l prism: define all krebs users in one place

2017-07-20 14:49:18 +02:00 · 2017-07-20 14:49:18 +02:00 · 30c2940ee5
parent 32d09aa9d5
commit 30c2940ee5
1 changed files with 20 additions and 22 deletions
--- a/lass/1systems/prism/config.nix
+++ b/lass/1systems/prism/config.nix
@ -212,6 +212,26 @@ in {
          config.krebs.users.tv.pubkey
        ];
      };
+      users.users.makefu = {
+        uid = genid "makefu";
+        isNormalUser = true;
+        openssh.authorizedKeys.keys = [
+          config.krebs.users.makefu.pubkey
+        ];
+      };
+      users.users.nin = {
+        uid = genid "nin";
+        inherit (config.krebs.users.nin) home;
+        group = "users";
+        createHome = true;
+        useDefaultShell = true;
+        openssh.authorizedKeys.keys = [
+          config.krebs.users.nin.pubkey
+        ];
+        extraGroups = [
+          "libvirtd"
+        ];
+      };
    }
    {
      krebs.repo-sync.timerConfig = {
@ -234,28 +254,6 @@ in {
        enable = true;
      };
    }
-    {
-      # Nin stuff
-      users.users.nin = {
-        uid = genid "nin";
-        inherit (config.krebs.users.nin) home;
-        group = "users";
-        createHome = true;
-        useDefaultShell = true;
-        openssh.authorizedKeys.keys = [
-          config.krebs.users.nin.pubkey
-        ];
-        extraGroups = [
-          "libvirtd"
-        ];
-      };
-      krebs.iptables.tables.nat.PREROUTING.rules = [
-        { v6 = false; precedence = 1000; predicate = "-d 213.239.205.240 -p tcp --dport 1337"; target = "DNAT --to-destination 192.168.122.24:22"; }
-      ];
-      krebs.iptables.tables.filter.FORWARD.rules = [
-        { v6 = false; precedence = 1000; predicate = "-d 192.168.122.24 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED"; target = "ACCEPT"; }
-      ];
-    }
    {
      krebs.Reaktor.prism = {
        nickname = "Reaktor|lass";