Deploy chisel on porter

2021-07-23 23:32:33 +02:00 · 2021-07-23 23:32:33 +02:00 · 6cec90bdfa
parent b7798bf8ee
commit 6cec90bdfa
3 changed files with 31 additions and 0 deletions
--- a/hosts/porter/configuration.nix
+++ b/hosts/porter/configuration.nix
@ -75,6 +75,9 @@
    };
  };

+  clerie.chisel.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 443 ];
  networking.firewall.allowedUDPPorts = [ 50101 50138 51337 ];

  services.bird2.enable = true;
--- a/modules/chisel/default.nix
+++ b/modules/chisel/default.nix
@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.clerie.chisel;
+
+in {
+  options = {
+    clerie.chisel = {
+      enable = mkEnableOption "Chisel Tunnel Service";
+    };
+  };
+
+  config = {
+    systemd.services.chisel = mkIf cfg.enable {
+      description = "Chisel Tunnel";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        ExecStart = "${pkgs.chisel}/bin/chisel server --port 443 --authfile /var/src/secrets/chisel/users.json";
+        Restart = "always";
+      };
+    };
+  };
+}
--- a/modules/default.nix
+++ b/modules/default.nix
@ -4,6 +4,7 @@
  imports = [
    ./policyrouting
    ./anycast_healthchecker
+    ./chisel
    ./gitea
    ./gre-tunnel
    ./minecraft-server