From 90e518d67bca34ad5225126f6d42fc136e38d2ae Mon Sep 17 00:00:00 2001
From: chaos <chaos@owo.monster>
Date: Sun, 26 May 2024 10:21:18 +0100
Subject: [PATCH] add ability to bind to privileged ports

---
 hosts/hetzner-arm/containers/music/profiles/mpd.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/hetzner-arm/containers/music/profiles/mpd.nix b/hosts/hetzner-arm/containers/music/profiles/mpd.nix
index abbcfbc..5153161 100644
--- a/hosts/hetzner-arm/containers/music/profiles/mpd.nix
+++ b/hosts/hetzner-arm/containers/music/profiles/mpd.nix
@@ -27,6 +27,8 @@ in {
     after = ["rclone-serve-nfs-music.service"];
     serviceConfig = {
       ProtectSystem = false;
+      AmbientCapabilities = "CAP_NET_BIND_SERVICE";
+      CapabilityBoundingSet = "CAP_NET_BIND_SERVICE";
     };
   };