about summary refs log tree commit diff
path: root/nixos/modules/services/audio/navidrome.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/audio/navidrome.nix')
-rw-r--r--nixos/modules/services/audio/navidrome.nix3
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/services/audio/navidrome.nix b/nixos/modules/services/audio/navidrome.nix
index 3660e05310be1..319212c020777 100644
--- a/nixos/modules/services/audio/navidrome.nix
+++ b/nixos/modules/services/audio/navidrome.nix
@@ -45,7 +45,10 @@ in {
         RootDirectory = "/run/navidrome";
         ReadWritePaths = "";
         BindReadOnlyPaths = [
+          # navidrome uses online services to download additional album metadata / covers
+          "${config.environment.etc."ssl/certs/ca-certificates.crt".source}:/etc/ssl/certs/ca-certificates.crt"
           builtins.storeDir
+          "/etc"
         ] ++ lib.optional (cfg.settings ? MusicFolder) cfg.settings.MusicFolder;
         CapabilityBoundingSet = "";
         RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-10 00:00:20 +0000