From 65e649254aa406277f5e8b99adf1114e6ac373ca Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Sat, 20 Apr 2019 17:02:18 +0200
Subject: Upgrade MPD to 0.21.7, and move mpd secrets to secure location

Fixes https://git.immae.eu/mantisbt/view.php?id=122
---
 nixops/modules/mpd/default.nix | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'nixops/modules/mpd/default.nix')

diff --git a/nixops/modules/mpd/default.nix b/nixops/modules/mpd/default.nix
index d59a34c..9e1715b 100644
--- a/nixops/modules/mpd/default.nix
+++ b/nixops/modules/mpd/default.nix
@@ -1,20 +1,31 @@
 { lib, pkgs, config, myconfig, mylibs, ... }:
 {
   config = {
+    nixpkgs.overlays = [ (self: super: rec {
+      mpd = (self.callPackage ./mpd.nix {}).mpd;
+    }) ];
     deployment.keys = {
       mpd = {
         permissions = "0400";
         text = myconfig.env.mpd.password;
       };
+      mpd-config = {
+        permissions = "0400";
+        user = "mpd";
+        group = "mpd";
+        text = ''
+          password "${myconfig.env.mpd.password}@read,add,control,admin"
+        '';
+      };
     };
     networking.firewall.allowedTCPPorts = [ 6600 ];
-    users.users.mpd.extraGroups = [ "wwwrun" ];
+    users.users.mpd.extraGroups = [ "wwwrun" "keys" ];
     services.mpd = {
       enable = true;
       network.listenAddress = "any";
       musicDirectory = myconfig.env.mpd.folder;
       extraConfig = ''
-        password "${myconfig.env.mpd.password}@read,add,control,admin"
+        include "/run/keys/mpd-config"
         audio_output {
           type            "null"
           name            "No Output"
-- 
cgit v1.2.3