···

       
109
       
 
       
            BindPaths =

     

       
110
       
 
       
              optional (cfg.settings ? DataFolder) cfg.settings.DataFolder

     

       
111
       
 
       
              ++ optional (cfg.settings ? CacheFolder) cfg.settings.CacheFolder;

     

       
112
       
-
       
            BindReadOnlyPaths = [

     

       
113
       
-
       
              # navidrome uses online services to download additional album metadata / covers

     

       
114
       
-
       
              "${

     

       
115
       
-
       
                config.environment.etc."ssl/certs/ca-certificates.crt".source

     

       
116
       
-
       
              }:/etc/ssl/certs/ca-certificates.crt"

     

       
117
       
-
       
              builtins.storeDir

     

       
118
       
-
       
              "/etc"

     

       
119
       
-
       
            ] ++ optional (cfg.settings ? MusicFolder) cfg.settings.MusicFolder;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
120
       
 
       
            CapabilityBoundingSet = "";

     

       
121
       
 
       
            RestrictAddressFamilies = [

     

       
122
       
 
       
              "AF_UNIX"

     

···

       
109
       
 
       
            BindPaths =

     

       
110
       
 
       
              optional (cfg.settings ? DataFolder) cfg.settings.DataFolder

     

       
111
       
 
       
              ++ optional (cfg.settings ? CacheFolder) cfg.settings.CacheFolder;

     

       
112
       
+
       
            BindReadOnlyPaths =

     

       
113
       
+
       
              [

     

       
114
       
+
       
                # navidrome uses online services to download additional album metadata / covers

     

       
115
       
+
       
                "${

     

       
116
       
+
       
                  config.environment.etc."ssl/certs/ca-certificates.crt".source

     

       
117
       
+
       
                }:/etc/ssl/certs/ca-certificates.crt"

     

       
118
       
+
       
                builtins.storeDir

     

       
119
       
+
       
                "/etc"

     

       
120
       
+
       
              ]

     

       
121
       
+
       
              ++ optional (cfg.settings ? MusicFolder) cfg.settings.MusicFolder

     

       
122
       
+
       
              ++ lib.optionals config.services.resolved.enable [

     

       
123
       
+
       
                "/run/systemd/resolve/stub-resolv.conf"

     

       
124
       
+
       
                "/run/systemd/resolve/resolv.conf"

     

       
125
       
+
       
              ];

     

       
126
       
 
       
            CapabilityBoundingSet = "";

     

       
127
       
 
       
            RestrictAddressFamilies = [

     

       
128
       
 
       
              "AF_UNIX"