From 8f20c3012af32cd7bacf349dd8b2dcdd2a41fda1 Mon Sep 17 00:00:00 2001
From: ChaotiCryptidz <chaoticryptidz@owo.monster>
Date: Sun, 23 Jan 2022 12:09:07 +0000
Subject: [PATCH] add http basic auth so only i can listen

---
 hosts/hetzner-vm/services/mpd.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/hosts/hetzner-vm/services/mpd.nix b/hosts/hetzner-vm/services/mpd.nix
index b470040..42905b0 100644
--- a/hosts/hetzner-vm/services/mpd.nix
+++ b/hosts/hetzner-vm/services/mpd.nix
@@ -10,6 +10,7 @@
       permissions = [ "read" "add" "control" "admin" ];
     }];
     extraConfig = ''
+      host_permissions "127.0.0.1 read,add,control,admin"
       samplerate_converter "1"
       audio_output_format "44100:16:2"
       audio_output {
@@ -25,12 +26,20 @@
     '';
   };
 
-  systemd.services.mpd.serviceConfig.StateDirectory = ["/mpd"];
+  systemd.services.mpd.serviceConfig.StateDirectory = [ "/mpd" ];
 
   services.nginx.virtualHosts."stream.owo.monster" = {
     forceSSL = true;
     enableACME = true;
-    locations = { "/".proxyPass = "http://127.0.0.1:8012"; };
+    locations = {
+      "/" = {
+        proxyPass = "http://127.0.0.1:8012";
+        extraConfig = ''
+          auth_basic "Music Password";
+          auth_basic_user_file /secrets/music-stream-passwd; 
+        '';
+      };
+    };
   };
 
   networking.firewall.allowedTCPPorts = [ 6600 ];