89f835727b
* feat: use Nix profiles in sandbox Docker image Replace manual tool installs (rustup, nodesource, curl installers) in sandbox-image/Dockerfile.sandbox with a single `nix profile install .#sandbox`. All tools (Rust, Node, Bun, Deno, Go, gh, sqlx-cli, cargo-watch, Chromium, Playwright, etc.) are now managed declaratively via flake.nix. - Add `packages.sandbox` and `packages.sandbox-full` buildEnv outputs to flake.nix - Add `sandbox-env` helper script for browser tooling env vars - Update playwrightWrapper to export PLAYWRIGHT_BROWSERS_PATH - Rewrite Dockerfile.sandbox: Nix replaces ~50 lines of manual installs - Update entrypoint.sh to source Nix profile PATH - Delete deprecated root Dockerfile.sandbox Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: sandbox image runs as non-root user with wmdev - Rewrite entrypoint.sh to start PostgreSQL as current user (no chown/su needed), fixing "Operation not permitted" when wmdev runs containers with --user - Add chmod -R 777 /root and passwd entry for UID 1000 so non-root containers can access bashrc, nix-profile, and tool configs - Remove apt postgresql server (Nix profile provides it) - Fix bash history expansion errors from literal `!` in system prompt - Fix asciinema path reference (available on PATH, not hardcoded) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: wrap pkg-config in sandbox profiles to bake in Nix search path Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: add openssh-client and sudo to sandbox image for full root access Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * fix: use useradd instead of manual passwd entry for sandbox agent user Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
38 lines
1.7 KiB
Bash
38 lines
1.7 KiB
Bash
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
# ── Nix profile ──────────────────────────────────────────────────────────────
|
|
export PATH="/root/.nix-profile/bin:/nix/var/nix/profiles/default/bin:$PATH"
|
|
export CARGO_HOME=/tmp/.cargo
|
|
|
|
# ── Browser env (from Nix sandbox profile) ───────────────────────────────────
|
|
if command -v sandbox-env >/dev/null 2>&1; then
|
|
eval "$(sandbox-env)"
|
|
fi
|
|
|
|
# ── Start PostgreSQL as current user (no root/su needed) ─────────────────────
|
|
PGDATA=/tmp/pgdata
|
|
mkdir -p "$PGDATA"
|
|
|
|
if [ ! -f "$PGDATA/PG_VERSION" ]; then
|
|
initdb -D "$PGDATA" --auth=trust
|
|
fi
|
|
pg_ctl -D "$PGDATA" -l /tmp/pg.log start -o "-k /tmp"
|
|
|
|
# Create postgres role and windmill database (idempotent)
|
|
psql -h /tmp -d postgres -c "CREATE ROLE postgres SUPERUSER LOGIN" 2>/dev/null || true
|
|
createdb -h /tmp windmill 2>/dev/null || true
|
|
|
|
# ── Run migrations if present ─────────────────────────────────────────────────
|
|
if [ -d "$PWD/backend/migrations" ]; then
|
|
DATABASE_URL="postgres://postgres@localhost/windmill?host=/tmp" \
|
|
sqlx migrate run --source "$PWD/backend/migrations" 2>/dev/null || true
|
|
fi
|
|
|
|
# ── Install frontend deps if present ─────────────────────────────────────────
|
|
if [ -d "$PWD/frontend" ]; then
|
|
(cd "$PWD/frontend" && npm install && npm run generate-backend-client) 2>/dev/null || true
|
|
fi
|
|
|
|
exec "$@"
|