split netty configuration.nix into per-service modules, remove sandbox-agent (#34)

Break the monolithic 495-line configuration.nix into focused modules: - forgejo.nix: Forgejo service, git user, mirror sync timer - betternas.nix: control-plane + node agent services - vaultwarden.nix: Vaultwarden service - nginx.nix: ACME + all Nginx virtualHosts Remove sandbox-agent entirely (service, CORS proxy, package). Keep netty.harivan.sh vhost reserved for future use.
2026-04-17 07:03:30 +00:00 · 2026-04-01 23:09:27 -04:00 · 2026-04-01 23:09:27 -04:00 · c3fb0fc358
commit c3fb0fc358
parent c97726766a
8 changed files with 297 additions and 4260 deletions
--- a/hosts/netty/betternas.nix
+++ b/hosts/netty/betternas.nix
@ -0,0 +1,68 @@
+{
+  pkgs,
+  username,
+  ...
+}:
+let
+  betternasDomain = "api.betternas.com";
+  betternasRepoDir = "/home/${username}/Documents/GitHub/betterNAS/betterNAS";
+  betternasNodeEnvFile = "/var/lib/betternas/node-agent/node-agent.env";
+  betternasNodeBinary = "${betternasRepoDir}/apps/node-agent/dist/betternas-node";
+  betternasNodeExportPath = "/home/${username}/Documents";
+  betternasNodeEnvCheck = pkgs.writeShellScript "betternas-node-env-check" ''
+    [ -f "${betternasNodeEnvFile}" ] && [ -x "${betternasNodeBinary}" ] && [ -d "${betternasNodeExportPath}" ]
+  '';
+in
+{
+  systemd.tmpfiles.rules = [
+    "d /var/lib/betternas/node-agent 0750 ${username} users -"
+    "z ${betternasNodeEnvFile} 0600 ${username} users -"
+  ];
+
+  systemd.services.betternas-control-plane = {
+    description = "betterNAS Control Plane";
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "simple";
+      User = username;
+      Group = "users";
+      WorkingDirectory = "/var/lib/betternas/control-plane";
+      ExecStart = "${betternasRepoDir}/apps/control-plane/dist/control-plane";
+      EnvironmentFile = "/var/lib/betternas/control-plane/control-plane.env";
+      Restart = "on-failure";
+      RestartSec = 5;
+      StateDirectory = "betternas/control-plane";
+    };
+  };
+
+  systemd.services.betternas-node = {
+    description = "betterNAS Node";
+    after = [
+      "betternas-control-plane.service"
+      "network-online.target"
+    ];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+    environment = {
+      PORT = "8090";
+      BETTERNAS_CONTROL_PLANE_URL = "http://127.0.0.1:3100";
+      BETTERNAS_NODE_DIRECT_ADDRESS = "https://${betternasDomain}";
+      BETTERNAS_EXPORT_PATH = betternasNodeExportPath;
+      BETTERNAS_NODE_DISPLAY_NAME = "netty";
+    };
+    serviceConfig = {
+      Type = "simple";
+      User = username;
+      Group = "users";
+      WorkingDirectory = "/var/lib/betternas/node-agent";
+      ExecCondition = betternasNodeEnvCheck;
+      ExecStart = betternasNodeBinary;
+      EnvironmentFile = "-${betternasNodeEnvFile}";
+      Restart = "on-failure";
+      RestartSec = 5;
+      StateDirectory = "betternas/node-agent";
+    };
+  };
+}