diff options
Diffstat (limited to 'nin')
| -rw-r--r-- | nin/1systems/hiawatha/config.nix | 1 | ||||
| -rw-r--r-- | nin/2configs/default.nix | 1 | ||||
| -rw-r--r-- | nin/2configs/skype.nix | 27 | ||||
| -rw-r--r-- | nin/source.nix | 2 |
4 files changed, 30 insertions, 1 deletions
diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix index 0e48b41c2..31b6abe43 100644 --- a/nin/1systems/hiawatha/config.nix +++ b/nin/1systems/hiawatha/config.nix @@ -15,6 +15,7 @@ with lib; <stockholm/nin/2configs/git.nix> <stockholm/nin/2configs/retiolum.nix> <stockholm/nin/2configs/termite.nix> + <stockholm/nin/2configs/skype.nix> ]; krebs.build.host = config.krebs.hosts.hiawatha; diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix index 212fd368e..68521c6dd 100644 --- a/nin/2configs/default.nix +++ b/nin/2configs/default.nix @@ -158,6 +158,7 @@ with import <stockholm/lib>; filter.INPUT.rules = [ { predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; } { predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; } + { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; } { predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; } { predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; } { predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; } diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix new file mode 100644 index 000000000..621dfae82 --- /dev/null +++ b/nin/2configs/skype.nix @@ -0,0 +1,27 @@ +{ config, lib, pkgs, ... }: + +let + mainUser = config.users.extraUsers.nin; + inherit (import <stockholm/lib>) genid; + +in { + users.extraUsers = { + skype = { + name = "skype"; + uid = genid "skype"; + description = "user for running skype"; + home = "/home/skype"; + useDefaultShell = true; + extraGroups = [ "audio" "video" ]; + createHome = true; + }; + }; + + krebs.per-user.skype.packages = [ + pkgs.skype + ]; + + security.sudo.extraConfig = '' + ${mainUser.name} ALL=(skype) NOPASSWD: ALL + ''; +} diff --git a/nin/source.nix b/nin/source.nix index 183c71bae..2c80afaaa 100644 --- a/nin/source.nix +++ b/nin/source.nix @@ -14,6 +14,6 @@ in stockholm.file = toString <stockholm>; nixpkgs.git = { url = https://github.com/nixos/nixpkgs; - ref = "799435b"; + ref = "9824ca6"; }; } |