Master service inventory for the k3s homelab. Organized by category with namespace, URLs, authentication method, and links to detailed pages.
Authority: Manifests in
kubernetes/apps/<namespace>/are the authoritative source. This page is a navigational index — see individual service pages for full configuration details.
| Service | Namespace | External URL | Internal URL | Auth | Detail Page |
|---|---|---|---|---|---|
| Open WebUI (Strommen AI) | open-webui |
https://chat.k3s.strommen.systems | https://chat.k3s.internal.strommen.systems | Authentik forwardAuth — app-openclaw group |
Open WebUI |
| LiteLLM Proxy | open-webui |
— | http://litellm.open-webui:4000 | LiteLLM master key | Open WebUI |
| OpenClaw Gateway | open-webui |
— | https://openclaw.k3s.internal.strommen.systems | None (LAN) | OpenClaw |
| OpenClaw Ops Agent | openclaw-ops |
— | ClusterIP only | None (internal) | OpenClaw |
| OpenClaw Personal Agent | openclaw-personal |
— | ClusterIP only | None (internal) | OpenClaw |
| Steve Lee Static Site | open-webui |
https://steve-lee.k3s.strommen.systems | — | None (public, open) | Steve Lee |
| RAG Platform (Qdrant) | rag |
— | qdrant.rag.svc.cluster.local:6333 | None (ClusterIP) | RAG Platform |
| Job | Schedule | Purpose |
|---|---|---|
| morning-mood-boost | Daily 11:00 UTC | Fetches real news, posts good-news brief to OpenClaw |
| aws-daily-brief | Daily 13:00 UTC | AWS cost & usage summary → Slack |
| aws-weekly-deep-dive | Mondays 13:00 UTC | Detailed weekly AWS analysis → Slack |
| nightly-wiki-review | Daily 04:30 UTC | Wiki documentation validation → Slack |
| etsy-scraper | On-demand Job | Scrapes Etsy shop stonewarearts for listing data |
| Service | Namespace | External URL | Internal URL | Auth | Detail Page |
|---|---|---|---|---|---|
| Jellyfin | media |
https://jellyfin.k3s.strommen.systems | — | Jellyfin native auth | Jellyfin |
| Plex | media |
https://plex.k3s.strommen.systems | — | Plex account auth | Plex |
| Jellyseerr | media |
https://jellyseerr.k3s.strommen.systems | — | Authentik forwardAuth | Jellyseerr |
| Radarr | media |
https://radarr.k3s.strommen.systems | — | Authentik forwardAuth | Radarr |
| Sonarr | media |
https://sonarr.k3s.strommen.systems | — | Authentik forwardAuth | Sonarr |
| Prowlarr | media |
https://prowlarr.k3s.strommen.systems | — | Authentik forwardAuth | Prowlarr |
| Bazarr | media |
https://bazarr.k3s.strommen.systems | — | Authentik forwardAuth | Bazarr |
| Tdarr | media |
https://tdarr.k3s.strommen.systems | — | Authentik forwardAuth | Tdarr |
| qBittorrent | media |
— | Internal only | None (LAN) | qBittorrent |
| Media Controller | media |
https://media-controller.k3s.strommen.systems | — | Authentik forwardAuth | Media Controller |
| Media Profiler | media-profiler |
https://media-profiler.k3s.strommen.systems | https://media-profiler.k3s.internal.strommen.systems | oauth2-proxy (any @gmail.com) / none (internal) | Media Profiler |
| Seedbox Sync | media |
— | CronJob (every 4h) | — | Seedbox Sync |
See Media Stack for the full stack overview, NAS architecture, and GPU configuration.
| Service | Namespace | External URL | Internal URL | Auth | Detail Page |
|---|---|---|---|---|---|
| HAM Habit Tracker | ham |
https://ham.k3s.strommen.systems | https://ham.k3s.internal.strommen.systems | Authentik forwardAuth (external) / none (internal) | HAM |
| Cardboard TCG Tracker | cardboard |
— | https://cardboard.k3s.internal.strommen.systems | Authentik Proxy — owner-only expression policy | Cardboard |
| Trade Bot | trade-bot |
— | https://trade-bot.k3s.internal.strommen.systems | None (internal only) | Trade Bot |
| D&D Multiplayer Platform | dnd |
— | https://dnd.k3s.internal.strommen.systems | Google OAuth2 + Discord OAuth2 (native) | D&D Platform |
| Auto Brand (AI Video) | auto-brand |
https://auto-brand.k3s.strommen.systems | https://auto-brand.k3s.internal.strommen.systems | Authentik forwardAuth (external) / none (internal) | Auto Brand |
| Digital Signage | digital-signage |
— | https://ds.k3s.internal.strommen.systems | Authentik forwardAuth | Digital Signage |
| Polymarket Lab | polymarket-lab |
— | No web UI | N/A | Polymarket Lab |
| Aja Recipes | aja-recipes |
— | https://recipes.k3s.internal.strommen.systems | None (LAN) | Aja Recipes |
| AWS Lens | aws-lens |
— | https://aws-lens.k3s.internal.strommen.systems | None (internal) | AWS Lens |
| Cat Game | cat-game |
TBD | TBD | TBD | Cat Game |
| OpenDonor | — | — | Not deployed here | — | OpenDonor |
