Upgrade MPD to 0.21.7, and move mpd secrets to secure location

Fixes https://git.immae.eu/mantisbt/view.php?id=122

1 files changed, 13 insertions, 2 deletions

diff --git a/nixops/modules/mpd/default.nix b/nixops/modules/mpd/default.nix
index d59a34c..9e1715b 100644
--- a/nixops/modules/mpd/default.nix
+++ b/nixops/modules/mpd/default.nix
@@ -1,20 +1,31 @@
 { lib, pkgs, config, myconfig, mylibs, ... }:
 {
   config = {
+    nixpkgs.overlays = [ (self: super: rec {
+      mpd = (self.callPackage ./mpd.nix {}).mpd;
+    }) ];
     deployment.keys = {
       mpd = {
         permissions = "0400";
         text = myconfig.env.mpd.password;
       };
+      mpd-config = {
+        permissions = "0400";
+        user = "mpd";
+        group = "mpd";
+        text = ''
+          password "${myconfig.env.mpd.password}@read,add,control,admin"
+        '';
+      };
     };
     networking.firewall.allowedTCPPorts = [ 6600 ];
-    users.users.mpd.extraGroups = [ "wwwrun" ];
+    users.users.mpd.extraGroups = [ "wwwrun" "keys" ];
     services.mpd = {
       enable = true;
       network.listenAddress = "any";
       musicDirectory = myconfig.env.mpd.folder;
       extraConfig = ''
-        password "${myconfig.env.mpd.password}@read,add,control,admin"
+        include "/run/keys/mpd-config"
         audio_output {
           type            "null"
           name            "No Output"