diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000..bbc29d2
Binary files /dev/null and b/.DS_Store differ
diff --git a/Makefile b/Makefile
index 8b1b631..b2d1cf2 100644
--- a/Makefile
+++ b/Makefile
@@ -21,9 +21,10 @@ kitchen: wasm kitchen/src/*.rs
 release: wasmrelease
 	cd kitchen; cargo build --release
 
-static-prep: web/index.html web/static/*.css
+static-prep: web/index.html web/favicon.ico web/static/*.css
 	mkdir -p web/dist
 	cp -r web/index.html web/dist/
+	cp -r web/favicon.ico web/dist/
 	cp -r web/static web/dist/
 
 wasmrelease: wasmrelease-dist static-prep
diff --git a/kitchen/.DS_Store b/kitchen/.DS_Store
new file mode 100644
index 0000000..09a0894
Binary files /dev/null and b/kitchen/.DS_Store differ
diff --git a/kitchen/src/web/mod.rs b/kitchen/src/web/mod.rs
index a55e3e2..5eda923 100644
--- a/kitchen/src/web/mod.rs
+++ b/kitchen/src/web/mod.rs
@@ -371,6 +371,7 @@ pub async fn ui_main(recipe_dir_path: PathBuf, store_path: PathBuf, listen_socke
         .expect("Failed to run database migrations");
     let router = Router::new()
         .route("/", get(|| async { Redirect::temporary("/ui/plan") }))
+        .route("/favicon.ico", get(|| async { StaticFile("favicon.ico") }))
         .route("/ui/*path", get(ui_static_assets))
         // TODO(jwall): We should use route_layer to enforce the authorization
         // requirements here.
diff --git a/nix/.DS_Store b/nix/.DS_Store
new file mode 100644
index 0000000..e9689d5
Binary files /dev/null and b/nix/.DS_Store differ
diff --git a/web/.DS_Store b/web/.DS_Store
new file mode 100644
index 0000000..27e1f0f
Binary files /dev/null and b/web/.DS_Store differ
diff --git a/web/favicon.ico b/web/favicon.ico
new file mode 100644
index 0000000..c98b990
Binary files /dev/null and b/web/favicon.ico differ