is it this one with a .ai domain? Pretty sure this one is a pharma company website…
Yea seriously. Somebody is like “I run Cumface mostly it solves all my problems” and I’m like ‘great… now I have to wade through all these google results and lots of tissues until I find something related to my lab environment.’ Turns out it was a tool I didn’t even need and now everything is sticky and I’m confused.
Turns out it was a tool I didn’t even need and now everything is sticky and I’m confused
Not often you see /r/BrandNewSentence material on this sub
I am also doing this. So far only setup portainer. Would love to talk to you. I work with oauth2 but I am trying to learn more abd the authentik terms are different from my normal use case. There are many flows etc
Oh yeah it is a nightmare to get started (IMO) due to their own wording for most of the stuff I have added an edit if you want to check a bit more of how I have setup stuff maybe some questions will be answered there…
That stresses me out, but I am very impressed!
If you’re able to document roughly how you set everything up, that’d be a great resource for the sub. 😄
I have added an edit (but you will see on the last point a full on guide is started but god it is not the most funny part to do!)
Thank you for sharing, looks great. I wonder how you configured access to the Kubernetes services. You mentioned you leverage WIreguard VPN but is it possible to configure SSL certificates for the VPN services?
I have added an edit but before you posted this so let me answer here (you can check the edit also if you feel like it)
Basically I use traefik and cert manager to retreieve star SSL certs (*.domain.com) for all the domains I own, as those are done via DNS-01 challenges you don’t need your server to be accessible via internet.
The VPN is then pointing at adguard for its DNS and adguard points my star domains to traefik which then redirect to each services with the star certificate
EDIT: external services such as the VPN itself is also redirected via Traefik using external services objects so my VPN can sit outside the cluster (in my trueNAS machine) but still have an SSL cert
Thanks, indeed you are right using DNS 01 challenge can be appropriate for this. Btw do you use a VPN for transmission. I mean, for egress traffic, I have been trying to figure out how to set it up without any luck.
I don’t require it as it’s allowed where I live for personal use ^^
But you would require a sidecar pod from whatever vpn and use a given config by your vpn provider then redirect all pod traffic through your sidecar but I think some images of transmission have it all included.
Libreddit: Access reddit without reddit
Does this still work for you? I’m interested but the GitHub page indicates that it’s no longer fully functional due to the recent API changes.
I have added an edit I hope it answers questions you might have (feel free to let me know if you have more)
I have just read your comment on libreddit. It works fine for me. The only difference I could feel is that some pictures load more slowly.
At one point I was trying to setup keycloak and then authentik. What do you use for your ingress? The biggest issue I had (aside from not getting authentik to work) was finding the correct way to setup ingress-nginx to actually work properly with authentik.
You have any example yaml files that would help get started on this?
I have added an edit I hope it answers questions you might have (feel free to let me know if you have more)