diff --git a/docs/nix_dev_env.md b/docs/nix_dev_env.md index af32476bb..9f313a740 100644 --- a/docs/nix_dev_env.md +++ b/docs/nix_dev_env.md @@ -1,159 +1,160 @@ # Motivation We use Nix to package all of the dependencies for our dev environment. It does several things for us: - Enables new devs on macOS or Linux to set up our dev environment with just one command - Makes sure that everybody on the team is using the same versions of all the tools - Allows us to isolate development dependencies from affecting the host system For how Nix package management works, please refer to the official [how Nix works guide](https://nixos.org/guides/how-nix-works.html). # Supported workflows Some workflows require additional steps after the Nix installation. These steps are documented in [Workflow prerequisites](#workflow-prerequisites). | Workflow | macOS supported | | ------------------------------- | --------------- | | `keyserver` (Node.js) | ✅ | | `web` & `landing` (Webpack) | ✅ | | `native` iOS (React Native) | ✅ | | `native` Android (React Native) | ✅ | | C++ services | ❌ **\*** | | Rust services | ✅ | **\*** Workflow requires documentation; and it requires the RabbitMQ and AWS/Localstack services to be available. # Requirements To set up a dev environment using Nix, you will need a macOS or Linux machine. If you are using a Mac computer with Apple silicon, you will need to install Rosetta 2. You can do this by running: ``` softwareupdate --install-rosetta ``` # Prerequisites ## Xcode For developers using macOS, go to the [Mac App Store](https://apps.apple.com/us/app/xcode/id497799835) to install Xcode; or if you already have it, update it to the latest version. Once Xcode is installed, open it up. If you are prompted, follow the instructions to install any [“Additional Required Components”](./nix_mobile_setup.md#xcode-settings) ### Xcode Command Line Tools For developers using macOS, you need to make sure that the Xcode “Command Line Tools” are installed. You can do this by running: ``` xcode-select --install ``` ## Nix package manager To install and configure the [Nix package manager](https://nixos.org), please run: ``` # Pull down Git repository git clone git@github.com:CommE2E/comm.git cd comm # Install Nix and Comm binary cache ./scripts/install_nix.sh ``` Now either close and reopen your terminal window or re-source your shell configuration file in order to have changes applied. ## Install development dependencies As a first step, you’ll want to set up the JavaScript environment and pull in all necessary NPM packages. Run the following command: ``` # Create development shell nix develop # Install yarn dependencies yarn cleaninstall ``` ## Workflow specific prerequisites On macOS, [installing Xcode](#xcode) is a prerequisite for all workflows. - [Web prerequisites](./nix_web_setup.md#nix-web-requisities) - [React Dev Tools Chrome extension](./nix_web_setup.md#react-dev-tools-chrome-extension) - [Redux Dev Tools Chrome extension](./nix_web_setup.md#redux-dev-tools-chrome-extension) - [Mobile prerequisites](./nix_mobile_setup.md#nix-mobile-prerequisites) - [iOS development](./nix_mobile_setup.md#ios-development) - [Xcode settings](./nix_mobile_setup.md#xcode-settings) - [Android development](./nix_mobile_setup.md#android-development) - [JDK (Java Development Kit)](./nix_mobile_setup.md#jdk) - [Android Studio](./nix_mobile_setup.md#android-studio) - [Android SDK](./nix_mobile_setup.md#android-sdk) - [Android emulator](./nix_mobile_setup.md#android-emulator) - [Debugging tools](./nix_mobile_setup.md#debugging-tools) - [Reactotron](./nix_mobile_setup.md#reactotron) - [Services prerequisites](./nix_services_setup.md#nix-services-prerequisites) - [Docker](./nix_services_setup.md#docker) - [LocalStack](./nix_services_setup.md#localstack) - [Configuring the AWS CLI](./nix_services_setup.md#configuring-the-aws-cli) # Development environment Run `nix develop` to create a dev environment. Nix will handle the installation of all remaining dependencies not mentioned in [Workflow prerequisites](#workflow-prerequisites). ## Development workflows - [Web workflows](./nix_web_workflows.md#development) - [Flow typechecker](./nix_web_workflows.md#flow-typechecker) - [Running keysever](./nix_web_workflows.md#running-keyserver) - [Running web