// Personal Infrastructure

Self-hosted homelab cluster.

A production-grade Kubernetes cluster running entirely on local hardware — powering every project on this site. Built to learn by doing: GitOps, distributed storage, self-hosted CI/CD, and zero exposed ports.

Personal infrastructure architecture GitOps flow: a git push to Gitea triggers FluxCD to pull and apply changes to the K3s cluster. Longhorn provides distributed persistent storage for workloads. YouTrack operates as an independent control plane on the side, used for issue tracking and the agentic development pipeline. Cloudflare Tunnel exposes all services externally without open inbound ports. Gitea git push / PR merge FluxCD GitOps reconciler K3s Cluster multi-node webhook / poll kubectl apply Longhorn distributed storage provisions PVCs YouTrack issue tracking Cloudflare Tunnel no open inbound ports exposed via agent pipeline

GitOps flow: a push to Gitea is picked up by FluxCD, which reconciles the desired state against the K3s cluster. Longhorn provisions persistent volumes for stateful workloads. YouTrack acts as a separate control plane for the agentic development pipeline. Cloudflare Tunnel exposes all services without any open inbound ports.

Stack

K3s

Lightweight Kubernetes distribution running on a multi-node bare-metal cluster. Handles workload scheduling, service mesh, and rolling updates for all personal projects — including this website, the shop PoC, and the agent tooling backend.

Longhorn

Distributed block storage built natively for Kubernetes. Provides replicated PersistentVolumeClaims across nodes so stateful workloads (databases, Gitea data, YouTrack) survive a single-node failure without manual intervention.

FluxCD

GitOps operator that continuously reconciles the cluster state against manifests stored in a private Gitea repository. Every infra change is a git commit — no manual kubectl apply in production.

Gitea + Gitea Actions

Self-hosted git forge and CI/CD platform. Migrated from Drone CI in 2024 to unify source control and runner infrastructure. All pull requests for personal projects (including this website) trigger Gitea Actions workflows that build multi-arch Docker images and push to the private registry.

YouTrack

Self-hosted issue tracker serving as the control plane for the agentic development pipeline. Issues assigned to Claude_Code are automatically picked up, implemented, and merged by the pipeline without manual intervention.

Cloudflare Tunnel

Outbound-only tunnel from the cluster to Cloudflare's edge — no inbound firewall rules or exposed ports required. All public-facing services (www, doc, shop, IAM) are routed through the tunnel, with Cloudflare handling TLS termination and DDoS protection.

Design decisions

GitOps over imperative deploys

Every cluster change is expressed as a git commit. This makes the desired state auditable, reversible, and reproducible — the same discipline applied to application code.

Self-hosted over managed cloud

Running K3s on local hardware instead of GKE keeps monthly costs near zero while providing hands-on experience with the full Kubernetes control plane — scheduler, etcd, networking, storage.

Zero exposed inbound ports

Cloudflare Tunnel means no firewall rules, no port-forwarding, and no exposed IP address. The cluster is invisible to the public internet at the network layer.

Read the full homelab write-up on the doc site (placeholder — article coming soon)