Featured Projects
Proxmox Infrastructure as Code
Complete Infrastructure as Code solution implementing a three-phase GitOps workflow: Terraform for provisioning, Ansible for configuration, and GitLab CI/CD for service deployment. Manages LXC containers, Linux/Windows VMs, and a 6-node Kubernetes cluster.
Key Achievements
- Multi-Platform Management: Unified automation for LXC containers, Linux VMs, Windows VMs, and K3s cluster
- 9-Stage CI/CD Pipeline: Comprehensive validation including lint, build, validate, preflight checks, backup, deployment, and health verification
- Production Services: 8 services across 5 LXC containers with automated deployment and rollback capabilities
- Security Model: Per-host ED25519 SSH keys, Ansible Vault for secrets, sealed secrets, and SSH hardening
- 6-Node K3s Cluster: High-availability Kubernetes with automated deployment and rolling updates
- Idempotent Operations: Checksum-based change detection preventing unnecessary service restarts
Technologies
Architecture Overview
flowchart LR
A[Terraform
Phase 1] -->|Provisions| B[Ansible
Phase 2]
B -->|Configures| C[GitLab CI/CD
Phase 3]
A -->|Creates Infrastructure| A1["• LXC Containers
• Linux/Windows VMs
• Generate SSH keys
• Output inventory"]
B -->|One-Time Setup| B1["• Create users
• Install Docker/Podman
• Harden SSH
• Setup /srv/docker/"]
C -->|On Every Push| C1["• Auto-detect changes
• Validate configs
• Deploy services
• Health checks"]
Kubernetes GitOps with ArgoCD
Production Kubernetes cluster managed entirely through GitOps principles using ArgoCD's app-of-apps pattern. Implements automated application discovery, sealed secrets management, and comprehensive CI/CD validation pipelines.
Key Achievements
- App-of-Apps Pattern: Automated application discovery using Git directory generator—simply add a folder to deploy
- 11+ Production Applications: Self-hosted services including Affine, FreshRSS, Home Assistant, IT Tools, and more
- Custom Helm Charts: 10+ custom OCI-based Helm charts published to private registry
- Sealed Secrets: Encrypted secret management with automated sealing via custom Go-based tool (Kryptos)
- Infrastructure Services: Complete stack including Traefik ingress, cert-manager, MetalLB, Longhorn storage
- Automated CI/CD: Multi-stage validation pipeline with Kustomize builds, schema validation, and security scanning
Technologies
Architecture Overview
flowchart TB
Git[Git Repository
argo-apps] --> ArgoCD[ArgoCD
GitOps Controller]
ArgoCD --> AppSet[ApplicationSet
Git Directory Generator]
AppSet --> |Auto-discovers| Apps[Applications
apps/*]
Apps --> Infra[Infrastructure Layer]
Apps --> Services[Application Layer]
Infra --> Traefik[Traefik Ingress]
Infra --> Cert[cert-manager]
Infra --> Storage[Longhorn Storage]
Services --> App1[Affine]
Services --> App2[Home Assistant]
Services --> App3[FreshRSS]
Services --> App4[More...]
Custom Helm Charts Repository
Custom Helm chart repository with automated CI/CD packaging and OCI registry publishing. Provides reusable, production-ready Helm charts for self-hosted applications with comprehensive validation and testing pipelines.
Key Achievements
- 10+ Custom Charts: Production-ready Helm charts for Affine, FreshRSS, Home Assistant, IT Tools, and more
- OCI Registry: Charts published to private OCI-compatible registry for secure distribution
- 5-Stage CI/CD Pipeline: Automated detect, validate, package, publish, and notification stages
- Automated Validation: Helm lint, template rendering with PyYAML verification, and dependency management
- Version Management: Semantic versioning with automated chart version bumps and change detection
- Renovate Integration: Automated dependency updates for Docker images and chart dependencies
Technologies
CI/CD Pipeline
flowchart LR
charts[charts/
Chart.yaml
values.yaml
templates/]
gitlab[GitLab CI
5-stage
pipeline]
validate[Validate
Package
Publish
helm template
+ PyYAML]
registry[OCI Registry
homelab/
helm-charts]
charts --> gitlab --> validate --> registry
