nixos/soju: add defaults and assertions for TLS

Enabling soju without providing a value for tlsCertificate currently
results in:

  error: The option `services.soju.tlsCertificate' is used but not
  defined.

Since tlsCertificate is intended to be optional, set default to null.

Additionally, add assertions to ensure that both tlsCertificate and
tlsCertificateKey are either set or unset.
This commit is contained in:
Michael Auchter 2022-08-02 15:22:06 +00:00
parent 1d86e56752
commit 5c0e18a6bb

View File

@ -49,12 +49,14 @@ in
tlsCertificate = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/host.cert";
description = lib.mdDoc "Path to server TLS certificate.";
};
tlsCertificateKey = mkOption {
type = types.nullOr types.path;
default = null;
example = "/var/host.key";
description = lib.mdDoc "Path to server TLS certificate key.";
};
@ -97,6 +99,16 @@ in
###### implementation
config = mkIf cfg.enable {
assertions = [
{
assertion = (cfg.tlsCertificate != null) == (cfg.tlsCertificateKey != null);
message = ''
services.soju.tlsCertificate and services.soju.tlsCertificateKey
must both be specified to enable TLS.
'';
}
];
systemd.services.soju = {
description = "soju IRC bouncer";
wantedBy = [ "multi-user.target" ];