Building a Kubernetes Homelab with Talos Linux, Flux GitOps, and Intel Arc GPU Transcoding

Overview

This series documents my journey rebuilding my home infrastructure from scratch using modern tools and practices. If you're looking to build a homelab with Kubernetes, GPU-accelerated media streaming, and secure remote access, this guide is for you.


Tip:	See v1.0.0 for the complete repository. Each article links to its corresponding milestone tag.

Before You Begin

Prerequisites

Before starting, you should have:

Linux/Unix experience: Comfortable with command line
Kubernetes basics: Understanding of pods, services, deployments
Networking fundamentals: IP addresses, subnets, DNS
Git familiarity: Version control basics

You don't need to be an expert, but you should be willing to learn and troubleshoot.

What We're Setting Up

A complete home lab infrastructure featuring:

Kubernetes Cluster: 3-node cluster running Talos Linux¹ (immutable, secure, API-driven)
Media Server: Plex with Intel Arc GPU hardware transcoding
VPN Access: Tailscale² mesh network for secure remote access
Game Servers: Minecraft & Factorio accessible via playit.gg tunnels
Infrastructure as Code: Everything version-controlled and reproducible

Why This Approach

Infrastructure as Code First: Every configuration is in Git. If something breaks, you can rebuild from scratch in hours, not days.

Security by Default: Talos Linux has no SSH access and minimal attack surface. Tailscale provides zero-trust networking.

GPU Acceleration: Intel Arc 140T enables multiple simultaneous Plex streams with hardware transcoding.

Distributed Storage: Longhorn³ provides replicated block storage across nodes - volumes follow workloads automatically.

GitOps with Flux: One bootstrap command, then all changes via Git. Flux⁴ pulls and applies HelmReleases automatically. Need to rebuild the cluster? Just bootstrap Flux again - everything else comes from Git.

Journey Documentation: This isn't prescriptive - it's documentation of my actual journey. Questions are explored, alternatives are considered, and decisions are explained with context. You'll see what worked, what didn't, and why.

What's Not In Scope

This series doesn't cover:

NAS storage for bulk media (UNAS Pro or similar)
Public exposure via self-hosted tunnels (frp, Cloudflare Tunnel)

If exposing services publicly, implement network hardening (VLAN segmentation) first.

Follow the Series

Follow these articles in order to build your own home lab:

Phase 1: Physical Setup (requires being on-site)

GEEKOM Mini PC Cluster Hardware - Hardware specifications
UniFi Flat Network Setup - Network topology and UniFi configuration
Talos Linux USB Installation - Install Talos on nodes (boot from USB)
SOPS and Age GitOps Secrets - Set up Git repository and SOPS encryption
Talhelper Cluster Bootstrap - Generate configs, bootstrap cluster

Phase 2: Remote Management (last steps on-site)

Flux CD Kubernetes GitOps - GitOps (push to deploy)
Tailscale Kubernetes Subnet Router - Full kubectl access ← Work remotely after this!

Phase 3: Infrastructure (can be done remotely)

MetalLB, Longhorn, and Ingress-NGINX - MetalLB, Ingress-NGINX, Longhorn
Intel Arc Kubernetes DRA - Intel Arc GPU passthrough

Phase 4: Applications (can be done remotely)

Plex Intel GPU Transcoding - Plex with GPU transcoding (hostPath)
Factorio Kubernetes Server - Factorio dedicated server
Minecraft Paper Server - Minecraft server (Paper)

Appendix: Reference & Troubleshooting

Talos Upgrade and Extensions - Updating Talos configuration
Talos Cluster Expansion and HA - Adding nodes to the cluster
Flux Helm Image Updates - Updating container images via GitOps
Tailscale ACL and Subnet Routes - Adding nodes to Tailscale routes
Tailscale High Availability - Tailscale HA with multiple replicas
Tailscale Mac Bastion Host - Mac Mini bastion for emergency access
Factorio playit.gg Public Access - Public tunnels for friends without Tailscale
Factorio Import Existing Save - Loading existing world saves
Factorio Security Hardening - User verification and impersonation prevention
Factorio Server Management - RCON, backups, mods, and diagnostics
Minecraft playit.gg Public Access - Public tunnels for friends without Tailscale
Minecraft Import Existing World - Loading existing world saves and plugins
Minecraft Bedrock Support - Cross-platform play with Geyser
Minecraft Server Management - RCON, whitelist, backups, and diagnostics

Getting Help

If you get stuck:

Consult official docs (Talos, Kubernetes, Flux, Tailscale)
Leave a comment on the article - I'll try to help
Ask in community forums (r/homelab, r/kubernetes, Talos Slack)

What's Next?

Ready to begin? Start with the hardware overview.

See: GEEKOM Mini PC Cluster Hardware

Resources

Sidero Labs, "Talos Linux," talos.dev. Accessed: Dec. 16, 2025. [Online]. Available: https://www.talos.dev/ ↩
Tailscale, "Tailscale," tailscale.com. Accessed: Dec. 16, 2025. [Online]. Available: https://tailscale.com/ ↩
Longhorn, "Longhorn - Cloud native distributed block storage for Kubernetes," longhorn.io. Accessed: Dec. 16, 2025. [Online]. Available: https://longhorn.io/ ↩
Flux CD, "Flux - the GitOps family of projects," fluxcd.io. Accessed: Dec. 16, 2025. [Online]. Available: https://fluxcd.io/ ↩