Deploy: Add Ava web server to Beryllium config

Update NixOS deployment config to run Ava's web server.

Context

The Ava web server (from t-272.2) needs to be accessible from the internet so Telegram users can view traces.

Files to Modify

Omni/Dev/Beryllium/Ava.nix

Add environment variables to the ava service:

Environment = [ ...existing... "AVA_WEB_PORT=8079" "AVA_WEB_URL=https://ava.bensima.com" ];

Omni/Dev/Beryllium.nix (or Caddy/Nginx config)

Add reverse proxy rule to route ava.bensima.com to localhost:8079.

Look at existing web server config in the Beryllium module. If using Caddy:

services.caddy.virtualHosts."ava.bensima.com" = { extraConfig = '' reverse_proxy localhost:8079 ''; };

If using Nginx, equivalent proxy_pass config.

DNS

Ensure ava.bensima.com DNS record points to Beryllium server. (May already exist or need to be added manually in DNS provider)

SSL/TLS

Caddy auto-provisions Let's Encrypt certs. Nginx may need certbot config.

Firewall

Port 8079 only needs localhost access (reverse proxy handles external traffic on 443).

Deployment Steps

1. Update Ava.nix with env vars 2. Update web server config with proxy rule 3. Run: ship.sh Omni/Dev/Beryllium.nix 4. Verify: curl https://ava.bensima.com/health

Testing

• curl localhost:8079/health from Beryllium server
• curl https://ava.bensima.com/health from external
• Open trace link in browser