b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/soju: add defaults and assertions for TLS

Browse source 
Enabling soju without providing a value for tlsCertificate currently
results in:

  error: The option `services.soju.tlsCertificate' is used but not
  defined.

Since tlsCertificate is intended to be optional, set default to null.

Additionally, add assertions to ensure that both tlsCertificate and
tlsCertificateKey are either set or unset.
This commit is contained in:
Michael Auchter 2022-08-02 15:22:06 +00:00
parent 1d86e56752
commit 5c0e18a6bb
1 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
nixos/modules/services/networking/soju.nix
View file

@ -49,12 +49,14 @@ in
tlsCertificate = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/host.cert";
description = lib.mdDoc "Path to server TLS certificate.";
};
tlsCertificateKey = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/host.key";
description = lib.mdDoc "Path to server TLS certificate key.";
};
@ -97,6 +99,16 @@ in
###### implementation
config = mkIf cfg.enable {
assertions = [
{
assertion = (cfg.tlsCertificate != null) == (cfg.tlsCertificateKey != null);
message = ''
services.soju.tlsCertificate and services.soju.tlsCertificateKey
must both be specified to enable TLS.
'';
}
];
systemd.services.soju = {
description = "soju IRC bouncer";
wantedBy = [ "multi-user.target" ];