Deploy chisel on porter

hosts/porter/configuration.nix

@@ -75,6 +75,9 @@
     };
   };
 
+  clerie.chisel.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 443 ];
   networking.firewall.allowedUDPPorts = [ 50101 50138 51337 ];
 
   services.bird2.enable = true;

modules/chisel/default.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.clerie.chisel;
+
+in {
+  options = {
+    clerie.chisel = {
+      enable = mkEnableOption "Chisel Tunnel Service";
+    };
+  };
+
+  config = {
+    systemd.services.chisel = mkIf cfg.enable {
+      description = "Chisel Tunnel";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        ExecStart = "${pkgs.chisel}/bin/chisel server --port 443 --authfile /var/src/secrets/chisel/users.json";
+        Restart = "always";
+      };
+    };
+  };
+}

modules/default.nix

@@ -4,6 +4,7 @@
   imports = [
     ./policyrouting
     ./anycast_healthchecker
+    ./chisel
     ./gitea
     ./gre-tunnel
     ./minecraft-server