hosts/porter: Put chisel behind nginx

2022-09-28 22:47:52 +02:00 · 2022-09-28 22:47:52 +02:00 · b016e76f09
commit b016e76f09
parent ac61842f29
2 changed files with 14 additions and 2 deletions
--- a/hosts/porter/configuration.nix
+++ b/hosts/porter/configuration.nix
@ -22,6 +22,18 @@
  networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
  networking.nameservers = [ "46.38.255.230" "46.38.252.230" ];

+  services.nginx.enable = true;
+  services.nginx.virtualHosts = {
+    "chisel.clerie.de" = {
+      enableACME = true;
+      addSSL = true;
+      locations."/" = {
+        proxyPass = "http://[::1]:3765";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
  clerie.nginx-port-forward = {
    enable = true;
    tcpPorts."2022" = {
@ -32,7 +44,7 @@

  clerie.chisel.enable = true;

-  networking.firewall.allowedTCPPorts = [ 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.allowedUDPPorts = [];

  clerie.monitoring = {
--- a/modules/chisel/default.nix
+++ b/modules/chisel/default.nix
@ -19,7 +19,7 @@ in {
      after = [ "network.target" ];

      serviceConfig = {
-        ExecStart = "${pkgs.chisel}/bin/chisel server --port 443 --authfile /var/src/secrets/chisel/users.json";
+        ExecStart = "${pkgs.chisel}/bin/chisel server --host [::1] --port 3765 --authfile /var/src/secrets/chisel/users.json";
        Restart = "always";
      };
    };