nixos/mpdscribble: init #97553
nixos/mpdscribble: init #97553
Conversation
|
I like this. @matthiasbeyer do you have anything to comment? I haven't deeply reviewed this PR yet. But, I'd like to verify that the passwords are handled right. As part of that, I'm waiting for a review at #95599 which I see as a dependency for this module's keeping passwords safe. |
|
For reference, I'm using mpdas which is a similar daemon, in my personal config for a while now, with both #95599 in my nixpkgs fork and this: systemd.services.mpdas = {
description = "Music Player Daemon Scrobbler (mpdas)";
bindsTo = ["mpd.service"];
wantedBy = [ "multi-user.target" ];
unitConfig = {
RequiresMountsFor = "/var/lib/mpd";
};
# workaround for https://github.com/hrkfdn/mpdas/issues/58
environment.HOME = "/";
serviceConfig = {
User = "mpd";
# That file's format is configured here:
# https://github.com/hrkfdn/mpdas/tree/master#configuration
ExecStart = "${pkgs.mpdas}/bin/mpdas -c /etc/mpdasrc";
# A little bit more complicated then mpd's prestart script because it
# has to parse the mpd conf file format
ExecStartPre = pkgs.writeScript "mpdas-start-pre" ''
#!${pkgs.runtimeShell}
set -euo pipefail
password=$(${pkgs.gawk}/bin/awk -F'[@"]' '$1 == "password " {print $2}' /var/lib/secrets/mpd.conf)
echo "mpdpassword = $password" > /etc/mpdasrc
cat /var/lib/secrets/mpdas.conf >> /etc/mpdasrc
'';
Type = "simple";
};
};
environment.etc."mpdasrc" = {
mode = "0660";
group = "transmission";
user = "mpd";
text = ''
'';
};Where |
Sohalt
force-pushed
the
nixos/mpdscribble
branch
from
63e9b84
to
f9d9dd0
Compare
|
|
||
| # The host running MPD, possibly protected by a password | ||
| # ([PASSWORD@]HOSTNAME). | ||
| host = ${cfg.host} |
There was a problem hiding this comment.
@Sohalt I was trying to suggest, that mpd's password shouldn't be plain visible here, and more over, at the store. You should use a environment.etc. file, with the proper permissions for the mpdscribble user. But, this is a dumb request when we do write to the store the mpd passwords - without #95599 . Could you give me a hand there with a review / test please?
No, I don't use lastfm/etc anymore. |
Sohalt
force-pushed
the
nixos/mpdscribble
branch
2 times, most recently
from
3be68aa
to
cde9d33
Compare
|
@Sohalt I've only taken a rough look in the meantime and it looks fantastically promising :). I've failed in the attempt of doing it myself! Thanks so much for working on this. There's an ofborg eval error though: https://gist.github.com/GrahamcOfBorg/b3fb7048bc6528d554c2421e8353c812 |
Sohalt
force-pushed
the
nixos/mpdscribble
branch
2 times, most recently
from
30ede12
to
843c77d
Compare
ofborg
bot
added
10.rebuild-darwin: 0
10.rebuild-linux: 1-10
10.rebuild-linux: 1
labels
|
@doronbehar Thanks! I've somehow missed that. Now everything's green :) |
Sohalt
force-pushed
the
nixos/mpdscribble
branch
from
843c77d
to
743161f
Compare
|
@aanderse @doronbehar thanks a lot for your review! I think I've addressed everything. |
Sohalt
force-pushed
the
nixos/mpdscribble
branch
from
743161f
to
cac09d4
Compare
Sohalt
force-pushed
the
nixos/mpdscribble
branch
from
cac09d4
to
412f39b
Compare
| Endpoints to scrobble to. | ||
| If the endpoint is one of "${ | ||
| concatStringsSep "\", \"" (attrNames endpointUrls) | ||
| }" the url is set automatically. |
There was a problem hiding this comment.
Saying the url is set automatically gives a slight feeling it's possible to set a certain url, for an arbitrary endpoint, but there isn't.. So maybe remove that last part of the sentence? Or alternatively provide a default value for a url option?
There was a problem hiding this comment.
Not sure I understand you correctly. You can set an arbitrary url for an arbitrary endpoint, but when you use one of the predefined endpoints, there is already a default with the "official" endpoint for those services (defined here).
| # "syslog" makes mpdscribble use the local syslog daemon. On most | ||
| # systems, log messages will appear in /var/log/daemon.log then. | ||
| # "-" means log to stderr (the current terminal). | ||
| log = - |
There was a problem hiding this comment.
Why did we remove this option? I personally like the idea of having the list of scrobbles also in a separate file. If I remember correctly that this is what this log holds.
There was a problem hiding this comment.
It does not only hold lists of scrobbles but also other logging output. There is the journal, which is used to store a list of scrobbles when there is no connection to the scrobble server.
Since the service runs as DynamicUser it does not make too much sense to be able to specify a separate location, because the service won't have access (I could add ReadWritePaths, but I don't think it's really necessary. - will make mpdscribble log to the systemd journal.
Sohalt
force-pushed
the
nixos/mpdscribble
branch
2 times, most recently
from
efd7afc
to
bcb6e3a
Compare
|
I have a commit that automatically sets the |
|
I will test this with my laptop, along with the PR for mpd on my next system update. Then I will merge. Thanks again for working on this.
…On Jan 3 2021, at 4:28 pm, Aaron Andersen ***@***.***> wrote:
@aanderse approved this pull request.
LGTM 👍
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub ***@***.***/0?redirect=https%3A%2F%2Fgithub.com%2FNixOS%2Fnixpkgs%2Fpull%2F97553%23pullrequestreview-560700885&recipient=cmVwbHkrQUNUNUlNNDVWR1ZNWlZYVlhaSE9TNDU1N1cyWUpFVkJOSEhDVENSN0E0QHJlcGx5LmdpdGh1Yi5jb20%3D), or unsubscribe ***@***.***/1?redirect=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FACT5IM4LLUMQZX3SRDXKIIDSYB5IJANCNFSM4RCS4UFA&recipient=cmVwbHkrQUNUNUlNNDVWR1ZNWlZYVlhaSE9TNDU1N1cyWUpFVkJOSEhDVENSN0E0QHJlcGx5LmdpdGh1Yi5jb20%3D).
|
|
From some reason I wasn't able to merge this on top of #107508 so I didn't test this. So let's unmark it as a draft and rebase? |
Sohalt
force-pushed
the
nixos/mpdscribble
branch
from
bcb6e3a
to
f6a08f3
Compare
Sohalt
force-pushed
the
nixos/mpdscribble
branch
from
f6a08f3
to
59bd4c1
Compare
|
Thank you for the review and merging! |
Motivation for this change
This adds a NixOS service for mpdscribble.
There have been prior attempts at this: #23660 #9940 #6806
Things done
I have the module running and working using a configuration of
The password is stored either as MD5 or cleartext directly in the config file in the nix store. The description specifically states this.
It is not ideal, but ok for now IMHO. I've opened an issue upstream to support a
password_fileoption (MusicPlayerDaemon/mpdscribble#24).sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)