From 316a6cd2ce5cc618aeb4142538907d76c734738f Mon Sep 17 00:00:00 2001 From: Skyler Grey Date: Sat, 3 Jan 2026 17:08:10 +0000 Subject: [PATCH] feat(pm/teal): add menu Change-Id: tqymwyvmnyzowkvymlpuwzsmmuzzpysm menu is the golinks provider and URL shortener that we're writing. So we can start using it right away, it would be good to host it on teal ASAP --- packetmix/systems/teal/headscale.nix | 1 + packetmix/systems/teal/menu.nix | 94 ++++++++++++++++++++++++++++ projects/nilla.nix | 12 +++- projects/packetmix/workspace.josh | 1 + 4 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 packetmix/systems/teal/menu.nix diff --git a/packetmix/systems/teal/headscale.nix b/packetmix/systems/teal/headscale.nix index d073da17..1ac81672 100644 --- a/packetmix/systems/teal/headscale.nix +++ b/packetmix/systems/teal/headscale.nix @@ -132,6 +132,7 @@ in "2606:4700:4700::1111" "2606:4700:4700::1001" ]; + search_domains = [ "search.freshly.space" ]; base_domain = "clicks.domains"; }; auth_setup_allow_defer = true; # Otherwise we'll fall back to CLI auth diff --git a/packetmix/systems/teal/menu.nix b/packetmix/systems/teal/menu.nix new file mode 100644 index 00000000..da7c2e02 --- /dev/null +++ b/packetmix/systems/teal/menu.nix @@ -0,0 +1,94 @@ +# SPDX-FileCopyrightText: 2025 FreshlyBakedCake +# +# SPDX-License-Identifier: MIT + +{ + project, + system, + config, + ... +}: +{ + systemd.services.menu = { + script = '' + ${config.packages.menu.result.${system}}/bin/menu + ''; + serviceConfig = { + User = "menu"; + Group = "menu"; + PrivateTmp = true; + }; + environment.BIND_ADDR = "127.0.0.1:1038"; + }; + + services.headscale.settings.dns.extra_records = [ + { + # go.search.freshly.space -> teal + name = "go.search.freshly.space"; + type = "A"; + value = "100.64.0.5"; + } + { + # menu.freshlybakedca.ke -> teal + name = "menu.freshlybakedca.ke"; + type = "A"; + value = "100.64.0.5"; + } + ]; + + services.nginx.virtualHosts."menu.freshlybakedca.ke" = { + listenAddresses = [ + "0.0.0.0" + "[::0]" + ]; + + addSSL = true; + enableACME = true; + acmeRoot = null; + + serverAliases = [ "go.search.freshly.space" ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:1038"; + recommendedProxySettings = true; + proxyWebsockets = true; + + extraConfig = '' + proxy_set_header X-Webauth-Login ""; + ''; # TODO: consider setting up oauth2-proxy for internal routes (most of _ except for search) so hyperneutrino/other people who don't have TS on all devices can still use this properly + }; + }; + + services.nginx.enable = true; + services.nginx.virtualHosts."internal.menu.freshlybakedca.ke" = { + listenAddresses = [ "localhost.tailscale" ]; + + addSSL = true; + enableACME = true; + acmeRoot = null; + + serverAliases = [ "go.search.freshly.space" ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:1038"; + recommendedProxySettings = true; + }; + }; + + services.nginx.virtualHosts."go" = { + listenAddresses = [ "localhost.tailscale" ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:1038"; + recommendedProxySettings = true; + }; + }; + + services.nginx.tailscaleAuth = { + enable = true; + virtualHosts = [ + "internal.menu.freshlybakedca.ke" + "go" + ]; + }; +} diff --git a/projects/nilla.nix b/projects/nilla.nix index f4fd7bf9..b823e27d 100644 --- a/projects/nilla.nix +++ b/projects/nilla.nix @@ -30,7 +30,17 @@ let }) pins; } ) - ]; + ] + ++ ( + if (builtins.readDir ./.) ? "dependencies" then + (lib.fp.pipe [ + builtins.readDir + builtins.attrNames + (map (name: "${./dependencies}/${name}/project.nix")) + ] ./dependencies) + else + [ ] + ); args = { inherit nilla pins; # pins needs to be a static arg for us to import from it... diff --git a/projects/packetmix/workspace.josh b/projects/packetmix/workspace.josh index 86dbd152..69e70fa6 100644 --- a/projects/packetmix/workspace.josh +++ b/projects/packetmix/workspace.josh @@ -1,5 +1,6 @@ ::.tangled/ ::LICENSES/ +dependencies/menu = :/menu ::npins/ ::nilla.nix=projects/nilla.nix ::workspace.josh.license=projects/packetmix/workspace.josh.license -- 2.43.0