Update nixpkgs sources

flake.lock

@@ -22,11 +22,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1667142599,
-        "narHash": "sha256-OLJxsg9VqfKjFkerOxWtNIkibsCvxsv5A8wNWO1MeWk=",
+        "lastModified": 1675183161,
+        "narHash": "sha256-Zq8sNgAxDckpn7tJo7V1afRSk2eoVbu3OjI1QklGLNg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "412b9917cea092f3d39f9cd5dead4effd5bc4053",
+        "rev": "e1e1b192c1a5aab2960bf0a0bd53a2e8124fa18e",
         "type": "github"
       },
       "original": {

modules/chisel/default.nix

@@ -1,97 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.chisel-server;
-
-in {
-  options = {
-    services.chisel-server = {
-      enable = mkEnableOption (mdDoc "Chisel Tunnel Server");
-      host = mkOption {
-        description = mdDoc "Address to listen on, falls back to 0.0.0.0";
-        type = with types; nullOr str;
-        default = null;
-        example = "[::1]";
-      };
-      port = mkOption {
-        description = mkDoc "Port to listen on, falls back to 8080";
-        type = with types; nullOr int;
-        default = null;
-      };
-      authfile = mkOption {
-        description = mdDoc "Path to auth.json file.";
-        type = with types; nullOr path;
-        default = null;
-      };
-      keepalive  = mkOption {
-        description = mdDoc "Keepalive interval, falls back to 25s";
-        type = with types; nullOr str;
-        default = null;
-        example = "5s";
-      };
-      backend = mkOption {
-        description = mdDoc "HTTP server to proxy normal requests to";
-        type = with types; nullOr str;
-        default = null;
-        example = "http://127.0.0.1:8080";
-      };
-      socks5 = mkOption {
-        description = mdDoc "Allow clients access to internal SOCKS5 proxy";
-        type = types.bool;
-        default = false;
-      };
-      reverse = mkOption {
-        description = "Allow clients reverse port forwarding";
-        type = types.bool;
-        default = false;
-      };
-    };
-  };
-
-  config = {
-    systemd.services.chisel-server = mkIf cfg.enable {
-      description = "Chisel Tunnel Server";
-      wantedBy = [ "network-online.target" ];
-
-      serviceConfig = {
-        ExecStart = "${pkgs.chisel}/bin/chisel server " + concatStringsSep " " (
-          optional (cfg.host != null) "--host ${cfg.host}"
-          ++ optional (cfg.port != null) "--port ${builtins.toString cfg.port}"
-          ++ optional (cfg.authfile != null) "--authfile ${cfg.authfile}"
-          ++ optional (cfg.keepalive != null) "--keepalive ${cfg.keepalive}"
-          ++ optional (cfg.backend != null) "--backend ${cfg.backend}"
-          ++ optional cfg.socks5 "--socks5"
-          ++ optional cfg.reverse "--reverse"
-        );
-
-        # Security Hardening
-        # Refer to systemd.exec(5) for option descriptions.
-        CapabilityBoundingSet = "";
-
-        # implies RemoveIPC=, PrivateTmp=, NoNewPrivileges=, RestrictSUIDSGID=,
-        # ProtectSystem=strict, ProtectHome=read-only
-        DynamicUser = true;
-        LockPersonality = true;
-        PrivateDevices = true;
-        PrivateUsers = true;
-        ProcSubset = "pid";
-        ProtectClock = true;
-        ProtectControlGroups = true;
-        ProtectHome = true;
-        ProtectHostname = true;
-        ProtectKernelLogs = true;
-        ProtectProc = "invisible";
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
-        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
-        RestrictNamespaces = true;
-        RestrictRealtime = true;
-        SystemCallArchitectures = "native";
-        SystemCallFilter = "~@clock @cpu-emulation @debug @mount @obsolete @reboot @swap @privileged @resources";
-        UMask = "0077";
-      };
-    };
-  };
-}

modules/default.nix

@@ -5,7 +5,6 @@
     ./policyrouting
     ./akne
     ./anycast_healthchecker
-    ./chisel
     ./gre-tunnel
     ./minecraft-server
     ./monitoring