From 5c0e18a6bb553e692f276b7dafcd8058d5460046 Mon Sep 17 00:00:00 2001
From: Michael Auchter <a@phire.org>
Date: Tue, 2 Aug 2022 15:22:06 +0000
Subject: [PATCH] nixos/soju: add defaults and assertions for TLS

Enabling soju without providing a value for tlsCertificate currently
results in:

  error: The option `services.soju.tlsCertificate' is used but not
  defined.

Since tlsCertificate is intended to be optional, set default to null.

Additionally, add assertions to ensure that both tlsCertificate and
tlsCertificateKey are either set or unset.
---
 nixos/modules/services/networking/soju.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/nixos/modules/services/networking/soju.nix b/nixos/modules/services/networking/soju.nix
index a92d274aea2..32ace43660a 100644
--- a/nixos/modules/services/networking/soju.nix
+++ b/nixos/modules/services/networking/soju.nix
@@ -49,12 +49,14 @@ in
 
     tlsCertificate = mkOption {
       type = types.nullOr types.path;
+      default = null;
       example = "/var/host.cert";
       description = lib.mdDoc "Path to server TLS certificate.";
     };
 
     tlsCertificateKey = mkOption {
       type = types.nullOr types.path;
+      default = null;
       example = "/var/host.key";
       description = lib.mdDoc "Path to server TLS certificate key.";
     };
@@ -97,6 +99,16 @@ in
   ###### implementation
 
   config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = (cfg.tlsCertificate != null) == (cfg.tlsCertificateKey != null);
+        message = ''
+          services.soju.tlsCertificate and services.soju.tlsCertificateKey
+          must both be specified to enable TLS.
+        '';
+      }
+    ];
+
     systemd.services.soju = {
       description = "soju IRC bouncer";
       wantedBy = [ "multi-user.target" ];