3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules
Dominique Martinet d8fa2627f3 mpd: remove user/group from conf
the options should not be set as we already change user with service
file, man mpd.conf says "Do not use this option if you start MPD as an
unprivileged user"

The group option actually is not documented at all anymore and probably
no longer exists.

These options get in the way of setting up confinement for the service,
as it would otherwise be pretty straightforward to setup, but even if
mpd is not root it would check the user exists within the chroot which
is more work (need to get nss working):

  systemd.services.mpd = {
    serviceConfig.BindPaths = [
      # mpd state dir
      "/var/lib/mpd"
      # notify systemd service started up
      "/run/systemd/notify"
    ];
    serviceConfig.BindReadOnlyPaths = [
      "/path/to/music:/var/lib/mpd/music"
    ];
    # ProtectSystem is not compatible with confinement
    serviceConfig.ProtectSystem = lib.mkForce false;
    confinement = {
      enable = true;
      binSh = null;
      mode = "chroot-only";
    };
  };
2020-05-10 20:24:33 +02:00
..
config nixos/systemd: move NSS module logic to systemd module 2020-05-05 15:59:30 +02:00
hardware nixos/device-tree: fix package name in examples 2020-05-10 20:13:54 +02:00
i18n/input-method
installer Merge pull request #85996 from misuzu/nixos-install-low-memory 2020-05-08 18:40:24 +03:00
misc
profiles
programs Merge master into staging-next 2020-05-05 19:51:09 +02:00
security nixos/confinement: add conflict for ProtectSystem service option 2020-05-10 19:25:41 +02:00
services mpd: remove user/group from conf 2020-05-10 20:24:33 +02:00
system nixos/raspberrypi-builder: fix cross using buildPackages 2020-05-10 16:03:31 +02:00
tasks
testing
virtualisation Merge branch 'staging-next' 2020-05-06 08:20:05 +02:00
module-list.nix nixos/doas: init 2020-05-04 15:56:06 -07:00
rename.nix