barrettruth/delta
1
0
Fork 0
Code Issues 6 Pull requests 1 Releases 3 Packages Activity Actions

docs/self-hosting: document single-user NixOS production setup #187

New issue
Closed
opened 2026-04-06 02:04:46 +00:00 by barrettruth · 0 comments
barrettruth commented 2026-04-06 02:04:46 +00:00
Copy link

Problem

Delta needs a reproducible single-user self-hosted deployment path.

The production shape should match the current product decision: no app login flow, no multi-user account model, no reminders subsystem, no PWA/offline app requirement. Google OAuth may still exist only as provider integration for Calendar/Tasks sync.

Solution

Document the NixOS-first setup:

  • service user, working directory, SQLite database path, and file ownership
  • required runtime environment variables by name only
  • SOPS layout for app secrets, backup secrets, and provider OAuth credentials
  • reverse proxy/TLS origin used by the app
  • API-key bootstrap for CLI access
  • Google OAuth client setup for Calendar/Tasks sync, including redirect URI and scopes
  • migrations, backup/restore, and R2-compatible backup checks
  • what is explicitly out of scope: multi-user, app-login OAuth, reminders, PWA/offline app, mobile app

Acceptance criteria

  • A new operator can deploy a single-user Delta instance on NixOS from the repo docs.
  • No real secret values appear in docs, issues, logs, PR descriptions, or generated artifacts.
  • The docs distinguish app authentication from Google provider OAuth for sync.
  • Backup and restore steps are documented and testable.
## Problem Delta needs a reproducible single-user self-hosted deployment path. The production shape should match the current product decision: no app login flow, no multi-user account model, no reminders subsystem, no PWA/offline app requirement. Google OAuth may still exist only as provider integration for Calendar/Tasks sync. ## Solution Document the NixOS-first setup: - service user, working directory, SQLite database path, and file ownership - required runtime environment variables by name only - SOPS layout for app secrets, backup secrets, and provider OAuth credentials - reverse proxy/TLS origin used by the app - API-key bootstrap for CLI access - Google OAuth client setup for Calendar/Tasks sync, including redirect URI and scopes - migrations, backup/restore, and R2-compatible backup checks - what is explicitly out of scope: multi-user, app-login OAuth, reminders, PWA/offline app, mobile app ## Acceptance criteria - A new operator can deploy a single-user Delta instance on NixOS from the repo docs. - No real secret values appear in docs, issues, logs, PR descriptions, or generated artifacts. - The docs distinguish app authentication from Google provider OAuth for sync. - Backup and restore steps are documented and testable.
barrettruth changed title from reconisder self-hosting guide to docs/self-hosting: document NixOS-first production setup 2026-05-10 20:16:28 +00:00
barrettruth added this to the v0.1.0 milestone 2026-05-10 20:16:28 +00:00
barrettruth changed title from docs/self-hosting: document NixOS-first production setup to docs/self-hosting: document single-user NixOS production setup 2026-05-11 18:30:08 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/software-sync
ship/delta-codex-skill
fix/cli-filter-args
fix-calendar-g-leader-shortcuts
harden-keyboard-capture
fix-queue-gc-hard-refresh
fix/task-panel-scroll-restoration
fix/calendar-quick-add-preview-stability
fix/467-local-first-shortcuts
docs/nixos-self-hosting-first-pass
calendar-elapsed-events
calendar-active-day-blue
calendar-outline-no-fill
calendar-neutral-day-state
fix-calendar-drag-visual-position
issue-364-task-api-route-adapters
issue-362-manpage-drift
issue-315-geocoding-config
release/cli-0.0.5
release/cli-0.0.4
fix/task-panel-save-atomicity
settings-modal
feat/add-task-external-links
feat/reminder-transport-settings
feat/reminder-foundation
build/oidc-release-pipeline
fix/settings-cleanup
fix/remove-oauth-config-ui
cli-v0.0.6
cli-v0.0.5
cli-v0.0.4
nightly-20260426
cli-v0.0.2
Labels
Clear labels   
bug
Something isn't working

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
status:blocked
Blocked on a decision, credential, or external dependency

  
track:api
API layer track

  
track:auto
Automation track

  
track:core
Core engine track

  
track:deploy
Deployment track

  
track:infra
Infrastructure track

  
track:ui
Web UI track

  
type:cleanup
Small cleanup, polish, or consolidation work

  
type:docs
Documentation and operator guidance

  
type:epic
Umbrella issue that coordinates related work

  
type:release
Release, packaging, and versioning work

  
type:research
Decision or investigation work before implementation

  
wontfix
This will not be worked on

No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
status:blocked
track:api
track:auto
track:core
track:deploy
track:infra
track:ui
type:cleanup
type:docs
type:epic
type:release
type:research
wontfix
Milestone
Clear milestone
No items
No milestone
v0.1.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
barrettruth/delta#187
No description provided.