| HMB | — | — | Not deployed here | — | HMB |
| Cluster Health Monitor | cluster-health-monitor |
— | — | Internal | Cluster Health Monitor |
| Service | Namespace | URL | Auth | Detail Page |
|---|---|---|---|---|
| Authentik SSO | authentik |
https://auth.k3s.strommen.systems | Authentik admin | Authentik |
| Grafana | monitoring |
https://grafana.k3s.internal.strommen.systems | Authentik OIDC | Observability Stack |
| Prometheus | monitoring |
https://prometheus.k3s.internal.strommen.systems | None (LAN) | Observability Stack |
| AlertManager | monitoring |
https://alertmanager.k3s.internal.strommen.systems | None (LAN) | Observability Stack |
| Harbor Registry | harbor |
https://harbor.k3s.internal.strommen.systems | Authentik OIDC | Harbor Registry |
| Gitea | gitea |
https://gitea.k3s.internal.strommen.systems | Authentik OIDC | Gitea |
| Wiki.js | wiki |
https://wiki.k3s.internal.strommen.systems | Authentik OIDC | Wiki.js |
| Home Assistant | home-assistant |
https://ha.k3s.strommen.systems | HA native auth | Home Assistant |
| Longhorn UI | longhorn-system |
https://longhorn.k3s.internal.strommen.systems | None (LAN) | — |
| GHA Dashboard | gha-dashboard |
https://gha.k3s.internal.strommen.systems | None (LAN) | GHA Dashboard |
| Cluster Dashboard | default |
https://dash.k3s.strommen.systems | Authentik forwardAuth | Cluster Dashboard |
| Jupyter Notebook | jupyter |
https://jupyter.k3s.internal.strommen.systems | Token auth (jupyter-token secret) | Jupyter |
| Alert Responder | alert-responder |
— | Webhook (AlertManager) | Alert Responder |
| Proxmox Watchdog | proxmox-watchdog |
— | ClusterIP (:8000 metrics) | Proxmox Watchdog |
| kube-utils (honeypot) | kube-utils |
MetalLB IP (auto-assigned) | N/A | kube-utils |
| Velero | velero |
— | ClusterIP | Backup & Recovery |
| AWS Lens | aws-lens |
https://aws-lens.k3s.internal.strommen.systems | None (internal) | AWS Lens |
| Service | Namespace | Address | Purpose | Detail Page |
|---|---|---|---|---|
| WireGuard (collective mesh) | systemd on k3s-server-1 | UDP 51821 | Encrypted VPN mesh for tech collective peers | WireGuard Mesh |
| ProtonVPN Gateway | protonvpn |
http://protonvpn-gateway.protonvpn:8888 / socks5://...:8388 | Shared cluster VPN exit node via gluetun | ProtonVPN Gateway |
| Email Gateway | email-gateway |
smtp.email-gateway.svc.cluster.local:587 | Postfix relay → AWS SES for cluster outbound mail | Email Gateway |
| MetalLB | metallb-system |
Pool: 192.168.20.200–220 | L2 LoadBalancer for external service IPs | — |
| Mosquitto MQTT | digital-signage |
MetalLB 192.168.20.203:1883 | MQTT broker for Raspberry Pi kiosks | Digital Signage |
| Service | Namespace | Purpose | Detail Page |
|---|---|---|---|
| ARC Runner Scale Set (k3s-runner-v2) | arc-runner-system |
8× amd64 self-hosted GitHub Actions runners | CI/CD Pipeline |
| ARC Actions Cache | actions-cache |
Shared cache for GitHub Actions workflows | — |
| Harbor (build registry) | harbor |
Staging → production image promotion via Trivy scan | Harbor Registry |
| Gitea (package registry) | gitea |
PyPI/npm/Maven/Go/generic package hosting | Gitea |
| Service | Namespace | Port | Purpose |
|---|---|---|---|
| node-exporter | all nodes | 9100 | System metrics (CPU, memory, disk, network) |
| kube-state-metrics | kube-system |
8080 | Kubernetes object state metrics |
| pve-exporter | monitoring |
9221 | Proxmox VE metrics (VMs, nodes, storage) |
| unifi-poller | monitoring |
9130 | UDM Pro device/client/WAN metrics |
| anthropic-cost-exporter | monitoring |
9091 | Anthropic API spend (monthly + per-model) |
| openrouter-cost-exporter | monitoring |
9092 | OpenRouter credit balance + per-model spend |
| aws-cost-exporter | monitoring |
9090 | AWS billing (MTD + 14-day daily history) |
| github-exporter | monitoring |
9171 | GitHub repo metrics (zolty-mat org) |
| github-org-exporter | monitoring |
9172 | GitHub org membership metrics |
| nas-exporter | media |
9355 | NFS health + volume usage + media item counts |
| seedbox-exporter | media |
9354 | rTorrent stats, SFTP health, disk usage |
| wireguard-exporter | monitoring |
9586 | WireGuard peer stats (handshake age, bytes) |
| intel-gpu-exporter | kube-system |
— | Intel UHD 630 GPU metrics (k3s-agent-4) |
| Symbol | Meaning |
|---|---|
| — (URL column) | No web UI / internal ClusterIP only |
| TBD | Service namespace reserved, not yet deployed |
| replicas: 0 | Scaffolded, not running |
| Not deployed here | App has no manifests in this repo — managed externally |