From e26caa3429d1c6f1fde292be0e1ed26f3924e083 Mon Sep 17 00:00:00 2001 From: vi Date: Mon, 1 Dec 2025 00:00:00 +0000 Subject: [PATCH] jukebox: reassign mpd access control to the firewall dunno how to reliably ensure the mpd service is ordered after each binds_to address is bound (& so bind(3)able) --- inventories/default.nix | 4 +--- modules/clan/jukebox/default.nix | 11 ++++------- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/inventories/default.nix b/inventories/default.nix index 05facf4..e1297ed 100644 --- a/inventories/default.nix +++ b/inventories/default.nix @@ -187,9 +187,7 @@ }; roles.default.machines.neptune = { settings = { - binds = [ - "10.0.0.9" - ]; + binds = [ "wlp1s0" ]; disks.m3 = { uuid = "105D-319E"; mountOptions = ["utf8"]; diff --git a/modules/clan/jukebox/default.nix b/modules/clan/jukebox/default.nix index 8630d91..4895bc5 100644 --- a/modules/clan/jukebox/default.nix +++ b/modules/clan/jukebox/default.nix @@ -92,21 +92,18 @@ services.mpd = { enable = true; musicDirectory = settings.baseDir; - network.listenAddress = "127.0.0.1"; # additive but singleton opt + network.listenAddress = "any"; extraConfig = '' audio_output { type "pulse" name "jukebox" server "localhost" } - '' + lib.concatMapStringsSep "\n" - (addr: ''bind_to_address "${addr}"'') - settings.binds; + ''; }; - networking.firewall.allowedTCPPorts = lib.optional - (settings.binds != []) - config.services.mpd.network.port; + networking.firewall.interfaces = lib.genAttrs settings.binds + (_: { allowedTCPPorts = [config.services.mpd.network.port]; }); environment.systemPackages = [pkgs.mpc]; };