patch of fix(server): disable zsh new user welcome · round #2 · pull #71 · freshlybakedca.ke/patisserie

We can do this by redefining the function zsh calls to be a no-op... I haven't decided if we want this on user machines, but we definitely don't want it on servers

Refs: https://discourse.nixos.org/t/zsh-configuration-for-new-users-keeps-recurring

+16

packetmix/systems/umber/acme.nix

···

··· 1 + # SPDX-FileCopyrightText: 2025 FreshlyBakedCake 2 + # 3 + # SPDX-License-Identifier: MIT 4 + 5 + { 6 + security.acme = { 7 + acceptTerms = true; 8 + defaults = { 9 + email = "acme@starrysky.fyi"; 10 + dnsProvider = "cloudflare"; 11 + environmentFile = "/secrets/acme/environmentFile"; 12 + }; 13 + }; 14 + 15 + clicks.storage.impermanence.persist.directories = [ "/var/lib/acme" ]; 16 + }

+65

packetmix/systems/umber/silverbullet.nix

···

··· 1 + # SPDX-FileCopyrightText: 2025 FreshlyBakedCake 2 + # 3 + # SPDX-License-Identifier: MIT 4 + 5 + { 6 + project, 7 + system, 8 + config, 9 + ... 10 + }: 11 + { 12 + clicks.storage.impermanence.persist.directories = [ 13 + { 14 + directory = config.services.silverbullet.spaceDir; 15 + mode = "0700"; 16 + defaultPerms.mode = "0700"; 17 + } 18 + ]; 19 + 20 + services.silverbullet = { 21 + enable = true; 22 + listenPort = 1024; 23 + listenAddress = "127.0.0.1"; 24 + package = project.inputs.nixos-unstable.result.${system}.silverbullet; 25 + }; 26 + 27 + services.nginx.enable = true; 28 + services.nginx.virtualHosts."silverbullet.starrysky.fyi" = { 29 + listenAddresses = [ "localhost.tailscale" ]; 30 + 31 + addSSL = true; 32 + enableACME = true; 33 + acmeRoot = null; 34 + 35 + serverAliases = [ "umber.clicks.domains" ]; 36 + 37 + locations."/" = { 38 + proxyPass = "http://$silverbullet_upstream_minion_only"; 39 + recommendedProxySettings = true; 40 + }; 41 + }; 42 + 43 + services.nginx.virtualHosts."silverbullet_access_denied" = { 44 + listen = [ 45 + { 46 + addr = "127.0.0.1"; 47 + port = 403; 48 + } 49 + ]; 50 + locations."/".return = 51 + ''403 '403 - Access Denied: Your device is logged on to tailscale as '$http_x_webauth_user'. Unfortunately, this is a private silverbullet instance for 'minion', please use https://silverbullet.clicks.codes instead' ''; 52 + }; 53 + 54 + services.nginx.commonHttpConfig = '' 55 + map $auth_user $silverbullet_upstream_minion_only { 56 + default 127.0.0.1:403; 57 + minion 127.0.0.1:1024; 58 + } 59 + ''; 60 + 61 + services.nginx.tailscaleAuth = { 62 + enable = true; 63 + virtualHosts = [ "silverbullet.starrysky.fyi" ]; 64 + }; 65 + }

+13

packetmix/systems/umber/tailscale.nix

···

··· 1 + # SPDX-FileCopyrightText: 2025 FreshlyBakedCake 2 + # 3 + # SPDX-License-Identifier: MIT 4 + 5 + { 6 + networking.hosts."100.64.0.48" = [ "localhost.tailscale" ]; 7 + 8 + services.nginx.defaultListenAddresses = [ 9 + "0.0.0.0" 10 + "[::0]" 11 + "localhost.tailscale" 12 + ]; 13 + }

packetmix/workspace.josh.license

···

··· 1 + SPDX-FileCopyrightText: 2025 FreshlyBakedCake 2 + 3 + SPDX-License-Identifier: CC0-1.0

packetmix/systems/server/zsh.nix

···

··· 1 + # SPDX-FileCopyrightText: 2025 FreshlyBakedCake 2 + # 3 + # SPDX-License-Identifier: MIT 4 + 5 + { 6 + programs.zsh.shellInit = "zsh-newuser-install() { true }"; 7 + }