From b016e76f0955baf8250fb754267fcea99ad716a3 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Wed, 28 Sep 2022 22:47:52 +0200
Subject: [PATCH] hosts/porter: Put chisel behind nginx

---
 hosts/porter/configuration.nix | 14 +++++++++++++-
 modules/chisel/default.nix     |  2 +-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/hosts/porter/configuration.nix b/hosts/porter/configuration.nix
index 3f55bfe..bab0af9 100644
--- a/hosts/porter/configuration.nix
+++ b/hosts/porter/configuration.nix
@@ -22,6 +22,18 @@
   networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
   networking.nameservers = [ "46.38.255.230" "46.38.252.230" ];
 
+  services.nginx.enable = true;
+  services.nginx.virtualHosts = {
+    "chisel.clerie.de" = {
+      enableACME = true;
+      addSSL = true;
+      locations."/" = {
+        proxyPass = "http://[::1]:3765";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
   clerie.nginx-port-forward = {
     enable = true;
     tcpPorts."2022" = {
@@ -32,7 +44,7 @@
 
   clerie.chisel.enable = true;
 
-  networking.firewall.allowedTCPPorts = [ 443 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
   networking.firewall.allowedUDPPorts = [];
 
   clerie.monitoring = {
diff --git a/modules/chisel/default.nix b/modules/chisel/default.nix
index 3e045a6..1fc7ab6 100644
--- a/modules/chisel/default.nix
+++ b/modules/chisel/default.nix
@@ -19,7 +19,7 @@ in {
       after = [ "network.target" ];
 
       serviceConfig = {
-        ExecStart = "${pkgs.chisel}/bin/chisel server --port 443 --authfile /var/src/secrets/chisel/users.json";
+        ExecStart = "${pkgs.chisel}/bin/chisel server --host [::1] --port 3765 --authfile /var/src/secrets/chisel/users.json";
         Restart = "always";
       };
     };