Skip to content

Overview

Self-hosted applications running on the noah Kubernetes cluster, organized into categories and deployed via Flux CD GitOps.

Deployment model

All apps are defined as Flux HelmRelease or raw Kubernetes manifests under flux/apps/noah/. Secrets are synced from Vault via the ExternalSecrets operator. Image updates are automated via Flux image policies.

By the numbers

Ecosystem map

graph TB
    subgraph Media["Media"]
        JF[Jellyfin]
        EM[Emby]
        AB[Audiobookshelf]
        KV[Kavita]
        MF[Miniflux]
        QBT[qBittorrent]
        ARR["*arr Suite\nSonarr · Radarr\nLidarr · Bazarr\nProwlarr · Shelfarr"]
        SR[Seerr / Jellyseerr]
        PF[Pinchflat]
        TR[Tracearr]
    end

    subgraph AI["AI"]
        OW[Open WebUI]
        LA[LocalAI]
        LT[LibreTranslate]
        FW[Faster-Whisper]
        N8[n8n]
    end

    subgraph Home["Home"]
        HA[Home Assistant]
        AL[AdventureLog]
        BB[BamBuddy]
        SM[Spoolman]
        WP[Wire-pod\nAnki Vector]
    end

    subgraph Games["Games"]
        MC[Minecraft]
        CS[CS2]
    end

    subgraph Finance["Finance"]
        ACT[Actual Budget]
    end

    subgraph Bots["Bots"]
        SA[Seerr Approver]
        PP[PikPak Downloader]
        PG[TC Photo Grabber]
        JL[Jellyfin Librarian]
        WD[Woot Deal Bot]
    end

    SR -->|requests| JF
    SR -->|requests| EM
    SA -->|approves via Telegram| SR
    JL -->|sets library policy| JF
    JF -->|AuthenticationSuccess| JL
    ARR -->|downloads| QBT
    OW -->|inference| LA
    OW -->|transcription| FW
    N8 -->|workflow| HA
    BB -->|filament inventory| SM
Hold "Alt" / "Option" to enable pan & zoom

Media

App URL Description
Jellyfin jellyfin.hdhomelab.com Primary media server; GPU-accelerated on worker-0a
Emby Secondary media server sharing the same media volume
Audiobookshelf Audiobook and podcast streaming
Kavita Manga and ebook reader
App URL Description
Jellyseerr Media request portal — integrates with Radarr & Sonarr
Seerr Alternative request portal
Miniflux miniflux.hdhomelab.com Lightweight RSS feed reader with Authentik SSO
App Description
Sonarr TV series management and monitoring
Radarr Movie collection management
Lidarr Music collection management
Bazarr Subtitle automation for Sonarr/Radarr
Prowlarr Indexer aggregator for the *arr suite
Shelfarr Book automation
Tracearr Music addition tracking
qBittorrent Torrent client (VPN-enabled variant available)
Pinchflat YouTube channel mirroring and archiving

Storage note

Jellyfin and Emby share the emby-media PVC. All config volumes use local-path storage for SQLite performance — see SQLite on Local Path.

AI

App URL Description
Open WebUI openwebui.hdhomelab.com Chat interface — connects to Ollama for LLM inference
LocalAI localai.hdhomelab.com Local inference server; auto-loads Whisper-small on startup
App Description
Faster-Whisper High-performance speech-to-text
LibreTranslate Self-hosted translation API (10 languages)
App URL Description
n8n n8n.hdhomelab.com Workflow automation; PostgreSQL backend; Prometheus metrics

Resource requirements

Open WebUI is the most memory-hungry AI app — 2 GiB requested, 3 GiB limit. All AI workloads are scheduled on nodes with sufficient RAM headroom.

Home

App URL Description
Home Assistant ha.hdhomelab.com Central home automation hub with Mosquitto MQTT, ESPHome, Node-RED, Ring MQTT
AdventureLog Activity and adventure logging; dual server+database deployment
BamBuddy bambuddy.hdhomelab.com Bambu Lab printer management; slicer API sidecars, Spoolman filament tracking, Authentik OIDC
Spoolman Filament inventory backend; PostgreSQL; integrated into BamBuddy UI
Wire-pod wirepod.hdhomelab.com Self-hosted Anki Vector robot server; replaces defunct DDL cloud

Games

Two server instances managed by the itzg/minecraft Helm chart:

Instance Description
ittakestwo Modded Fabric server with BlueMap visualiser
mtbay Dedicated instance

Both servers include:

  • 4-hour world backups to PVC
  • Prometheus metrics via mc-monitor sidecar
  • PostgreSQL driver for advanced stats
  • BlueMap web map at a dedicated service port

Counter-Strike 2 dedicated server with:

  • RCON management via Helm-deployed web interface
  • A2S exporter sidecar for Prometheus metrics
  • FileBrowser for server file management
  • rsync CronJob for map/config backups

Finance

App URL Description
Actual Budget actual.hdhomelab.com Local-first personal finance tracker; Authentik OIDC; SQLite backend

Bots

App Description
Seerr Approver Telegram bot that approves media requests from Jellyseerr/Seerr
PikPak Downloader Automated cloud storage download bot
TC Photo Grabber Photo collection automation bot
Jellyfin Librarian Webhook handler that sets Jellyfin library permissions from Authentik user attributes
Woot Deal Bot Multi-tenant Telegram bot that watches Woot.com for deals matching user-defined keywords

Misc

App URL Description
Stirling PDF stirling.hdhomelab.com Full-featured PDF manipulation suite; Prometheus metrics
Docs Site doc.hdhomelab.com This documentation site

Common patterns

graph LR
    subgraph "Typical app stack"
        D[Deployment] --> S[Service]
        S --> R[HTTPRoute / Ingress]
        D --> PVC[PersistentVolumeClaim]
        D --> ES[ExternalSecret]
        ES --> V[(Vault)]
        R --> GW[Gateway\n192.168.71.241]
    end
Hold "Alt" / "Option" to enable pan & zoom

Key patterns used across apps

  • Secrets — ExternalSecrets operator pulls from Vault; never stored in Git
  • Storagelocal-path for SQLite apps, synology-csi for shared media volumes
  • Auth — Authentik OIDC for web-facing apps (Miniflux, Actual Budget, and others)
  • Image automation — Flux ImagePolicy + ImageUpdateAutomation for selected apps
  • Observability — Prometheus scrape annotations on deployments; metrics visible in Grafana