diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 5e16052ad..8332e7c53 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -21,20 +21,15 @@ with import <stockholm/lib>;
     #<stockholm/lass/2configs/prism-share.nix>
     <stockholm/lass/2configs/ssh-cryptsetup.nix>
     <stockholm/lass/2configs/network-manager.nix>
+    <stockholm/lass/2configs/home-media.nix>
   ];
 
-  #media center
-  users.users.media = {
-    isNormalUser = true;
-    uid = genid_uint31 "media";
-    extraGroups = [ "video" "audio" ];
-  };
+  krebs.build.host = config.krebs.hosts.icarus;
 
   services.xserver.displayManager.lightdm.autoLogin = {
     enable = true;
     user = "media";
   };
 
-  krebs.build.host = config.krebs.hosts.icarus;
-  programs.adb.enable = true;
+  environment.systemPackages = [ pkgs.chromium ];
 }
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 831e03f79..e41c9bd1e 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -22,22 +22,11 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/hass>
     <stockholm/lass/2configs/br.nix>
     <stockholm/lass/2configs/fetchWallpaper.nix>
+    <stockholm/lass/2configs/home-media.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.shodan;
 
-  #media center
-  users.users.media = {
-    isNormalUser = true;
-    uid = genid_uint31 "media";
-    extraGroups = [ "video" "audio" ];
-  };
-
-  services.xserver.displayManager.lightdm.autoLogin = {
-    enable = true;
-    user = "media";
-  };
-
   services.logind.lidSwitch = "ignore";
   services.logind.lidSwitchDocked = "ignore";
 
diff --git a/lass/2configs/home-media.nix b/lass/2configs/home-media.nix
new file mode 100644
index 000000000..7e10aed34
--- /dev/null
+++ b/lass/2configs/home-media.nix
@@ -0,0 +1,23 @@
+with import <stockholm/lib>;
+{ pkgs, ... }:
+{
+  users.users.media = {
+    isNormalUser = true;
+    uid = genid_uint31 "media";
+    extraGroups = [ "video" "audio" ];
+  };
+
+  services.xserver.displayManager.lightdm.autoLogin = {
+    enable = true;
+    user = "media";
+  };
+
+  hardware.pulseaudio.configFile = pkgs.writeText "pulse.pa" ''
+    .include ${pkgs.pulseaudioFull}/etc/pulse/default.pa
+    load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1;10.42.0.0/24 auth-anonymous=1
+  '';
+
+  krebs.iptables.tables.filter.INPUT.rules = [
+    { predicate = "-p tcp --dport 4713"; target = "ACCEPT"; } # pulseaudio
+  ];
+}