branding/README's "Integration with NixOS deployment" section now
describes the actual lib.mkWebapp API + the per-host call site, with
a ready-to-paste server-deploy snippet. Also documents the pnpm_10
pin, sharp/autoPatchelfHook handling, and CI=true bypass — anchors
that surface in error logs and benefit from being grep-able.
CLAUDE.md's NixOS deployment paragraph stops calling lib.mkWebapp a
future TODO and points at the API directly.
Adds a `nix build` recipe (default + impure brand override) for local
sanity-checking.
Part of aiolabs/webapp#97.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Two issues found when calling lib.mkWebapp from an external nixpkgs
(server-deploy's scenario):
- pnpm 10 in the sandbox aborts with
ERR_PNPM_ABORTED_REMOVE_MODULES_DIR_NO_TTY when it sees a
modules-purge prompt without a TTY. CI=true is pnpm's documented
bypass; harmless on builds that don't need it.
- Pinning pkgs.pnpm leaves it floating with the consumer's nixpkgs
(flake's nixos-unstable has pnpm 11.5.1, system nixpkgs has 10.33,
etc.). pnpmDeps hash is per-pnpm-version so a floating pnpm means
consumers hit hash mismatches. Pinning pkgs.pnpm_10 locks to the
same major series that produced the lockfile (package.json's
packageManager: pnpm@10.33.0) while still allowing minor drift
inside major-10.
New pnpmDeps hash reflects pnpm_10's snapshot format.
Verified end-to-end: `nix build --impure --expr '...lib.mkWebapp {
brandDir = /tmp/fixture; app = "events"; }'` with an external pkgs
produces a Sortir-branded dist-events (manifest name "Sortir", theme
#dc2626, bg #fff5f5, HTML title "Sortir").
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Establishes the nix build path so deploy/server-deploy can call
inputs.webapp.lib.mkWebapp { brandDir, app } per-host instead of
running its own derivation.
lib.mkWebapp { pkgs, brandDir ? ./branding/default, app ? "main" }
returns a stdenv.mkDerivation that:
- Uses pnpmConfigHook + fetchPnpmDeps (fetcherVersion = 3) to install
node_modules from a hash-pinned snapshot, offline.
- Wires brandDir into the BRAND_DIR env var so vite-branding.ts and
pwa-assets.config.ts resolve the right brand.
- Sets BRAND_APP from `app` so per-standalone overrides
(branding/<dep>/icons/<app>/logo.*) work.
- autoPatchelfHook + stdenv.cc.cc.lib patch the prebuilt
@img/sharp-libvips-linux-x64 binaries to run under the nix sandbox.
- Runs `pnpm run build` for the hub or `pnpm run build:<app>` for a
standalone, then copies the resulting dist/ or dist-<app>/ into $out.
Per-system exposure:
- packages.<app> for each of main/events/wallet/chat/market/forum/
tasks/restaurant/libra — exercises the builder under CI.
- packages.default = packages.main.
Closesaiolabs/webapp#97. Server-deploy hosts can now migrate via
aiolabs/server-deploy#8.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
