Upgrade MPD to 0.21.7, and move mpd secrets to secure location

[perso/Immae/Config/Nix.git] / nixops / modules / mpd / default.nix

diff --git a/nixops/modules/mpd/default.nix b/nixops/modules/mpd/default.nix
index d59a34cd0b5048858e6e025d1b2ffcbcca6b47b8..9e1715baeb17a29acc441b2fdd6e16fe3491ff26 100644 (file)
--- a/nixops/modules/mpd/default.nix
+++ b/nixops/modules/mpd/default.nix
@@ -1,20 +1,31 @@
 { lib, pkgs, config, myconfig, mylibs, ... }:
 {
   config = {
+    nixpkgs.overlays = [ (self: super: rec {
+      mpd = (self.callPackage ./mpd.nix {}).mpd;
+    }) ];
     deployment.keys = {
       mpd = {
         permissions = "0400";
         text = myconfig.env.mpd.password;
       };
+      mpd-config = {
+        permissions = "0400";
+        user = "mpd";
+        group = "mpd";
+        text = ''
+          password "${myconfig.env.mpd.password}@read,add,control,admin"
+        '';
+      };
     };
     networking.firewall.allowedTCPPorts = [ 6600 ];
-    users.users.mpd.extraGroups = [ "wwwrun" ];
+    users.users.mpd.extraGroups = [ "wwwrun" "keys" ];
     services.mpd = {
       enable = true;
       network.listenAddress = "any";
       musicDirectory = myconfig.env.mpd.folder;
       extraConfig = ''
-        password "${myconfig.env.mpd.password}@read,add,control,admin"
+        include "/run/keys/mpd-config"
         audio_output {
           type            "null"
           name            "No Output"