C2(jobsync): close build-jobsync-container, integrate-jobsync-ollama

build-jobsync-container: Updated with lessons learned (prisma-engines
from nixpkgs, Google Fonts sandbox workaround, arm64 vs x86_64).
integrate-jobsync-ollama: Configuration-only card, env var will be
set in the deployment manifest.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

docs/how-to/jobsync/build-jobsync-container.md

@@ -1,7 +1,6 @@
 ---
 title: Build JobSync Container
-modified: 2026-03-07
-status: active
+modified: 2026-03-08
 requires:
   - mirror-jobsync
 tags:
@@ -25,11 +24,25 @@ JobSync is a Next.js standalone app with Prisma (SQLite). The nix build needs to
 ## Key Details
 
 - **Runtime dependency:** `nodejs_20` must be in the image (unlike Go apps that compile to static binaries)
-- **Prisma native engine:** `prisma generate` produces a platform-specific query engine binary; the nix build targets `linux-x86_64` for ringtail
-- **`npmDepsHash`:** Will need to be computed on first build (set to empty, let it fail, grab the hash)
+- **Prisma native engine:** Use `pkgs.prisma-engines` from nixpkgs — do NOT let Prisma download engines at build time (nix sandbox blocks network)
+- **`npmDepsHash`:** Computed on first build (set to empty, let it fail, grab the hash)
 - **Standalone output:** Next.js `output: "standalone"` produces a self-contained `server.js` with minimal `node_modules`
 
-## Nix Container Pitfalls (learned from first attempt)
+## Nix Container Pitfalls
+
+### Prisma engine downloads in nix sandbox
+
+Prisma tries to download platform-specific engine binaries during `prisma generate`. The nix sandbox blocks network access, causing the build to fail.
+
+**Fix:** Use `pkgs.prisma-engines` from nixpkgs and set environment variables:
+- `PRISMA_QUERY_ENGINE_LIBRARY`, `PRISMA_QUERY_ENGINE_BINARY`, `PRISMA_SCHEMA_ENGINE_BINARY`, `PRISMA_FMT_BINARY` — point at nixpkgs engines
+- `PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING=1` — tolerate minor version mismatch between nixpkgs engines and npm prisma package
+
+### Google Fonts blocked by nix sandbox
+
+`next/font/google` (Inter font) fetches from `fonts.googleapis.com` during `next build`. Nix sandbox blocks this.
+
+**Fix:** Patch `src/app/layout.tsx` in `postPatch` to replace the Google font import with a no-op object. The app falls back to system sans-serif.
 
 ### Prisma devDependency pruning
 
@@ -41,15 +54,9 @@ JobSync is a Next.js standalone app with Prisma (SQLite). The nix build needs to
 
 Nix containers have no `/app` directory. The app lives at `/nix/store/<hash>/app/` and the container's `WorkingDir` is set to that path. The entrypoint must not `cd /app` — it should rely on the `WorkingDir` set in the container config.
 
-### Verification
+### Build on ringtail, not via Dagger
 
-The container must be tested before deployment. After building, verify:
-
-```sh
-# Run a debug pod with the new image:
-kubectl run debug --image=<image> --restart=Never --command -- \
-  sh -c 'ls node_modules/@prisma/engines/ && node -e "require(\"@prisma/engines\")"'
-```
+The Dagger `build-nix` pipeline runs in a container matching the host architecture. On macOS (arm64), this produces `linux-arm64` builds, which won't run on ringtail (x86_64). Build directly on ringtail or use the CI workflow.
 
 ## Files
 

docs/how-to/jobsync/integrate-jobsync-ollama.md

@@ -1,7 +1,6 @@
 ---
 title: Integrate JobSync with Ollama
-modified: 2026-03-07
-status: active
+modified: 2026-03-08
 tags:
   - how-to
   - jobsync