app](./nix_web_workflows.md#running-web-app) - [Running landing page](./nix_web_workflows.md#running-landing-page) - [Debugging](./nix_web_workflows.md#debugging) - [React Developer Tools](./nix_web_workflows.md#react-developer-tools) - [Redux Developer Tools](./nix_web_workflows.md#redux-developer-tools) - [Debugging JavaScript](./nix_web_workflows.md#debugging-javascript) - [Mobile workflows](./nix_mobile_workflows.md#mobile-workflows) - [Running mobile app on iOS Simulator](./nix_mobile_workflows.md#running-mobile-app-on-ios-simulator) - [Running mobile app on Android Emulator](./nix_mobile_workflows.md#running-mobile-app-on-android-emulator) - [Running mobile app on physical iOS devices](./nix_mobile_workflows.md#running-mobile-app-on-physical-ios-devices) - [Services workflows](./nix_services_workflows.md#services-workflows) - [Running the Identity service](./nix_services_workflows.md#running-the-identity-service) - [Debugging](./nix_services_workflows.md#debugging) - [AWS CLI](./nix_services_workflows.md#aws-cli) - [Shared workflows](./nix_shared_workflows.md#shared-workflows) - [Inspect database with TablePlus](./nix_shared_workflows.md#inspect-database-with-tableplus) - [Codegen](./nix_shared_workflows.md#codegen) - [Codegen for JSI](./nix_shared_workflows.md#codegen-for-jsi) - [Working with Phabricator](./nix_shared_workflows.md#working-with-phabricator) - [Setup](./nix_shared_workflows.md#setup) - [Creating a new diff](./nix_shared_workflows.md#creating-a-new-diff) - [Updating a diff](./nix_shared_workflows.md#updating-a-diff) - [Working with a stack](./nix_shared_workflows.md#working-with-a-stack) - [Committing a diff](./nix_shared_workflows.md#committing-a-diff) - [Final notes](./nix_shared_workflows.md#final-notes) ## Production workflows +- [Keyserver deployment](./nix_keyserver_deployment.md) - [Services deployment](./nix_services_deployment.md) - [Identity service](./nix_services_deployment.md#identity-service) - [Tunnelbroker](./nix_services_deployment.md#tunnelbroker) ## Using alternate shells with Nix Alternate shells such as zsh or fish can also be used with Nix. To use an alternate shell, run: ```sh nix develop -c $SHELL ``` You may also replace the bash shell with the shell of your preference. ```sh nix develop exec zsh # or fish ``` ## How Nix introduces dependencies to a development environment Nix installs packages in the Nix store at package-specific paths (e.g. `/nix/store/x7kdiasp...-clang/bin/clang`). When you run `nix develop`, Nix sets environment variables such as `PATH` to expose the binary dependencies to your shell. This model can be extended to support other build toolchains such as pkg-config, CMake, and many other language specific package managers. diff --git a/docs/nix_keyserver_deployment.md b/docs/nix_keyserver_deployment.md new file mode 100644 index 000000000..2c161dc97 --- /dev/null +++ b/docs/nix_keyserver_deployment.md @@ -0,0 +1,65 @@ +# Keyserver Deployment + +Deploying the keyserver requires configuring it, building its Docker image, and deploying that image with Docker Compose. + +## Configuration + +In order for the keyserver to interface with dependencies, host the landing page, and host the Comm web application, the following must be added to `keyserver/.env`: + +``` +# Mandatory +COMM_DATABASE_DATABASE=comm +COMM_DATABASE_USER= +COMM_DATABASE_PASSWORD= +COMM_JSONCONFIG_secrets_user_credentials='{"username":"","password":""}' +COMM_JSONCONFIG_facts_landing_url='{"baseDomain":"http://localhost","basePath":"/commlanding/","baseRoutePath":"/commlanding/","https":false}' +COMM_JSONCONFIG_facts_commapp_url='{"baseDomain":"http://localhost:3000","basePath":"/comm/","https":false,"baseRoutePath":"/comm/","proxy":"none"}' + +# Required to connect to production Identity service +COMM_JSONCONFIG_secrets_identity_service_config="{\"identitySocketAddr\":\"https://identity.commtechnologies.org:50054\"}" + +# Required for ETH login +COMM_JSONCONFIG_secrets_alchemy='{"key":""}' +COMM_JSONCONFIG_secrets_walletconnect='{"key":""}' + +# Example backup configuration that stores up to 10 GiB of backups in /home/comm/backups +COMM_JSONCONFIG_facts_backups='{"enabled":true,"directory":"/home/comm/backups","maxDirSizeMiB":10240}' +``` + +### MariaDB configuration + +- `COMM_DATABASE_DATABASE`: Specifies