summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism.nix
diff options
context:
space:
mode:
Diffstat (limited to 'lass/1systems/prism.nix')
-rw-r--r--lass/1systems/prism.nix33
1 files changed, 33 insertions, 0 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index d07acebee..34d81f099 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -226,6 +226,39 @@ in {
enable = true;
};
}
+ {
+ users.users.nin = {
+ uid = genid "nin";
+ inherit (config.krebs.users.nin) home;
+ group = "users";
+ createHome = true;
+ useDefaultShell = true;
+ openssh.authorizedKeys.keys = [
+ config.krebs.users.nin.pubkey
+ ];
+ extraGroups = [
+ "libvirtd"
+ ];
+ };
+ krebs.git.rules = [
+ {
+ user = [ config.krebs.users.nin ];
+ repo = [ config.krebs.git.repos.stockholm ];
+ perm = with git; push "refs/heads/nin" [ fast-forward non-fast-forward create delete merge ];
+ }
+ ];
+ krebs.repo-sync.repos.stockholm.nin = {
+ origin.url = "http://cgit.prism/stockholm";
+ origin.ref = "heads/nin";
+ mirror.url = "git@${config.networking.hostName}:stockholm";
+ };
+ krebs.iptables.tables.nat.PREROUTING.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; }
+ ];
+ krebs.iptables.tables.filter.FORWARD.rules = [
+ { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
+ ];
+ }
];
krebs.build.host = config.krebs.hosts.prism;