DEV.co
Open-Source DevOps · Mafyuh

iac

A personal homelab infrastructure repository demonstrating GitOps practices with Kubernetes, Proxmox VMs, and Docker Compose. It uses Talos Linux, Flux, Ansible, OpenTofu, and GitHub Actions to manage and automate a complete home infrastructure stack.

Source: GitHub — github.com/Mafyuh/iac
610
GitHub stars
28
Forks
YAML
Primary language
WTFPL
License (Requires review (not clearly OSI))

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryMafyuh/iac
OwnerMafyuh
Primary languageYAML
LicenseWTFPL — Requires review (not clearly OSI)
Stars610
Forks28
Open issues7
Latest releaseUnknown
Last updated2026-07-08
Sourcehttps://github.com/Mafyuh/iac

What iac is

Infrastructure-as-code project combining Proxmox hypervisor, Talos Linux Kubernetes cluster, and legacy Docker/VM workloads. Employs Flux for K8s CD, GitHub Actions for automation, Renovate for dependency management, Ansible for VM configuration, and Bitwarden Secrets for secret management.

Quickstart

Get the iac source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Mafyuh/iac.gitcd iac# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Learning GitOps & Infrastructure Automation

Well-structured example of GitOps principles applied to a real homelab. Shows practical integration of Flux, Renovate, GitHub Actions, and IaC tools.

Homelab & Self-Hosted Infrastructure Reference

Comprehensive reference architecture for running Kubernetes alongside traditional VMs. Demonstrates hybrid infrastructure management at scale suitable for advanced hobbyists.

Multi-Tool Orchestration Pattern

Illustrates how to coordinate multiple deployment tools (Flux, Ansible, GitHub Actions, OpenTofu) in a single cohesive infrastructure pipeline.

Implementation considerations

  • Project is fundamentally a single individual's homelab snapshot—expect significant customization needed to match your hardware, networking, and security posture.
  • Requires working knowledge of Kubernetes, Talos Linux, Ansible, Terraform/OpenTofu, Docker, and GitHub Actions; not a beginner-friendly resource.
  • No versioned releases or upgrade path documented. Track the main branch for changes and test thoroughly before applying to production-like homelabs.
  • Bitwarden Secrets integration is mentioned but implementation details are incomplete (README truncated). Verify full secret management strategy before deployment.
  • The codebase mirrors to GitLab and Forgejo, indicating potential distribution concerns—clarify your source-of-truth before relying on this repo.

When to avoid it — and what to weigh

  • Production Enterprise Workloads — Designed for personal homelab use. Not suitable for business-critical systems without significant hardening, redundancy, and commercial support architecture.
  • Seeking Turnkey Solutions — This is a reference implementation requiring deep DevOps expertise to adapt and deploy. Not a plug-and-play platform for non-technical teams.
  • Need Commercial Support — WTFPL license provides no legal warranty or support guarantees. The project reflects one individual's configuration and may diverge from best practices.
  • Limited Infrastructure Budget — Requires Proxmox hardware, networking equipment (Unifi), and substantial server capacity. Not cost-effective for minimal setups.

License & commercial use

Licensed under WTFPL (Do What The F*ck You Want To Public License). This is a permissive, unconditional license that allows use, modification, and redistribution with no restrictions, attribution requirements, or liability. It is unconventional and may not be recognized by all compliance tools.

WTFPL is permissive and places no restrictions on commercial use. However, it offers no warranties or indemnification. For commercial adaptation, conduct legal review to ensure compliance with your organization's licensing and liability requirements. The license itself does not guarantee the code is suitable for production use.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationLimited
License clarityClear
Deployment complexityHigh
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Mentions use of Bitwarden Secrets Manager but implementation is undocumented. No description of RBAC, network policies, secret rotation, or exposure management. Status dashboard endpoints are publicly accessible (potentially leaking infrastructure info). Unifi networking is noted but firewall/segmentation rules are not detailed. Requires thorough security audit before production use.

Alternatives to consider

Ansible + Terraform (without Kubernetes)

Simpler, lower-overhead approach for VM-only infrastructure. Avoids Kubernetes complexity if you do not need container orchestration at scale.

k3s + Kustomize (instead of Talos + Flux)

Lighter-weight Kubernetes distribution with simpler bootstrapping. Kustomize provides declarative config management without GitOps coupling.

HashiCorp Terraform + Vault + Nomad

Commercial-backed alternatives offering multi-cloud portability, enterprise secret management, and unified orchestration for VMs and containers.

Software development agency

Build on iac with DEV.co software developers

This repository is a comprehensive reference for building GitOps-driven infrastructure. Clone, adapt, and use it as a blueprint for your own homelab—but invest time in understanding each component before production use.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

iac FAQ

Can I use this directly for my homelab?
Not directly. This is Mafyuh's personal configuration. You must adapt networking (IP ranges, DNS), hardware (Proxmox VM specs), and service choices. Expect 40–60 hours of customization and testing.
What if I only want to use Docker, not Kubernetes?
The Docker Compose stack is separate from the Flux K8s stack. You can extract the Docker CD workflow and Ansible playbooks. However, tooling and automation are tightly integrated; expect some decoupling work.
How do I handle secrets securely?
The README mentions Bitwarden Secrets Manager but provides no implementation detail. Review the live repository or the Nix config link for concrete examples. Always rotate secrets and audit access.
Is this suitable for business/production?
No. This is a hobby project with no SLA, no commercial support, and no formal testing or security hardening. Use as a learning reference only; build your own validated stack for business use.

Custom software development services

Adopting iac is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source devops software in production.

Ready to Learn GitOps at Home?

This repository is a comprehensive reference for building GitOps-driven infrastructure. Clone, adapt, and use it as a blueprint for your own homelab—but invest time in understanding each component before production use.