diff --git a/README.md b/README.md index 19e76c3..b0211b5 100644 --- a/README.md +++ b/README.md @@ -5,74 +5,84 @@ We use [Kubenix](https://kubenix.org/) to write Kubernetes deployments in Nix! ## Images used Legend: -- ✨: Image built with Nix (including [NixNG](https://github.com/nix-community/NixNG)) + +- ✨: Image built with Nix (including + [NixNG](https://github.com/nix-community/NixNG)) - ✅: Official image or trusted publisher - 🫤: Unofficial image -| Status | Image | Comments | -| --- | --- | --- | -| ✨ | `nixng-blog` | | -| ✨ | `nixng-dnsmasq` | | -| ✨ | `nixng-attic` | | -| ✨ | `nixng-ntfy-sh` | | -| ✨ | `nixng-radicale` | | -| ✨ | `nixng-jellyseerr` | | -| ✨ | `nixng-radarr` | | -| ✨ | `nixng-sonarr` | | -| ✨ | `nixng-bazarr` | | -| ✨ | `nixng-prowlarr` | | -| ✅ | `jellyfin/jellyfin` | | -| ✅ | `linuxserver/deluge` | | -| ✅ | `ghcr.io/atuinsh/atuin` | | -| ✅ | `postgres:14` | Database for Atuin | -| ✅ | `ghcr.io/paperless-ngx/paperless-ngx` | | -| ✅ | `docker.io/library/redis:7` | Database for Paperless-ngx | -| ✅ | `nextcloud` | | -| ✅ | `postgres:15` | Database for Attic, Nextcloud, Paperless-ngx and Hedgedoc | -| ✅ | `inbucket/inbucket` | | -| ✅ | `lscr.io/linuxserver/syncthing` | | -| ✅ | `codeberg.org/forgejo/forgejo` | | -| ✅ | `pihole/pihole` | | -| ✅ | `ghcr.io/immich-app/immich-server` | | -| ✅ | `ghcr.io/immich-app/immich-machine-learning` | | -| ✅ | `docker.io/redis:6.2-alpine` | Database for Immich | -| ✅ | `docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0` | Database for Immich | -| ✅ | `tombursch/kitchenowl` | | -| ✅ | `freshrss/freshrss` | | -| ✅ | `ubuntu/bind9` | | -| ✅ | `quay.io/hedgedoc/hedgedoc` | | -| 🫤 | `itzg/minecraft-server` | | -| 🫤 | `teddysun/kms` | | -| 🫤 | `mpepping/cyberchef` | | +| Status | Image | Comments | +| ------ | ---------------------------------------------- | --------------------------------------------------------- | +| ✨ | `nixng-blog` | | +| ✨ | `nixng-dnsmasq` | | +| ✨ | `nixng-attic` | | +| ✨ | `nixng-ntfy-sh` | | +| ✨ | `nixng-radicale` | | +| ✨ | `nixng-jellyseerr` | | +| ✨ | `nixng-radarr` | | +| ✨ | `nixng-sonarr` | | +| ✨ | `nixng-bazarr` | | +| ✨ | `nixng-prowlarr` | | +| ✨ | `nixng-deluge` | | +| ✨ | `nixng-mealie` | | +| ✅ | `jellyfin/jellyfin` | | +| ✅ | `ghcr.io/atuinsh/atuin` | | +| ✅ | `postgres:14` | Database for Atuin | +| ✅ | `ghcr.io/paperless-ngx/paperless-ngx` | | +| ✅ | `docker.io/library/redis:7` | Database for Paperless-ngx | +| ✅ | `nextcloud` | | +| ✅ | `postgres:15` | Database for Attic, Nextcloud, Paperless-ngx and Hedgedoc | +| ✅ | `inbucket/inbucket` | | +| ✅ | `lscr.io/linuxserver/syncthing` | | +| ✅ | `codeberg.org/forgejo/forgejo` | | +| ✅ | `pihole/pihole` | | +| ✅ | `ghcr.io/immich-app/immich-server` | | +| ✅ | `ghcr.io/immich-app/immich-machine-learning` | | +| ✅ | `docker.io/redis:6.2-alpine` | Database for Immich | +| ✅ | `docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0` | Database for Immich | +| ✅ | `tombursch/kitchenowl` | | +| ✅ | `freshrss/freshrss` | | +| ✅ | `ubuntu/bind9` | | +| ✅ | `quay.io/hedgedoc/hedgedoc` | | +| 🫤 | `itzg/minecraft-server` | | +| 🫤 | `teddysun/kms` | | +| 🫤 | `mpepping/cyberchef` | | ## Acknowledgements -- [dns.nix](https://github.com/kirelagin/dns.nix): A Nix DSL for defining DNS zones -- [flake-utils](https://github.com/numtide/flake-utils): Handy utilities to develop Nix flakes -- [kubenix](https://kubenix.org/): Declare and deploy Kubernetes resources using Nix +- [dns.nix](https://github.com/kirelagin/dns.nix): A Nix DSL for defining DNS + zones +- [flake-utils](https://github.com/numtide/flake-utils): Handy utilities to + develop Nix flakes +- [kubenix](https://kubenix.org/): Declare and deploy Kubernetes resources using + Nix - [nixhelm](https://github.com/farcaller/nixhelm): Nix-digestible Helm charts - [sops-nix](https://github.com/Mic92/sops-nix): Sops secret management for Nix ## Prerequisites -To deploy to the Kubernetes cluster, first make sure you have an admin account on the cluster. -You can generate this using `nix run '.#gen-k3s-cert' ~/.kube`, assuming you have SSH access to the master node. -This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory +To deploy to the Kubernetes cluster, first make sure you have an admin account +on the cluster. You can generate this using +`nix run '.#gen-k3s-cert' ~/.kube`, assuming you have +SSH access to the master node. This puts a private key, signed certificate and a +kubeconfig in the kubeconfig directory ## Bootstrapping -We are now ready to deploy to the Kubernetes cluster. -Deployments are done through an experimental Kubernetes feature called [ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects). +We are now ready to deploy to the Kubernetes cluster. Deployments are done +through an experimental Kubernetes feature called +[ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects). Each applyset is responsible for a set number of resources within a namespace. -If the cluster has not been initialized yet, we must bootstrap it first. -Run these deployments: +If the cluster has not been initialized yet, we must bootstrap it first. Run +these deployments: + - `nix run '.#bootstrap-default-deploy'` - `nix run '.#bootstrap-kube-system-deploy'` ## Deployment -Now the cluster has been initialized and we can deploy applications. -To explore which applications we can deploy, run `nix flake show`. -Then, for each application, run `nix run '.#-deploy'`. -Or, if you're lazy: `nix flake show --json | jq -r '.packages."x86_64-linux"|keys[]' | grep -- -deploy | xargs -I{} nix run ".#{}"`. +Now the cluster has been initialized and we can deploy applications. To explore +which applications we can deploy, run `nix flake show`. Then, for each +application, run `nix run '.#-deploy'`. Or, if you're lazy: +`nix flake show --json | jq -r '.packages."x86_64-linux"|keys[]' | grep -- -deploy | xargs -I{} nix run ".#{}"`.