nixos/{varnish,vinyl-cache}: add assertions to prevent users using wrong module (21318349) · Commits · nix / nixpkgs

nixos/modules/services/web-servers/varnish/default.nix

+17 −10

Original line number	Diff line number	Diff line
		@@ -223,7 +223,8 @@ in
		'')
		];

		assertions = concatMap (m: [
		assertions =
		(concatMap (m: [
		{
		assertion = (hasPrefix "/" m.address) \|\| (hasPrefix "@" m.address) -> m.port == null;
		message = "Listen ports must not be specified with UNIX sockets: ${builtins.toJSON m}";
		@@ -232,7 +233,13 @@ in
		assertion = !(hasPrefix "/" m.address) -> m.user == null && m.group == null && m.mode == null;
		message = "Abstract UNIX sockets or IP sockets can not be used with user, group, and mode settings: ${builtins.toJSON m}";
		}
		]) cfg.listen;
		]) cfg.listen)
		++ [
		{
		assertion = cfg.package.pname != "vinyl-cache";
		message = "services.varnish only supports Varnish Cache. Please use services.vinyl-cache.";
		}
		];

		warnings =
		lib.optional (!isNull cfg.http_address)

+18 −0

Original line number	Diff line number	Diff line
		@@ -205,6 +205,24 @@ in
		'')
		];

		assertions =
		concatMap (m: [
		{
		assertion = (hasPrefix "/" m.address) \|\| (hasPrefix "@" m.address) -> m.port == null;
		message = "Listen ports must not be specified with UNIX sockets: ${builtins.toJSON m}";
		}
		{
		assertion = !(hasPrefix "/" m.address) -> m.user == null && m.group == null && m.mode == null;
		message = "Abstract UNIX sockets or IP sockets can not be used with user, group, and mode settings: ${builtins.toJSON m}";
		}
		]) cfg.listen
		++ [
		{
		assertion = cfg.package.pname == "vinyl-cache";
		message = "services.vinyl-cache only supports Vinyl Cache. Please use services.varnish.";
		}
		];
		})
		(lib.mkIf (cfg.enable && cfg.enableFileLogging) {
		systemd.services = {
		vinylncsa = {