From 2781930ecf827084c1b3313acae940ff3a2e08f5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kmein@posteo.de>
Date: Wed, 25 Nov 2020 10:07:26 +0100
Subject: [PATCH] feat: access ympd via nginx with password auth

---
 configs/mpd.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/configs/mpd.nix b/configs/mpd.nix
index 5c8883a..211efd7 100644
--- a/configs/mpd.nix
+++ b/configs/mpd.nix
@@ -19,6 +19,16 @@ in
   services.mpd.enable = true;
   services.ympd.enable = true;
 
+  services.nginx.virtualHosts.default = {
+    locations."^~ /ympd/" = {
+      proxyPass = "http://127.0.0.1:${config.services.ympd.webPort}/";
+      extraConfig = ''
+        auth_basic "Restricted Content";
+        auth_basic_user_file ${pkgs.writeText "ympd-password" "dj:$apr1$1ogLNSki$37uGV8iqjWEYEwtY4iq3F1"};
+      ''; # generate password hash with `openssl passwd -apr1`
+    };
+  };
+
   # dont let anyone outside localhost or local network in
   networking.firewall.extraCommands = let ympdPort = config.services.ympd.webPort; in ''
     ${pkgs.iptables}/bin/iptables -A INPUT -p tcp --dport ${ympdPort} -s 192.168.0.0/16 -j ACCEPT