newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

jukebox: reassign mpd access control to the firewall

Browse Source 
dunno how to reliably ensure the mpd service is ordered after each
binds_to address is bound (& so bind(3)able)
This commit is contained in:
vi
2025-12-01 00:00:00 +00:00
parent 6604ec303d
commit e26caa3429
2 changed files with 5 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
inventories/default.nix
View File

@@ -187,9 +187,7 @@
}; };
roles.default.machines.neptune = { roles.default.machines.neptune = {
settings = { settings = {
binds = [ binds = [ "wlp1s0" ];
"10.0.0.9"
];
disks.m3 = { disks.m3 = {
uuid = "105D-319E"; uuid = "105D-319E";
mountOptions = ["utf8"]; mountOptions = ["utf8"];

11
modules/clan/jukebox/default.nix
View File

@@ -92,21 +92,18 @@
services.mpd = { services.mpd = {
enable = true; enable = true;
musicDirectory = settings.baseDir; musicDirectory = settings.baseDir;
network.listenAddress = "127.0.0.1"; # additive but singleton opt network.listenAddress = "any";
extraConfig = '' extraConfig = ''
audio_output { audio_output {
type "pulse" type "pulse"
name "jukebox" name "jukebox"
server "localhost" server "localhost"
} }
'' + lib.concatMapStringsSep "\n" '';
(addr: ''bind_to_address "${addr}"'')
settings.binds;
}; };
networking.firewall.allowedTCPPorts = lib.optional networking.firewall.interfaces = lib.genAttrs settings.binds
(settings.binds != []) (_: { allowedTCPPorts = [config.services.mpd.network.port]; });
config.services.mpd.network.port;
environment.systemPackages = [pkgs.mpc]; environment.systemPackages = [pkgs.mpc];
}; };