From 8e2e1c6a09899ac9ce700f1cb96b17e149176544 Mon Sep 17 00:00:00 2001
From: Erin Sims <erin.sims@bookit.com>
Date: Fri, 9 Sep 2022 07:28:30 -0400
Subject: [PATCH] working on changes, and debugging

---
 playbooks/mpdb.service.j2 | 39 +++++++++++++++++++++++++++++++++++++++
 playbooks/mpdb.yaml       |  4 ++--
 2 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 playbooks/mpdb.service.j2

diff --git a/playbooks/mpdb.service.j2 b/playbooks/mpdb.service.j2
new file mode 100644
index 0000000..fe60e88
--- /dev/null
+++ b/playbooks/mpdb.service.j2
@@ -0,0 +1,39 @@
+[Unit]
+Description=Music Player Daemon
+Documentation=man:mpd(1) man:mpd.conf(5)
+Documentation=file:///usr/share/doc/mpd/html/user.html
+After=network.target sound.target
+
+[Service]
+Type=notify
+EnvironmentFile=/etc/default/mpd
+ExecStart=/usr/bin/mpd --no-daemon /etc/mpd.conf
+
+# Enable this setting to ask systemd to watch over MPD, see
+# systemd.service(5).  This is disabled by default because it causes
+# periodic wakeups which are unnecessary if MPD is not playing.
+#WatchdogSec=120
+
+# allow MPD to use real-time priority 40
+LimitRTPRIO=40
+LimitRTTIME=infinity
+
+# for io_uring
+LimitMEMLOCK=64M
+
+# disallow writing to /usr, /bin, /sbin, ...
+ProtectSystem=yes
+
+# more paranoid security settings
+NoNewPrivileges=yes
+ProtectKernelTunables=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+# AF_NETLINK is required by libsmbclient, or it will exit() .. *sigh*
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX AF_NETLINK
+RestrictNamespaces=yes
+
+[Install]
+WantedBy=multi-user.target
+Also=mpd.socket
+
diff --git a/playbooks/mpdb.yaml b/playbooks/mpdb.yaml
index eccb959..55269e9 100644
--- a/playbooks/mpdb.yaml
+++ b/playbooks/mpdb.yaml
@@ -46,7 +46,7 @@
     - name: setup config on hosts
       template:
          src: mpdb.conf.j2
-         dest: "/etc/mpdf.conf"
+         dest: "/etc/mpd.conf"
          mode:  0644
          owner: root
          group: root 
@@ -59,7 +59,7 @@
         mode: '0755'
     - name: setup service on hosts
       template:
-        src: mpdb.service.j2
+        src: mpd.service.j2
         dest: "/usr/lib/systemd/system/mpd.service"
         mode:  0644
         owner: root