Building vedantmamgain.com
I run a private "life OS" — a Next.js app over an Obsidian vault, todos, money, and an agent platform — on a single Fly.io machine. When I bought this domain, the question was where the public site should live. The boring answer (a second app) felt wasteful for a few pages.
So this site is served by the same process as my private app. The separation
is a default-deny host gate at the proxy layer: requests arriving for
vedantmamgain.com can reach an allowlist of public paths and nothing else.
Everything else 404s before any route logic runs. My session auth stays
underneath as an independent second layer — leaking private data would take
two simultaneous bugs, and the gate is pinned by unit tests and e2e checks.
The pages themselves are React server components; posts are MDX, so future posts can embed live components. The look borrows Apple's Liquid Glass — frosted pill nav over a quiet gradient, serif prose for reading.
More on the platform behind the private side soon.