diff --git a/CLAUDE.md b/CLAUDE.md index 8008bc2..1ab8ab6 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -759,12 +759,15 @@ BRAND_DIR=branding/cfaun pnpm build:events instead of `@/assets/logo.png`. The latter still works for non-brand assets (`@/assets/bitcoin.svg`, etc.) — it's only the logo that moved. -**NixOS deployment:** brand directories will eventually live in -`deploy/server-deploy/hosts//branding/`, with each host's -`services/webapp.nix` calling `inputs.webapp.lib.mkWebapp { brandDir = -./../branding; }`. `flake.nix` exposing `lib.mkWebapp` is a follow-up -to this PR. Until it lands, server-deploy continues to build webapp -through its existing path. See aiolabs/server-deploy#8. +**NixOS deployment:** `flake.nix` exposes +`lib.mkWebapp { pkgs, brandDir ? ./branding/default, app ? "main" }`. +Server-deploy hosts call it from their `services/webapp.nix`: +`inputs.webapp.lib.mkWebapp { inherit pkgs; brandDir = ./../branding; app = "events"; }`. +Builder pins `pkgs.pnpm_10` regardless of consumer's nixpkgs (keeps +pnpmDeps hash stable downstream), uses `autoPatchelfHook` to handle +prebuilt sharp binaries, and sets `CI=true` to bypass pnpm's +interactive modules-purge prompt. Per-host migration tracked in +aiolabs/server-deploy#8. ## Payment Rails Pattern diff --git a/branding/README.md b/branding/README.md index 37bb1ce..b84ba6c 100644 --- a/branding/README.md +++ b/branding/README.md @@ -105,6 +105,33 @@ Outputs land in `public/icons/` (gitignored). ## Integration with NixOS deployment -See [aiolabs/webapp#95](https://git.atitlan.io/aiolabs/webapp/issues/95) for the full architecture. In short: `deploy/server-deploy/hosts//branding/` will hold per-host brands, and each host's `services/webapp.nix` will call `inputs.webapp.lib.mkWebapp { brandDir = ./../branding; }` once `lib.mkWebapp` is exposed from `flake.nix` (separate follow-up issue). +`flake.nix` exposes `lib.mkWebapp { pkgs, brandDir ? ./branding/default, app ? "main" }` for downstream consumers. Per-host wiring in `deploy/server-deploy/hosts//services/webapp.nix` looks like: + +```nix +{ inputs, pkgs, ... }: +{ + services.webapp.apps = { + main = inputs.webapp.lib.mkWebapp { inherit pkgs; brandDir = ./../branding; }; + events = inputs.webapp.lib.mkWebapp { inherit pkgs; brandDir = ./../branding; app = "events"; }; + wallet = inputs.webapp.lib.mkWebapp { inherit pkgs; brandDir = ./../branding; app = "wallet"; }; + }; +} +``` + +`brandDir` is either a path inside this flake (`./branding/`) or an external path (e.g. `./../branding` from server-deploy). Either way Nix copies it into the build sandbox. + +Builder details: +- Uses `pkgs.pnpm_10` regardless of consumer's nixpkgs, so the pnpmDeps hash stays stable across downstream nixpkgs versions. +- `pkgs.autoPatchelfHook` + `stdenv.cc.cc.lib` patch the prebuilt `@img/sharp-libvips-linux-*` binaries. +- `CI=true` bypasses pnpm 10's interactive modules-purge prompt in the sandbox. The architectural payoff: brand and code become independent axes. Logo changes ship via server-deploy commits + redeploys — no webapp release, no `flake.lock` bump. + +For local sanity: + +```bash +nix build .#main # hub with aiolabs default brand +nix build .#events # events standalone with aiolabs default +# events with a custom brand (the impure way, ad-hoc): +nix build --impure --expr 'let pkgs = import {}; flake = builtins.getFlake (toString ./.); in flake.lib.mkWebapp { inherit pkgs; brandDir = /path/to/brand; app = "events"; }' +```