From ccfde02d70a73d6de0cbf60023fe828299db0821 Mon Sep 17 00:00:00 2001 From: Padreug Date: Wed, 27 May 2026 17:05:24 +0200 Subject: [PATCH] fix(start.js): resolve sibling paths from script location, not cwd MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The launcher previously assumed cwd was the package root: `mkdir config` in cwd, `npm run prisma:migrate` in cwd, `node ./dist/index.js`. Works under docker (WORKDIR /app, writable) but breaks anywhere cwd differs from the package root — e.g. a nix-built bunker invoked from a systemd unit whose WorkingDirectory is the state dir (/var/lib/nsecbunkerd) and not the nix store path that holds dist/, scripts/, prisma/. Resolve sibling paths via `path.resolve(__dirname, '..')` so the package-internal layout is robust to cwd. Use `path.join(pkgRoot, 'dist/index.js')` for the daemon spawn and `{ cwd: pkgRoot }` for the npm migrate exec. Switch `mkdir config` (which only works in writable cwd) to `fs.mkdirSync(configDir, { recursive: true })` where configDir defaults to `./config` relative to cwd, overrideable via NSEC_BUNKER_CONFIG_DIR. This lets the nix package install the launcher into the read-only store while the systemd unit still does its config/state work in /var/lib/nsecbunkerd with no shell wrapping. Co-Authored-By: Claude Opus 4.7 (1M context) --- scripts/start.js | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/scripts/start.js b/scripts/start.js index c3899f8..603d5b2 100644 --- a/scripts/start.js +++ b/scripts/start.js @@ -1,20 +1,32 @@ const { execSync, spawn } = require('child_process'); const fs = require('fs'); +const path = require('path'); + +// Resolve sibling paths from this script's location so the launcher +// works whether cwd is /app (docker), the nix store, or a writable +// state dir set by systemd's WorkingDirectory. The prisma CLI and +// dist/index.js live alongside this file in `/share/nsecbunkerd/` +// (nix) or `/app/` (docker). The migration-side env knobs: +// NSEC_BUNKER_CONFIG_DIR — directory holding nsecbunker.{json,db}; +// defaults to ./config relative to cwd. +// DATABASE_URL — prisma's source of truth for the sqlite +// path; honor whatever the caller set. +const pkgRoot = path.resolve(__dirname, '..'); +const configDir = process.env.NSEC_BUNKER_CONFIG_DIR || path.resolve(process.cwd(), 'config'); try { - console.log(`Running migrations`); - // check if config folder exists - if (!fs.existsSync('./config')) { - execSync(`mkdir config`); + console.log(`Running migrations`); + if (!fs.existsSync(configDir)) { + fs.mkdirSync(configDir, { recursive: true }); } - execSync('npm run prisma:migrate'); + execSync('npm run prisma:migrate', { cwd: pkgRoot, stdio: 'inherit' }); } catch (error) { - console.log(error); + console.log(error); // Handle any potential migration errors here } const args = process.argv.slice(2); -const childProcess = spawn('node', ['./dist/index.js', ...args], { +const childProcess = spawn('node', [path.join(pkgRoot, 'dist/index.js'), ...args], { stdio: 'inherit', });