# Kubernetes deployments
We use [Kubenix](https://kubenix.org/) to write Kubernetes deployments in Nix!
## Images used
Legend:
- ✨: Image built with Nix (including
[NixNG](https://github.com/nix-community/NixNG))
- ✅: Official image or trusted publisher
- 🫤: Unofficial image
| Status | Image | Comments |
| ------ | ---------------------------------------------- | --------------------------------------------------------- |
| ✨ | `nixng-blog` | |
| ✨ | `nixng-dnsmasq` | |
| ✨ | `nixng-attic` | |
| ✨ | `nixng-ntfy-sh` | |
| ✨ | `nixng-radicale` | |
| ✨ | `nixng-jellyseerr` | |
| ✨ | `nixng-radarr` | |
| ✨ | `nixng-sonarr` | |
| ✨ | `nixng-bazarr` | |
| ✨ | `nixng-prowlarr` | |
| ✨ | `nixng-deluge` | |
| ✨ | `nixng-mealie` | |
| ✨ | `nixng-atuin` | |
| ✅ | `jellyfin/jellyfin` | |
| ✅ | `postgres:14` | Database for Atuin |
| ✅ | `ghcr.io/paperless-ngx/paperless-ngx` | |
| ✅ | `docker.io/library/redis:7` | Database for Paperless-ngx |
| ✅ | `nextcloud` | |
| ✅ | `postgres:15` | Database for Attic, Nextcloud, Paperless-ngx and Hedgedoc |
| ✅ | `inbucket/inbucket` | |
| ✅ | `lscr.io/linuxserver/syncthing` | |
| ✅ | `codeberg.org/forgejo/forgejo` | |
| ✅ | `pihole/pihole` | |
| ✅ | `ghcr.io/immich-app/immich-server` | |
| ✅ | `ghcr.io/immich-app/immich-machine-learning` | |
| ✅ | `docker.io/redis:6.2-alpine` | Database for Immich |
| ✅ | `docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0` | Database for Immich |
| ✅ | `tombursch/kitchenowl` | |
| ✅ | `freshrss/freshrss` | |
| ✅ | `ubuntu/bind9` | |
| ✅ | `quay.io/hedgedoc/hedgedoc` | |
| 🫤 | `itzg/minecraft-server` | |
| 🫤 | `teddysun/kms` | |
| 🫤 | `mpepping/cyberchef` | |
## Acknowledgements
- [dns.nix](https://github.com/kirelagin/dns.nix): A Nix DSL for defining DNS
zones
- [flake-utils](https://github.com/numtide/flake-utils): Handy utilities to
develop Nix flakes
- [kubenix](https://kubenix.org/): Declare and deploy Kubernetes resources using
Nix
- [nixhelm](https://github.com/farcaller/nixhelm): Nix-digestible Helm charts
- [sops-nix](https://github.com/Mic92/sops-nix): Sops secret management for Nix
## Prerequisites
To deploy to the Kubernetes cluster, first make sure you have an admin account
on the cluster. You can generate this using
`nix run '.#gen-k3s-cert' <username> <servername> ~/.kube`, assuming you have
SSH access to the master node. This puts a private key, signed certificate and a
kubeconfig in the kubeconfig directory
## Bootstrapping
We are now ready to deploy to the Kubernetes cluster. Deployments are done
through an experimental Kubernetes feature called
[ApplySets](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-delete-objects).
Each applyset is responsible for a set number of resources within a namespace.
If the cluster has not been initialized yet, we must bootstrap it first. Run
these deployments:
- `nix run '.#bootstrap-default-deploy'`
- `nix run '.#bootstrap-kube-system-deploy'`
## Deployment
Now the cluster has been initialized and we can deploy applications. To explore
which applications we can deploy, run `nix flake show`. Then, for each
application, run `nix run '.#<application>-deploy'`. Or, if you're lazy:
`nix flake show --json | jq -r '.packages."x86_64-linux"|keys[]' | grep -- -deploy | xargs -I{} nix run ".#{}"`.