Sandstorm Dev Notes - Part 1

I like Sandstorm so much that I’m finally developing an app for it. It’ll use PostGraphQL to move all of the business logic into PostgreSQL, and React, Redux, and Apollo to handle the UI and data reading/manipulation. I’ll be documenting the weird issues I’ve run into when setting this up, since there aren’t a ton of docs on this particular combo of services.



Due to how grains have random UID/GID assigned to them for security purposes, and because /etc/passwd and /etc/group are not available when running, initdb will fail because it wants to look up the current UID in /etc/passwd for security reasons. You can get around this by using nss_wrapper:

export PGDATA=/var/lib/postgres

echo "postgres:x:$(id -u):$(id -g):PostgreSQL user:/var/lib/postgres:/bin/sh" > /var/passwd
echo "postgres:x:$(id -g):" > /var/group

if [ ! -d $PGDATA ]; then
  LD_PRELOAD=/usr/lib/ NSS_WRAPPER_PASSWD=/var/passwd NSS_WRAPPER_GROUP=/var/group /usr/lib/postgresql/10/bin/initdb


Since you don’t have /etc. you also don’t have /etc/hosts, which is where the hostname localhost is defined. Use everywhere (your app, PostgreSQL config) instead.



Some Node modules want your HOME directory:

const home = os.homedir();

Error: ENOENT: no such file or directory, uv_os_homedir

export HOME=/var at the top of will fix it.

Apollo Client, and all XHR for that matter

You’ll want to send cookies from the grain frame along with your request, otherwise XHR won’t work. In an Apollo client for GraphQL requests, that looks like this (bonus Authentication header setting for PostGraphQL):

import { ApolloClient } from 'apollo-client';
import { createHttpLink } from 'apollo-link-http';
import { InMemoryCache } from 'apollo-cache-inmemory';
import { setContext } from 'apollo-link-context';

const httpLink = createHttpLink({ uri: '/graphql' });
const authLink = setContext((_, { headers }) => {
  const { jwtToken } = place.where.jwt.token.stored;

  const newHeaders = {};
  if (jwtToken) {
    newHeaders.authorization = `Bearer ${jwtToken}`;

  return {
    headers: {
    credentials: 'include', // gets XHR working with Sandstorm

export default new ApolloClient({
  link: authLink.concat(httpLink),
  cache: new InMemoryCache(),