summaryrefslogtreecommitdiffstats
path: root/nin
diff options
context:
space:
mode:
Diffstat (limited to 'nin')
-rw-r--r--nin/1systems/hiawatha/config.nix1
-rw-r--r--nin/2configs/default.nix1
-rw-r--r--nin/2configs/skype.nix27
3 files changed, 29 insertions, 0 deletions
diff --git a/nin/1systems/hiawatha/config.nix b/nin/1systems/hiawatha/config.nix
index 0e48b41c2..31b6abe43 100644
--- a/nin/1systems/hiawatha/config.nix
+++ b/nin/1systems/hiawatha/config.nix
@@ -15,6 +15,7 @@ with lib;
<stockholm/nin/2configs/git.nix>
<stockholm/nin/2configs/retiolum.nix>
<stockholm/nin/2configs/termite.nix>
+ <stockholm/nin/2configs/skype.nix>
];
krebs.build.host = config.krebs.hosts.hiawatha;
diff --git a/nin/2configs/default.nix b/nin/2configs/default.nix
index 212fd368e..68521c6dd 100644
--- a/nin/2configs/default.nix
+++ b/nin/2configs/default.nix
@@ -158,6 +158,7 @@ with import <stockholm/lib>;
filter.INPUT.rules = [
{ predicate = "-m conntrack --ctstate RELATED,ESTABLISHED"; target = "ACCEPT"; precedence = 10001; }
{ predicate = "-p icmp"; target = "ACCEPT"; precedence = 10000; }
+ { predicate = "-p ipv6-icmp"; target = "ACCEPT"; v4 = false; precedence = 10000; }
{ predicate = "-i lo"; target = "ACCEPT"; precedence = 9999; }
{ predicate = "-p tcp --dport 22"; target = "ACCEPT"; precedence = 9998; }
{ predicate = "-p tcp -i retiolum"; target = "REJECT --reject-with tcp-reset"; precedence = -10000; }
diff --git a/nin/2configs/skype.nix b/nin/2configs/skype.nix
new file mode 100644
index 000000000..621dfae82
--- /dev/null
+++ b/nin/2configs/skype.nix
@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+let
+ mainUser = config.users.extraUsers.nin;
+ inherit (import <stockholm/lib>) genid;
+
+in {
+ users.extraUsers = {
+ skype = {
+ name = "skype";
+ uid = genid "skype";
+ description = "user for running skype";
+ home = "/home/skype";
+ useDefaultShell = true;
+ extraGroups = [ "audio" "video" ];
+ createHome = true;
+ };
+ };
+
+ krebs.per-user.skype.packages = [
+ pkgs.skype
+ ];
+
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(skype) NOPASSWD: ALL
+ '';
+}