nixos/mpd: Allow to configure a credentialsFile

Allow to specify a password file to be located outside the store, and be read in `ExecStartPre`.
2020-08-16 17:56:49 +03:00 · 2020-08-16 17:56:49 +03:00 · ccee8dc09f
commit ccee8dc09f
parent a5985162e3
1 changed files with 26 additions and 1 deletions
--- a/nixos/modules/services/audio/mpd.nix
+++ b/nixos/modules/services/audio/mpd.nix
@ -140,6 +140,18 @@ in {
        '';
      };

+      credentialsFile = mkOption {
+        type = types.path;
+        description = ''
+          Path to a file to be merged with the settings during the service startup.
+          Useful to merge a file which is better kept out of the Nix store
+          because it contains sensible data like MPD's password. Example may look like this:
+          <literal>password "myMpdPassword@read,add,control,admin"</literal>
+        '';
+        default = "/dev/null";
+        example = "/var/lib/secrets/mpd.conf";
+      };
+
      fluidsynth = mkOption {
        type = types.bool;
        default = false;
@ -181,7 +193,12 @@ in {

      serviceConfig = {
        User = "${cfg.user}";
-        ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon ${mpdConf}";
+        ExecStart = "${pkgs.mpd}/bin/mpd --no-daemon /etc/mpd.conf";
+        ExecStartPre = pkgs.writeScript "mpd-start-pre" ''
+          #!${pkgs.runtimeShell}
+          set -euo pipefail
+          cat ${mpdConf} ${cfg.credentialsFile} > /etc/mpd.conf
+        '';
        Type = "notify";
        LimitRTPRIO = 50;
        LimitRTTIME = "infinity";
@ -195,6 +212,14 @@ in {
        Restart = "always";
      };
    };
+    environment.etc."mpd.conf" = {
+      mode = "0640";
+      group = cfg.group;
+      user = cfg.user;
+      # To be modified by the service' ExecStartPre
+      text = ''
+      '';
+    };

    users.users = optionalAttrs (cfg.user == name) {
      ${name} = {