the name of the database the keyserver will use. +- `COMM_DATABASE_USER`: The username the keyserver uses to connect to MariaDB. Replace `` with your desired username. +- `COMM_DATABASE_PASSWORD`: Corresponding password for the above user. Replace `` with your desired password. + +### Identity service configuration + +- `COMM_JSONCONFIG_secrets_user_credentials`: Credentials for authenticating against the Identity service. Replace `` and `` with any values. In the future, they will need to be actual credentials registered with the Identity service. +- `COMM_JSONCONFIG_secrets_identity_service_config`: Socket address for the Identity service. If omitted, the keyserver will try to connect to a local instance of the Identity service. + +### ETH login configuration + +- `COMM_JSONCONFIG_secrets_alchemy`: Alchemy key used for Ethereum Name Service (ENS) resolution and retrieving ETH public keys. Replace `` with your actual key. +- `COMM_JSONCONFIG_secrets_walletconnect`: WalletConnect key used to enable Sign-In with Ethereum (SIWE). Replace `` with your actual key. + +### URL configuration + +- `COMM_JSONCONFIG_facts_commapp_url`: Your keyserver needs to know what its externally-facing URL is in order to construct links. It also needs to know if it’s being proxied to that externally-facing URL, and what the internal route path is. + - `baseDomain`: Externally-facing domain. Used for constructing links. + - `basePath`: Externally-facing path. Used for constructing links. + - `baseRoutePath`: Internally-facing path. Same as basePath if no proxy. If there's a proxy, this is the local path (e.g. http://localhost:3000/landing would correspond with /landing/) + - `proxy`: `"none" | "apache"` Determines which request headers to use for HTTPS validation and IP address timezone detection. + - `https`: If true, checks request headers to validate that HTTPS is in use. + +### Backup configuration + +- `COMM_JSONCONFIG_facts_backups`: Specifies whether to enable backups, where to store them, and the max size of the backups directory. + +## Building & deploying + +Once configured, the keyserver can be built and deployed by simply running: + +```bash +cd keyserver +./bash/dc.sh up --build +``` diff --git a/docs/nix_services_deployment.md b/docs/nix_services_deployment.md index 6daa28203..fe807fa7f 100644 --- a/docs/nix_services_deployment.md +++ b/docs/nix_services_deployment.md @@ -1,62 +1,62 @@ # Services Deployment ## Identity Service Deploying the Identity service requires generating OPAQUE secrets, building the Docker image, and deploying the container. ### Building the Docker image The Docker image can be built with the following command: ```bash docker build -f services/identity -t commapp/identity-server: . ``` ### Generating OPAQUE secrets OPAQUE is an implementation of a PAKE (Passwor-Authenticated Key Exchange) protocol. This allows for authentication of a user without requiring the password credentials to be stored on the server. To generate the server credentials: ``` docker run -v comm-identity-secrets:/home/comm/app/identity/secrets identity keygen ``` **NOTE:** This OPAQUE keypair is used to encrypt the password credentials of all users. The contents of this file should be persisted in a safe manner beyond a Docker volume. ### Running the Identity service To run the service: ``` docker run -d \ -e KEYSERVER_PUBLIC_KEY= \ -p 50054:50054 \ -v comm-identity-secrets:/home/comm/app/identity/secrets \ commapp/identity-server: ``` ## Tunnelbroker Deploying Tunnelbroker consists of building its Docker image and deploying that image as a Docker container. ### Building Tunnelbroker Image The Docker image for Tunnelbroker can be built using the following command from the project root: ``` docker build -f services/tunnelbroker -t commapp/tunnelbroker: . -# Alternatively, there's a script which creates a very small docker context before building +# Alternatively, there’s a script which creates a very small docker context before building services/tunnelbroker/make_docker_image.sh -t commapp/tunnelbroker: . ``` ### Running the container Tunnelbroker can be run in production using the following command: ``` docker run -d commapp/tunnelbroker: \ -p 50051:50051 \ -p 80:51001 \ -v $HOME/.aws:/home/comm/.aws:ro \ tunnelbroker \ --amqp-uri= \ ```