back round 2 view raw

feat(pm/teal): add menu #136

merged
opened by freshlybakedca.ke targeting main from private/minion/push-mmztworysmow

menu is the golinks provider and URL shortener that we're writing. So we can start using it right away, it would be good to host it on teal ASAP

options
unified split
Changed files
+108 -1
packetmix
systems
teal
headscale.nix
menu.nix
projects
nilla.nix
packetmix
workspace.josh
+1
packetmix/systems/teal/headscale.nix
··· 132 132 "2606:4700:4700::1111" 133 133 "2606:4700:4700::1001" 134 134 ]; 135 + search_domains = [ "search.freshly.space" ]; 135 136 base_domain = "clicks.domains"; 136 137 }; 137 138 auth_setup_allow_defer = true; # Otherwise we'll fall back to CLI auth
+94
packetmix/systems/teal/menu.nix
··· 1 + # SPDX-FileCopyrightText: 2025 FreshlyBakedCake 2 + # 3 + # SPDX-License-Identifier: MIT 4 + 5 + { 6 + project, 7 + system, 8 + config, 9 + ... 10 + }: 11 + { 12 + systemd.services.menu = { 13 + script = '' 14 + ${config.packages.menu.result.${system}}/bin/menu 15 + ''; 16 + serviceConfig = { 17 + User = "menu"; 18 + Group = "menu"; 19 + PrivateTmp = true; 20 + }; 21 + environment.BIND_ADDR = "127.0.0.1:1038"; 22 + }; 23 + 24 + services.headscale.settings.dns.extra_records = [ 25 + { 26 + # go.search.freshly.space -> teal 27 + name = "go.search.freshly.space"; 28 + type = "A"; 29 + value = "100.64.0.5"; 30 + } 31 + { 32 + # menu.freshlybakedca.ke -> teal 33 + name = "menu.freshlybakedca.ke"; 34 + type = "A"; 35 + value = "100.64.0.5"; 36 + } 37 + ]; 38 + 39 + services.nginx.virtualHosts."menu.freshlybakedca.ke" = { 40 + listenAddresses = [ 41 + "0.0.0.0" 42 + "[::0]" 43 + ]; 44 + 45 + addSSL = true; 46 + enableACME = true; 47 + acmeRoot = null; 48 + 49 + serverAliases = [ "go.search.freshly.space" ]; 50 + 51 + locations."/" = { 52 + proxyPass = "http://127.0.0.1:1038"; 53 + recommendedProxySettings = true; 54 + proxyWebsockets = true; 55 + 56 + extraConfig = '' 57 + proxy_set_header X-Webauth-Login ""; 58 + ''; # TODO: consider setting up oauth2-proxy for internal routes (most of _ except for search) so hyperneutrino/other people who don't have TS on all devices can still use this properly 59 + }; 60 + }; 61 + 62 + services.nginx.enable = true; 63 + services.nginx.virtualHosts."internal.menu.freshlybakedca.ke" = { 64 + listenAddresses = [ "localhost.tailscale" ]; 65 + 66 + addSSL = true; 67 + enableACME = true; 68 + acmeRoot = null; 69 + 70 + serverAliases = [ "go.search.freshly.space" ]; 71 + 72 + locations."/" = { 73 + proxyPass = "http://127.0.0.1:1038"; 74 + recommendedProxySettings = true; 75 + }; 76 + }; 77 + 78 + services.nginx.virtualHosts."go" = { 79 + listenAddresses = [ "localhost.tailscale" ]; 80 + 81 + locations."/" = { 82 + proxyPass = "http://127.0.0.1:1038"; 83 + recommendedProxySettings = true; 84 + }; 85 + }; 86 + 87 + services.nginx.tailscaleAuth = { 88 + enable = true; 89 + virtualHosts = [ 90 + "internal.menu.freshlybakedca.ke" 91 + "go" 92 + ]; 93 + }; 94 + }
+12 -1
projects/nilla.nix
··· 30 30 }) pins; 31 31 } 32 32 ) 33 - ]; 33 + ] 34 + ++ ( 35 + if (builtins.readDir ./.) ? "dependencies" then 36 + let 37 + dependenciesDir = ./dependencies; 38 + dependencies = builtins.attrNames (builtins.readDir dependenciesDir); 39 + depedencyFiles = map (name: "${./dependencies}/${name}/project.nix") dependencies; 40 + in 41 + depedencyFiles 42 + else 43 + [ ] 44 + ); 34 45 35 46 args = { 36 47 inherit nilla pins; # pins needs to be a static arg for us to import from it...
+1
projects/packetmix/workspace.josh
··· 1 1 ::.tangled/ 2 2 ::LICENSES/ 3 + dependencies/menu = :/menu 3 4 ::npins/ 4 5 ::nilla.nix=projects/nilla.nix 5 6 ::workspace.josh.license=projects/packetmix/workspace.josh.license