jukebox: reassign mpd access control to the firewall

dunno how to reliably ensure the mpd service is ordered after each binds_to address is bound (& so bind(3)able)
2025-12-01 00:00:00 +00:00
parent 6604ec303d
commit e26caa3429
2 changed files with 5 additions and 10 deletions
--- a/inventories/default.nix
+++ b/inventories/default.nix
@@ -187,9 +187,7 @@
          };
          roles.default.machines.neptune = {
            settings = {
-              binds = [
-                "10.0.0.9"
-              ];
+              binds = [ "wlp1s0" ];
              disks.m3 = {
                uuid = "105D-319E";
                mountOptions = ["utf8"];
--- a/modules/clan/jukebox/default.nix
+++ b/modules/clan/jukebox/default.nix
@@ -92,21 +92,18 @@
            services.mpd = {
              enable = true;
              musicDirectory = settings.baseDir;
-              network.listenAddress = "127.0.0.1"; # additive but singleton opt
+              network.listenAddress = "any";
              extraConfig = ''
                audio_output {
                  type "pulse"
                  name "jukebox"
                  server "localhost"
                }
-              '' + lib.concatMapStringsSep "\n"
-                (addr: ''bind_to_address "${addr}"'')
-                settings.binds;
+              '';
            };

-            networking.firewall.allowedTCPPorts = lib.optional
-              (settings.binds != [])
-              config.services.mpd.network.port;
+            networking.firewall.interfaces = lib.genAttrs settings.binds
+              (_: { allowedTCPPorts = [config.services.mpd.network.port]; });

            environment.systemPackages = [pkgs.mpc];
          };