back round 0 view raw

feat(pm/teal): add menu #136

merged
opened by freshlybakedca.ke targeting main from private/minion/push-mmztworysmow

menu is the golinks provider and URL shortener that we're writing. So we can start using it right away, it would be good to host it on teal ASAP

options
unified split
Changed files
+94 -1
packetmix
systems
teal
menu.nix
projects
nilla.nix
packetmix
workspace.josh
+82
packetmix/systems/teal/menu.nix
··· 1 + # SPDX-FileCopyrightText: 2025 FreshlyBakedCake 2 + # 3 + # SPDX-License-Identifier: MIT 4 + 5 + { 6 + project, 7 + system, 8 + config, 9 + ... 10 + }: 11 + { 12 + systemd.services.menu = { 13 + script = '' 14 + ${config.packages.menu.result.${system}}/bin/menu 15 + ''; 16 + serviceConfig = { 17 + User = "menu"; 18 + Group = "menu"; 19 + PrivateTmp = true; 20 + }; 21 + environment.BIND_ADDR = "127.0.0.1:1038"; 22 + }; 23 + 24 + services.headscale.settings.dns.extra_records = [ 25 + { 26 + # go.freshly.space -> teal 27 + name = "go.freshly.space"; 28 + type = "A"; 29 + value = "100.64.0.5"; 30 + } 31 + { 32 + # menu.freshlybakedca.ke -> teal 33 + name = "menu.freshlybakedca.ke"; 34 + type = "A"; 35 + value = "100.64.0.5"; 36 + } 37 + ]; 38 + 39 + services.nginx.virtualHosts."menu.freshlybakedca.ke" = { 40 + listenAddresses = [ 41 + "0.0.0.0" 42 + "[::0]" 43 + ]; 44 + 45 + addSSL = true; 46 + enableACME = true; 47 + acmeRoot = null; 48 + 49 + serverAliases = [ "go.freshly.space" ]; 50 + 51 + locations."/" = { 52 + proxyPass = "http://127.0.0.1:1038"; 53 + recommendedProxySettings = true; 54 + proxyWebsockets = true; 55 + 56 + extraConfig = '' 57 + proxy_set_header X-Webauth-Login ""; 58 + ''; # TODO: consider setting up oauth2-proxy for internal routes (most of _ except for search) so hyperneutrino/other people who don't have TS on all devices can still use this properly 59 + }; 60 + }; 61 + 62 + services.nginx.enable = true; 63 + services.nginx.virtualHosts."internal.menu.freshlybakedca.ke" = { 64 + listenAddresses = [ "localhost.tailscale" ]; 65 + 66 + addSSL = true; 67 + enableACME = true; 68 + acmeRoot = null; 69 + 70 + serverAliases = [ "go.freshly.space" ]; 71 + 72 + locations."/" = { 73 + proxyPass = "http://127.0.0.1:1038"; 74 + recommendedProxySettings = true; 75 + }; 76 + }; 77 + 78 + services.nginx.tailscaleAuth = { 79 + enable = true; 80 + virtualHosts = [ "internal.menu.freshlybakedca.ke" ]; 81 + }; 82 + }
+11 -1
projects/nilla.nix
··· 30 30 }) pins; 31 31 } 32 32 ) 33 - ]; 33 + ] 34 + ++ ( 35 + if (builtins.readDir ./.) ? "dependencies" then 36 + (lib.fp.pipe [ 37 + builtins.readDir 38 + builtins.attrNames 39 + (map (name: "${./dependencies}/${name}/project.nix")) 40 + ] ./dependencies) 41 + else 42 + [ ] 43 + ); 34 44 35 45 args = { 36 46 inherit nilla pins; # pins needs to be a static arg for us to import from it...
+1
projects/packetmix/workspace.josh
··· 1 1 ::.tangled/ 2 2 ::LICENSES/ 3 + dependencies/menu = :/menu 3 4 ::npins/ 4 5 ::nilla.nix=projects/nilla.nix 5 6 ::workspace.josh.license=projects/packetmix/workspace.josh.license