{ lib, pkgs, config, myconfig, mylibs, ... }:
{
config = {
+ deployment.keys = {
+ mpd = {
+ permissions = "0400";
+ text = myconfig.env.mpd.password;
+ };
+ };
networking.firewall.allowedTCPPorts = [ 6600 ];
users.users.mpd.extraGroups = [ "wwwrun" ];
services.mpd = {
++ ldap.apache.modules
++ kanboard.apache.modules;
- services.ympd = ympd.config // { enable = true; };
+ systemd.services.ympd = {
+ description = "Standalone MPD Web GUI written in C";
+ wantedBy = [ "multi-user.target" ];
+ script = ''
+ export MPD_PASSWORD=$(cat /run/keys/mpd)
+ ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
+ '';
+ };
services.myWebsites.integration.vhostConfs.devtools = {
certName = "eldiron";
'';
nixpkgs.overlays = [ (self: super: rec {
- ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
+ ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json // {
+ patches = (old.patches or []) ++ [ ./ympd-password-env.patch ];
+ });
}) ];
systemd.services.tt-rss = {
--- /dev/null
+diff --git a/src/ympd.c b/src/ympd.c
+index 3aed7e6..b3b6fda 100644
+--- a/src/ympd.c
++++ b/src/ympd.c
+@@ -71,6 +71,7 @@ int main(int argc, char **argv)
+ char *run_as_user = NULL;
+ char const *error_msg = NULL;
+ char *webport = "8080";
++ const char *s;
+
+ atexit(bye);
+ #ifdef WITH_DYNAMIC_ASSETS
+@@ -92,6 +93,10 @@ int main(int argc, char **argv)
+ {0, 0, 0, 0 }
+ };
+
++ if ((s = getenv("MPD_PASSWORD")) != NULL) {
++ mpd.password = strdup(s);
++ }
++
+ while((n = getopt_long(argc, argv, "h:p:w:u:vm:",
+ long_options, &option_index)) != -1) {
+ switch (n) {
ympd = rec {
config = {
webPort = "localhost:${env.listenPort}";
- mpd = {
- host = "${env.mpd.host} --mpdpass ${env.mpd.password}";
- port = env.mpd.port;
- };
+ host = env.mpd.host;
+ port = env.mpd.port;
};
apache = {
modules = [