Deploying Services
Demi can deploy any container image. Just describe what you want and she'll figure out the right image, ports, volumes, and environment variables.
Basic Deploy
You: deploy nginx on port 9000
Demi: Here's the plan:
- Container: nginx
- Image: docker.io/library/nginx:latest
- Port: 9000 -> 80
- Volume: /srv/nginx/html:/usr/share/nginx/html
- Firewall: open 9000
Ready to proceed, or want to change anything?
You: yes
Demi: Nginx is live on port 9000.
How It Works
Under the hood, Demi:
- Adds a container declaration to
/etc/nixos/configuration.nix - Opens the firewall port
- Runs
nixos-rebuild switchto apply the changes - Verifies the container is running
All containers are managed declaratively through NixOS, so your system state is always reproducible and rollbackable.
Volume Mounts
All container data goes under /srv/<container-name>/. Demi creates these directories automatically.
/srv/nginx/htmlfor nginx web files/srv/postgres/datafor database storage/srv/minecraft/datafor world saves
Researching Before Deploying
If you're not sure about an image, ask Demi to look it up:
You: search docker hub for a password manager
Demi: ★ registry (action=search, query=password manager)
Docker Hub results for 'password manager':
vaultwarden/server (2,450★, 100M+ pulls)
...
You: look up vaultwarden
Demi: ★ registry (action=info, query=vaultwarden/server)
Exposed ports: 80/tcp
Volumes: /data
...
You: deploy it on port 8000
Demi: Here's the plan: ...
Known Images
Demi knows the correct images for common homelab services and will use them automatically. For unfamiliar services, she'll check the service_templates or registry tools first.
Security
Demi follows security best practices by default:
- Flags default passwords and tells you to change them
- Warns about exposing databases or sensitive services to the internet
- Suggests reverse proxies for public-facing services
- Uses non-root container users when supported
- Mounts read-only volumes when the container only needs to read data