wstunnel: exclude TLS arguments when enableHTTPS is false

2024-10-11 06:57:38 +03:00 · 2024-09-16 14:27:42 -07:00 · 2024-09-16 14:27:42 -07:00 · e868bfa5b1
commit e868bfa5b1
parent d33b553400
1 changed files with 15 additions and 3 deletions
--- a/nixos/modules/services/networking/wstunnel.nix
+++ b/nixos/modules/services/networking/wstunnel.nix
@ -318,10 +318,21 @@ let
              lib.cli.toGNUCommandLineShell { } (
                lib.recursiveUpdate {
                  restrict-to = map hostPortToString restrictTo;
-                  tls-certificate =
-                    if useACMEHost != null then "${certConfig.directory}/fullchain.pem" else "${tlsCertificate}";
-                  tls-private-key = if useACMEHost != null then "${certConfig.directory}/key.pem" else "${tlsKey}";
                  websocket-ping-frequency-sec = websocketPingInterval;
+                  tls-certificate =
+                    if !enableHTTPS then
+                      null
+                    else if useACMEHost != null then
+                      "${certConfig.directory}/fullchain.pem"
+                    else
+                      "${tlsCertificate}";
+                  tls-private-key =
+                    if !enableHTTPS then
+                      null
+                    else if useACMEHost != null then
+                      "${certConfig.directory}/key.pem"
+                    else
+                      "${tlsKey}";
                } extraArgs
              )
            } \
@ -475,6 +486,7 @@ in

  meta.maintainers = with lib.maintainers; [
    alyaeanyx
+    raylas
    rvdp
    neverbehave
  ];