Homelab architecture map Git push enters Gitea, Gitea Actions validates and builds images, OpenTofu manages the cluster, Argo CD syncs manifests, and the OCI edge routes traffic over Tailscale into Kubernetes services. Source, validation, and images Debian node 192.168.100.68 Edge access and workloads Developer laptop edit, test, push main Gitea repository https://lab2025.duckdns.org/git/ main is the release branch Gitea Actions runner Debian hosted runner custom checkout for /git/ path Validation gates Gitleaks secret scan Trivy IaC and image posture Buildx image build linux/arm64 website + demos OpenTofu + lab.sh infra, platform, apps, edge repeatable apply path kubeadm control plane API server, scheduler, controller Calico pod networking GitOps mirror validated commit copied locally Argo CD reads deploy state Argo CD container-registry, website gitea and demos-static apps Storage and backups OpenEBS retained hostpath PVs Gitea dumps and external SSD OCI edge host nginx, HAProxy, Varnish, Squid TLS, routing, caching public DNS entry point Tailscale + NodePorts 30080 website, 30081 demos 30300 Gitea service path Raspberry Pi 192.168.100.89 arm64 Kubernetes worker website-production pods demos-static and lab apps Local registry :30500 php-website and demos-static pulled by arm64 workloads push workflow scan build apply validated Git sync apps secure tunnel service traffic image pulls

    $activityKey): ?>