k3x.dev

k3x.dev / single-node k3s

REBUILDABLE HOME INFRA.

A living operations guide for building and maintaining the k3s-one single-node homelab stack on k3x.dev.

This guide follows the actual setup path: start with the architecture, bring up the edge and lab hosts, route traffic over Tailscale, publish DNS through Cloudflare and local overrides, then layer in Caddy, cert-manager, Flux, storage, backups, and day-two operations.

research scaffold

build path

Read these in order when standing the stack up. Each page maps to a real part of the repo or operating model.

  1. 10 Architecture The full k3s-one topology: edge VPS, Tailscale transport, HAProxy passthrough, and Caddy inside the cluster.
  2. 20 Bootstrap order The ordered path for standing up the VPS, lab node, Tailscale, k3s, Flux, and first service checks.
  3. 30 Tailscale routing How the edge VPS, lab node, exit-node behavior, and TCP forwarding fit together.
  4. 40 DNS and split horizon Cloudflare wildcard public DNS and local Blocky-style wildcard overrides for k3x.dev hostnames.
  5. 50 Flux GitOps Flux bootstrap notes and the raw-manifest/kustomize deployment model.
  6. 60 Storage The local-path storage default, future OpenEBS local PV option, and why Longhorn waits.
  7. 70 Backup and restore Restic-first backup plan, workload state contracts, evacuation priorities, and restore drill expectations.
  8. 80 Decision log Major architecture decisions and their tradeoffs.
  9. 90 Threat model Important assets, trust boundaries, risks, and hardening tasks.