Skip Navigation
Jump
Finally moved it all through Authentik !
  • I don't require it as it's allowed where I live for personal use ^^

    But you would require a sidecar pod from whatever vpn and use a given config by your vpn provider then redirect all pod traffic through your sidecar but I think some images of transmission have it all included.

    1
  • Jump
    Finally moved it all through Authentik !
  • I have added an edit but before you posted this so let me answer here (you can check the edit also if you feel like it)

    Basically I use traefik and cert manager to retreieve star SSL certs (*.domain.com) for all the domains I own, as those are done via DNS-01 challenges you don't need your server to be accessible via internet.

    The VPN is then pointing at adguard for its DNS and adguard points my star domains to traefik which then redirect to each services with the star certificate

    EDIT: external services such as the VPN itself is also redirected via Traefik using external services objects so my VPN can sit outside the cluster (in my trueNAS machine) but still have an SSL cert

    1
  • Jump
    Finally moved it all through Authentik !
  • Oh yeah it is a nightmare to get started (IMO) due to their own wording for most of the stuff I have added an edit if you want to check a bit more of how I have setup stuff maybe some questions will be answered there...

    1
  • Jump
    Finally moved it all through Authentik !
  • I have added an edit (but you will see on the last point a full on guide is started but god it is not the most funny part to do!)

    1
  • Finally moved it all through Authentik !

    Just posting here cause I have been a lurker for a long time and wanted to share the latest version of my Kubernetes based homelab !

    When finally all of it is in one place !

    Services Details:

    • Authentik: Authentication SSO for all services (The UI you see here)
    • Adguard: DNS server for the homelab as well as DNS blocker
    • ArgoCD: Applications to deploy apps to Kubernetes
    • Gitea: Git source code version control
    • Longhorn: Storage for the Kubernetes cluster
    • MinIO: Backup storage for the Kubernetes cluster
    • DSM: Synology NAS main UI
    • Traefik: Reverse proxy for the homelab
    • TrueNAS (Scale): Main NAS
    • Unifi: Unifi UI homepage
    • Vault: Secret storage for the Kubernetes cluster
    • Wireguard: VPN to access services from outside
    • Grafana: Dashboards for the homelab
    • Graphite: Exporter to retrieve external metrics to feed them back to Prometheus
    • Prometheus: Metrics DB to feed Grafana
    • FlareSolverr: Bypass cloudflare protection
    • Gotenberg: Convert files (Word, excel, etc)
    • Prowlarr: Serves as a discovery server for Radarr and Sonarr
    • Radarr: Handles movies
    • Sonarr: Handles TV Shows
    • Sunshine: Selfhosted cloud gaming PC UI
    • Syncthing: Handles files synchronization between devices
    • Transmission: Handles P2P Files
    • Immich: Google photo replacement
    • Libreddit: Access reddit without reddit
    • Overseerr: Movies and TV Shows request management
    • PaperlessNGX: Stores all documents
    • Plex: Personal netflix
    • Tandoor: Recipes management
    • SearxNG: Selfhosted search engine

    Any question or feedback is welcome !

    20