freshlybakedca.ke / patisserie
Your one-stop-cake-shop for everything Freshly Baked has to offer
fork atom

feat(pm/teal): add menu

menu is the golinks provider and URL shortener that we're writing. So we
can start using it right away, it would be good to host it on teal ASAP

authored by a.starrysky.fyi and committed by tangled.org 0ea0c7db 97a21bf7

options
unified split
Changed files
+117 -1
packetmix
systems
teal
headscale.nix
menu.nix
projects
nilla.nix
packetmix
workspace.josh
+1
packetmix/systems/teal/headscale.nix
··· 132 "2606:4700:4700::1111" 133 "2606:4700:4700::1001" 134 ]; 135 base_domain = "clicks.domains"; 136 }; 137 auth_setup_allow_defer = true; # Otherwise we'll fall back to CLI auth
··· 132 "2606:4700:4700::1111" 133 "2606:4700:4700::1001" 134 ]; 135 + search_domains = [ "search.freshly.space" ]; 136 base_domain = "clicks.domains"; 137 }; 138 auth_setup_allow_defer = true; # Otherwise we'll fall back to CLI auth
+103
packetmix/systems/teal/menu.nix
···
··· 1 + # SPDX-FileCopyrightText: 2025 FreshlyBakedCake 2 + # 3 + # SPDX-License-Identifier: MIT 4 + 5 + { 6 + project, 7 + system, 8 + config, 9 + ... 10 + }: 11 + { 12 + users.users.menu = { 13 + isSystemUser = true; 14 + group = "menu"; 15 + }; 16 + users.groups.menu = { }; 17 + 18 + systemd.services.menu = { 19 + wantedBy = [ "default.target" ]; 20 + script = '' 21 + ${project.packages.menu.result.${system}}/bin/menu 22 + ''; 23 + serviceConfig = { 24 + User = "menu"; 25 + Group = "menu"; 26 + PrivateTmp = true; 27 + }; 28 + environment.BIND_ADDR = "127.0.0.1:1038"; 29 + }; 30 + 31 + services.headscale.settings.dns.extra_records = [ 32 + { 33 + # go.search.freshly.space -> teal 34 + name = "go.search.freshly.space"; 35 + type = "A"; 36 + value = "100.64.0.5"; 37 + } 38 + { 39 + # menu.freshlybakedca.ke -> teal 40 + name = "menu.freshlybakedca.ke"; 41 + type = "A"; 42 + value = "100.64.0.5"; 43 + } 44 + ]; 45 + 46 + services.nginx.virtualHosts."menu.freshlybakedca.ke" = { 47 + listenAddresses = [ 48 + "0.0.0.0" 49 + "[::0]" 50 + ]; 51 + 52 + addSSL = true; 53 + enableACME = true; 54 + acmeRoot = null; 55 + 56 + serverAliases = [ "go.search.freshly.space" ]; 57 + 58 + locations."/" = { 59 + proxyPass = "http://127.0.0.1:1038"; 60 + recommendedProxySettings = true; 61 + proxyWebsockets = true; 62 + 63 + extraConfig = '' 64 + proxy_set_header X-Webauth-Login ""; 65 + ''; # TODO: consider setting up oauth2-proxy for internal routes (most of _ except for search) so hyperneutrino/other people who don't have TS on all devices can still use this properly 66 + }; 67 + }; 68 + 69 + services.nginx.enable = true; 70 + services.nginx.virtualHosts."internal.menu.freshlybakedca.ke" = { 71 + listenAddresses = [ "localhost.tailscale" ]; 72 + 73 + addSSL = true; 74 + enableACME = true; 75 + acmeRoot = null; 76 + 77 + serverName = "menu.freshlybakedca.ke"; 78 + 79 + serverAliases = [ "go.search.freshly.space" ]; 80 + 81 + locations."/" = { 82 + proxyPass = "http://127.0.0.1:1038"; 83 + recommendedProxySettings = true; 84 + }; 85 + }; 86 + 87 + services.nginx.virtualHosts."go" = { 88 + listenAddresses = [ "localhost.tailscale" ]; 89 + 90 + locations."/" = { 91 + proxyPass = "http://127.0.0.1:1038"; 92 + recommendedProxySettings = true; 93 + }; 94 + }; 95 + 96 + services.nginx.tailscaleAuth = { 97 + enable = true; 98 + virtualHosts = [ 99 + "internal.menu.freshlybakedca.ke" 100 + "go" 101 + ]; 102 + }; 103 + }
+12 -1
projects/nilla.nix
··· 30 }) pins; 31 } 32 ) 33 - ]; 34 35 args = { 36 inherit nilla pins; # pins needs to be a static arg for us to import from it...
··· 30 }) pins; 31 } 32 ) 33 + ] 34 + ++ ( 35 + if (builtins.readDir ./.) ? "dependencies" then 36 + let 37 + dependenciesDir = ./dependencies; 38 + dependencies = builtins.attrNames (builtins.readDir dependenciesDir); 39 + depedencyFiles = map (name: "${./dependencies}/${name}/project.nix") dependencies; 40 + in 41 + depedencyFiles 42 + else 43 + [ ] 44 + ); 45 46 args = { 47 inherit nilla pins; # pins needs to be a static arg for us to import from it...
+1
projects/packetmix/workspace.josh
··· 1 ::.tangled/ 2 ::LICENSES/ 3 ::npins/ 4 ::nilla.nix=projects/nilla.nix 5 ::workspace.josh.license=projects/packetmix/workspace.josh.license
··· 1 ::.tangled/ 2 ::LICENSES/ 3 + dependencies/menu = :/menu 4 ::npins/ 5 ::nilla.nix=projects/nilla.nix 6 ::workspace.josh.license=projects/packetmix/workspace.josh.license