freshlybakedca.ke / patisserie
Your one-stop-cake-shop for everything Freshly Baked has to offer
fork atom

feat(pm/teal): add menu

menu is the golinks provider and URL shortener that we're writing. So we
can start using it right away, it would be good to host it on teal ASAP

a.starrysky.fyi 913084a2 2621a286

5/5
deadnix.yml
packetmix-build.yml
packetmix-npins-duplicate-check.yml
packetmix-treefmt.yaml
reuse.yml
options
unified split
Changed files
+117 -1
packetmix
systems
teal
headscale.nix
menu.nix
projects
nilla.nix
packetmix
workspace.josh
+1
packetmix/systems/teal/headscale.nix
··· 132 132 "2606:4700:4700::1111" 133 133 "2606:4700:4700::1001" 134 134 ]; 135 + search_domains = [ "search.freshly.space" ]; 135 136 base_domain = "clicks.domains"; 136 137 }; 137 138 auth_setup_allow_defer = true; # Otherwise we'll fall back to CLI auth
+103
packetmix/systems/teal/menu.nix
··· 1 + # SPDX-FileCopyrightText: 2025 FreshlyBakedCake 2 + # 3 + # SPDX-License-Identifier: MIT 4 + 5 + { 6 + project, 7 + system, 8 + config, 9 + ... 10 + }: 11 + { 12 + users.users.menu = { 13 + isSystemUser = true; 14 + group = "menu"; 15 + }; 16 + users.groups.menu = { }; 17 + 18 + systemd.services.menu = { 19 + wantedBy = [ "default.target" ]; 20 + script = '' 21 + ${project.packages.menu.result.${system}}/bin/menu 22 + ''; 23 + serviceConfig = { 24 + User = "menu"; 25 + Group = "menu"; 26 + PrivateTmp = true; 27 + }; 28 + environment.BIND_ADDR = "127.0.0.1:1038"; 29 + }; 30 + 31 + services.headscale.settings.dns.extra_records = [ 32 + { 33 + # go.search.freshly.space -> teal 34 + name = "go.search.freshly.space"; 35 + type = "A"; 36 + value = "100.64.0.5"; 37 + } 38 + { 39 + # menu.freshlybakedca.ke -> teal 40 + name = "menu.freshlybakedca.ke"; 41 + type = "A"; 42 + value = "100.64.0.5"; 43 + } 44 + ]; 45 + 46 + services.nginx.virtualHosts."menu.freshlybakedca.ke" = { 47 + listenAddresses = [ 48 + "0.0.0.0" 49 + "[::0]" 50 + ]; 51 + 52 + addSSL = true; 53 + enableACME = true; 54 + acmeRoot = null; 55 + 56 + serverAliases = [ "go.search.freshly.space" ]; 57 + 58 + locations."/" = { 59 + proxyPass = "http://127.0.0.1:1038"; 60 + recommendedProxySettings = true; 61 + proxyWebsockets = true; 62 + 63 + extraConfig = '' 64 + proxy_set_header X-Webauth-Login ""; 65 + ''; # TODO: consider setting up oauth2-proxy for internal routes (most of _ except for search) so hyperneutrino/other people who don't have TS on all devices can still use this properly 66 + }; 67 + }; 68 + 69 + services.nginx.enable = true; 70 + services.nginx.virtualHosts."internal.menu.freshlybakedca.ke" = { 71 + listenAddresses = [ "localhost.tailscale" ]; 72 + 73 + addSSL = true; 74 + enableACME = true; 75 + acmeRoot = null; 76 + 77 + serverName = "menu.freshlybakedca.ke"; 78 + 79 + serverAliases = [ "go.search.freshly.space" ]; 80 + 81 + locations."/" = { 82 + proxyPass = "http://127.0.0.1:1038"; 83 + recommendedProxySettings = true; 84 + }; 85 + }; 86 + 87 + services.nginx.virtualHosts."go" = { 88 + listenAddresses = [ "localhost.tailscale" ]; 89 + 90 + locations."/" = { 91 + proxyPass = "http://127.0.0.1:1038"; 92 + recommendedProxySettings = true; 93 + }; 94 + }; 95 + 96 + services.nginx.tailscaleAuth = { 97 + enable = true; 98 + virtualHosts = [ 99 + "internal.menu.freshlybakedca.ke" 100 + "go" 101 + ]; 102 + }; 103 + }
+12 -1
projects/nilla.nix
··· 30 30 }) pins; 31 31 } 32 32 ) 33 - ]; 33 + ] 34 + ++ ( 35 + if (builtins.readDir ./.) ? "dependencies" then 36 + let 37 + dependenciesDir = ./dependencies; 38 + dependencies = builtins.attrNames (builtins.readDir dependenciesDir); 39 + depedencyFiles = map (name: "${./dependencies}/${name}/project.nix") dependencies; 40 + in 41 + depedencyFiles 42 + else 43 + [ ] 44 + ); 34 45 35 46 args = { 36 47 inherit nilla pins; # pins needs to be a static arg for us to import from it...
+1
projects/packetmix/workspace.josh
··· 1 1 ::.tangled/ 2 2 ::LICENSES/ 3 + dependencies/menu = :/menu 3 4 ::npins/ 4 5 ::nilla.nix=projects/nilla.nix 5 6 ::workspace.josh.license=projects/packetmix/workspace.josh.license