From 337648981cc5a55935116141341521f4fce83214 Mon Sep 17 00:00:00 2001
From: Ben Sima <ben@bensima.com>
Date: Wed, 17 Dec 2025 13:29:24 -0500
Subject: Add Ava systemd deployment with dedicated user and workspace

- Add Omni.Agent.Paths module for configurable AVA_DATA_ROOT
- Create ava Linux user in Users.nix with SSH key
- Add systemd service in Beryllium/Ava.nix with graceful shutdown
- Update Skills.hs and Outreach.hs to use configurable paths
- Add startup logging of resolved paths in Telegram.hs
- Create migration script for moving data from _/var/ava to /home/ava
- Add deployment documentation in Beryllium/AVA.md

In dev: AVA_DATA_ROOT unset uses _/var/ava/
In prod: AVA_DATA_ROOT=/home/ava via systemd

Amp-Thread-ID: https://ampcode.com/threads/T-019b2d7e-bd88-7355-8133-275c65157aaf
Co-authored-by: Amp <amp@ampcode.com>
---
 Omni/Dev/Beryllium/Ava.nix | 48 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 Omni/Dev/Beryllium/Ava.nix

(limited to 'Omni/Dev/Beryllium/Ava.nix')

diff --git a/Omni/Dev/Beryllium/Ava.nix b/Omni/Dev/Beryllium/Ava.nix
new file mode 100644
index 0000000..6957352
--- /dev/null
+++ b/Omni/Dev/Beryllium/Ava.nix
@@ -0,0 +1,48 @@
+{...}: let
+  bild = import ../../Bild.nix {};
+  avaPkg = bild.run ../../Ava.hs;
+in {
+  systemd.services.ava = {
+    description = "Ava Telegram assistant";
+    after = ["network-online.target" "ollama.service"];
+    wants = ["network-online.target" "ollama.service"];
+    wantedBy = ["multi-user.target"];
+
+    serviceConfig = {
+      Type = "simple";
+      User = "ava";
+      Group = "users";
+      WorkingDirectory = "/home/ava/omni";
+
+      Environment = [
+        "AVA_DATA_ROOT=/home/ava"
+        "HOME=/home/ava"
+        "OLLAMA_URL=http://localhost:11434"
+      ];
+
+      EnvironmentFile = "/run/secrets/ava.env";
+
+      ExecStart = "${avaPkg}/bin/ava";
+
+      Restart = "on-failure";
+      RestartSec = 5;
+
+      TimeoutStopSec = 90;
+      KillMode = "mixed";
+      KillSignal = "SIGTERM";
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /home/ava 0755 ava users -"
+    "d /home/ava/omni 0755 ava users -"
+    "d /home/ava/skills 0755 ava users -"
+    "d /home/ava/outreach 0755 ava users -"
+    "d /home/ava/outreach/pending 0755 ava users -"
+    "d /home/ava/outreach/approved 0755 ava users -"
+    "d /home/ava/outreach/rejected 0755 ava users -"
+    "d /home/ava/outreach/sent 0755 ava users -"
+    "d /home/ava/users 0755 ava users -"
+    "d /home/ava/.local/share/omni 0755 ava users -"
+  ];
+}
-- 
cgit v1.2.3