Fixes#1157
When running via 'nix run github:nexu-io/open-design', the daemon
attempted to create runtime state under the Nix store package path:
/nix/store/.../lib/open-design/.od/projects
The Nix store is read-only at runtime, causing startup to fail with
ENOENT when mkdir() tried to create the projects directory.
This commit updates the nix run wrapper to export OD_DATA_DIR with
a writable default ($HOME/.od) when the variable is unset. Users
can still override it by setting OD_DATA_DIR before running.
The Home Manager and NixOS modules already set OD_DATA_DIR, so they
are unaffected by this change.
* nix: add official flake with home-manager and nixos modules
* Pin pnpm version
* Format README.md
* Populate PATH files to discover installed CLIs
* Revert "Populate PATH files to discover installed CLIs"
This reverts commit 18d88781a88b8781913cf5a8b680dfb38eabf7e4.
* Fix missing sqlite issue
* Fix system issue
* Reapply "Populate PATH files to discover installed CLIs"
This reverts commit d02ea994e6.
* Handle different ports for web frontend
* Provide documentation for getting pnpm hash
* Enable nix flake checks for code changes
* Set `OD_WEB_PORT` on daemon when declared
* fix: Fix environmentFile for macOS targets
* chore: Ignore nix and direnv related files
* fix: Read version directly from `package.json`
* feat: Make nix shell entry prettier
* chore: Update pnpm hashes
* chore: Bump `pnpm` hashes
* docs: Add blurb about dev shell in `README.md`
* Address review comments
* Add support for `OD_WEB_ORIGINS`
* Fix `isLocalSameOrigin`
* Update pnpm checksums
* docs: Update documentation on host origins
* Move allowedOrigins mapping out of the webFrontend.enable guard
* fix: Bump pnpm hashes
* Remove changes to `daemon` with `main` changes
`main` merged a feature that addressed our need for allowed origins.
Since this feature branch no longer needs it, remove any remaining
changes in `daemon` code so that this is a pure Nix change.
* Update documentation around `OD_DAEMON_URL`
* Rewrite option docs to match same-origin proxy contract
The port, webFrontend, and webFrontend.port option descriptions still
described OD_DAEMON_URL as the runtime contract for the SPA, but the
SPA issues relative /api/*, /artifacts/*, /frames/* requests and there
is no runtime daemon-URL injection. Rewrite the three blocks to
describe what the caddy / custom proxy must actually do.
* Document daemon-side requirements for custom-server proxy paths
The bring-your-own-server path in section (3) and the same-origin
contract in section (4) understated what the daemon needs: any proxy
whose origin differs from the daemon's bind (including loopback
split-port like 127.0.0.1:8080 while the daemon stays on :7457) is
403'd by the daemon's same-origin gate until told about that origin.
Add a callout under section (3)'s table, expand section (4) with a
decision table covering same-port, loopback split-port (OD_WEB_PORT or
webFrontend.allowedOrigins), and non-loopback (webFrontend.allowedOrigins)
cases, and rewrite the webFrontend.allowedOrigins option description to
enumerate the cases where it's required and surface OD_WEB_PORT as an
alternative for the loopback split-port case.
---------
Co-authored-by: lefarcen <935902669@qq.com>
