On this thin client I’ve set up, I wanted pulseaudio to run before logging in, and not have any specific users on the machine. System mode was called for.
On Wheezy, pulseaudio is by default configured for per-user sessions. To remedy this, edit /etc/default/pulseaudio, putting PULSEAUDIO_SYSTEM_START=1
Then, edit /etc/pulse/system.pa – this is the file that configures the server when system mode is used, as opposed to /etc/pulse/default.pa. At the end of said file, I added two lines and some comments:
### Enable TCP and CLI load-module module-native-protocol-tcp port=1500 auth-anonymous=1 load-module module-cli-protocol-unix
Please keep in mind that the above tcp line allows access from any host. This is a potential security problem. I restrict access using shorewall and iptables, but an alternative would be the auth-ip-acl option with a list of approved IP’s. More here. Restart pulseaudio:
/etc/init.d/pulseaudio start /etc/init.d/pulseaudio restart
The above restart includes “start”, because pulseaudio’s default script does not start it on “restart” unless it’s not already running. Stupid.
Because pulseaudio now runs as the “pulse” user, commands like pacmd are a pain to use. However, as we made sure to load module-cli-protocol-unix above, they are actually usable, you just have to run them as the “pulse” user, and point it at the correct directory.
sudo PULSE_RUNTIME_PATH=/var/run/pulse -u pulse pacmd
To get access to playing sound, you now need to run anything as “pulse”… or you can simply use the TCP socket you made. Edit /etc/pulse/client.conf and set “default-server” to “localhost:1500” or similar:
default-server = localhost:1500
Now set up SSH port forwarding for port 1500, or whichever port you used above, with something like autossh and public key logins, and you’ve got remote sound playing over an encrypted tunnel. Neat.
Remember to set the default-server for client computers as well.