From 00338266e07e674074428b9470a6e041f90b2db7 Mon Sep 17 00:00:00 2001 From: Harivansh Rathi Date: Thu, 16 Apr 2026 02:30:13 +0000 Subject: [PATCH] feat: self-host delta at delta.harivan.sh Add delta systemd service on port 3300 with nginx reverse proxy, ACME SSL, and WebAuthn/OAuth env config. Also update README with current service list. --- README.md | 6 +++-- hosts/netty/configuration.nix | 1 + hosts/netty/delta.nix | 48 +++++++++++++++++++++++++++++++++++ hosts/netty/nginx.nix | 10 ++++++++ 4 files changed, 63 insertions(+), 2 deletions(-) create mode 100644 hosts/netty/delta.nix diff --git a/README.md b/README.md index 7d8b9a1..6a83494 100644 --- a/README.md +++ b/README.md @@ -27,12 +27,14 @@ Global agent skills are installed declaratively using skills.sh and only resync Secrets live in Bitwarden and are rendered at activation time using cli Deployment is `just switch` for the laptop and `just switch-netty` for the server. -All PRs auto-merge on creation if tests pass +All PRs auto-merge The KVM has a declarative service bundle: - netty exposes 3 tcp ports (22:ssh, 80:http, 443:https) - services only listen on 127.0.0.1 (runs behind nginx with ACME) - Self hosts Forgejo mirroring to GitHub (git.harivan.sh) +- Diff-kit (diffs.harivan.sh) - Self hosts VaultWarden - betterNAS control-plane and node agent (api.betternas.com) -- OpenClaw gateway behind nginx (netty.harivan.sh) +- Hermes agent (netty.harivan.sh) +- Delta (delta.harivan.sh) diff --git a/hosts/netty/configuration.nix b/hosts/netty/configuration.nix index 3af1a4a..53dba09 100644 --- a/hosts/netty/configuration.nix +++ b/hosts/netty/configuration.nix @@ -18,6 +18,7 @@ in ./vaultwarden.nix ./forgejo.nix ./diffkit.nix + ./delta.nix ./betternas.nix ./hermes-gateway.nix ./forgejo-runner.nix diff --git a/hosts/netty/delta.nix b/hosts/netty/delta.nix new file mode 100644 index 0000000..d6dbec0 --- /dev/null +++ b/hosts/netty/delta.nix @@ -0,0 +1,48 @@ +{ + pkgs, + username, + ... +}: +let + deltaPort = "3300"; + stateDir = "/var/lib/delta"; + repoDir = "/home/${username}/Documents/GitHub/delta"; + envFile = "${stateDir}/delta.env"; + dbPath = "${stateDir}/data.db"; +in +{ + systemd.tmpfiles.rules = [ + "d ${stateDir} 0750 ${username} users -" + "z ${envFile} 0600 ${username} users -" + ]; + + systemd.services.delta = { + description = "Delta - Self-hosted Todo Platform"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { + NODE_ENV = "production"; + HOSTNAME = "127.0.0.1"; + PORT = deltaPort; + DATABASE_URL = dbPath; + OAUTH_REDIRECT_BASE_URL = "https://delta.harivan.sh"; + WEBAUTHN_ORIGIN = "https://delta.harivan.sh"; + WEBAUTHN_RP_ID = "delta.harivan.sh"; + }; + + path = [ pkgs.nodejs_22 ]; + + serviceConfig = { + Type = "simple"; + User = username; + Group = "users"; + WorkingDirectory = repoDir; + ExecStart = "${repoDir}/node_modules/.bin/next start --port ${deltaPort} --hostname 127.0.0.1"; + EnvironmentFile = "-${envFile}"; + Restart = "on-failure"; + RestartSec = 5; + }; + }; +} diff --git a/hosts/netty/nginx.nix b/hosts/netty/nginx.nix index a2c556a..e4068f8 100644 --- a/hosts/netty/nginx.nix +++ b/hosts/netty/nginx.nix @@ -7,6 +7,7 @@ let vaultDomain = "vault.harivan.sh"; betternasDomain = "api.betternas.com"; diffkitDomain = "diffs.harivan.sh"; + deltaDomain = "delta.harivan.sh"; in { security.acme = { @@ -53,6 +54,15 @@ in }; }; + virtualHosts.${deltaDomain} = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3300"; + proxyWebsockets = true; + }; + }; + virtualHosts.${betternasDomain} = { enableACME = true; forceSSL = true;