No description
Find a file
2025-01-03 21:35:28 +01:00
docs Add docs on Deluge setup 2024-12-08 14:11:54 +01:00
modules Build blog image with NixNG 2024-12-31 11:30:16 +01:00
nixng-configurations Use Prowlarr from nixpkgs master branch 2025-01-03 21:35:28 +01:00
scripts Format repo 2024-10-28 16:05:06 +01:00
.envrc Add formatting pre-commit hook 2024-10-28 16:08:07 +01:00
.gitignore Build Dnsmasq with nix-snapshotter 2024-12-19 20:34:55 +01:00
.sops.yaml Init 2024-09-07 12:35:02 +02:00
applyset-deploy.sh Exclude kubenix hashes in manifest diff 2024-10-17 21:01:12 +02:00
deployments.nix Init 2024-09-07 12:35:02 +02:00
flake.lock Use Prowlarr from nixpkgs master branch 2025-01-03 21:35:28 +01:00
flake.nix Use Prowlarr from nixpkgs master branch 2025-01-03 21:35:28 +01:00
formatter.nix Update git-hooks 2024-10-30 21:19:13 +01:00
globals.nix Remove unused docker images 2024-12-31 12:04:21 +01:00
kubenix.nix Build blog image with NixNG 2024-12-31 11:30:16 +01:00
README.md Build blog image with NixNG 2024-12-31 11:30:16 +01:00
secrets.yml Change Tailscale oauth credentials 2024-12-01 14:32:40 +01:00
shell.nix Add formatting pre-commit hook 2024-10-28 16:08:07 +01:00
treefmt.nix Add formatter 2024-10-28 16:03:01 +01:00
utils.nix Build all images with nix-snapshotter 2024-12-19 21:07:30 +01:00

Kubernetes deployments

We use Kubenix to write Kubernetes deployments in Nix!

Images used

Legend:

  • : Image built with Nix (including NixNG)
  • : Official image or trusted publisher
  • 🫤: Unofficial image
Status Image Comments
nixng-blog
nixng-dnsmasq
nixng-attic
nixng-ntfy-sh
nixng-radicale
nixng-jellyseerr
nixng-radarr
nixng-sonarr
nixng-bazarr
nixng-prowlarr
jellyfin/jellyfin
linuxserver/deluge
ghcr.io/atuinsh/atuin
postgres:14 Database for Atuin
ghcr.io/paperless-ngx/paperless-ngx
docker.io/library/redis:7 Database for Paperless-ngx
nextcloud
postgres:15 Database for Attic, Nextcloud, Paperless-ngx and Hedgedoc
inbucket/inbucket
lscr.io/linuxserver/syncthing
codeberg.org/forgejo/forgejo
pihole/pihole
ghcr.io/immich-app/immich-server
ghcr.io/immich-app/immich-machine-learning
docker.io/redis:6.2-alpine Database for Immich
docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0 Database for Immich
tombursch/kitchenowl
freshrss/freshrss
ubuntu/bind9
quay.io/hedgedoc/hedgedoc
🫤 itzg/minecraft-server
🫤 teddysun/kms
🫤 mpepping/cyberchef

Acknowledgements

  • dns.nix: A Nix DSL for defining DNS zones
  • flake-utils: Handy utilities to develop Nix flakes
  • kubenix: Declare and deploy Kubernetes resources using Nix
  • nixhelm: Nix-digestible Helm charts
  • sops-nix: Sops secret management for Nix

Prerequisites

To deploy to the Kubernetes cluster, first make sure you have an admin account on the cluster. You can generate this using nix run '.#gen-k3s-cert' <username> <servername> ~/.kube, assuming you have SSH access to the master node. This puts a private key, signed certificate and a kubeconfig in the kubeconfig directory

Bootstrapping

We are now ready to deploy to the Kubernetes cluster. Deployments are done through an experimental Kubernetes feature called ApplySets. Each applyset is responsible for a set number of resources within a namespace.

If the cluster has not been initialized yet, we must bootstrap it first. Run these deployments:

  • nix run '.#bootstrap-default-deploy'
  • nix run '.#bootstrap-kube-system-deploy'

Deployment

Now the cluster has been initialized and we can deploy applications. To explore which applications we can deploy, run nix flake show. Then, for each application, run nix run '.#<application>-deploy'. Or, if you're lazy: nix flake show --json | jq -r '.packages."x86_64-linux"|keys[]' | grep -- -deploy | xargs -I{} nix run ".#{}".