nixos/ttyd: allow caFile=null when enableSSL=true (#340554) (9f0fb06c) · Commits · nix / nixpkgs

nixos/modules/services/web-servers/ttyd.nix

+7 −8

Original line number	Diff line number	Diff line
		@@ -7,8 +7,6 @@ let
		inherit (lib)
		optionals
		types
		concatLists
		mapAttrsToList
		mkOption
		;

		@@ -17,16 +15,17 @@ let
		++ optionals (cfg.socket != null) [ "--interface" cfg.socket ]
		++ optionals (cfg.interface != null) [ "--interface" cfg.interface ]
		++ [ "--signal" (toString cfg.signal) ]
		++ (concatLists (mapAttrsToList (_k: _v: [ "--client-option" "${_k}=${_v}" ]) cfg.clientOptions))
		++ (lib.concatLists (lib.mapAttrsToList (_k: _v: [ "--client-option" "${_k}=${_v}" ]) cfg.clientOptions))
		++ [ "--terminal-type" cfg.terminalType ]
		++ optionals cfg.checkOrigin [ "--check-origin" ]
		++ optionals cfg.writeable [ "--writable" ] # the typo is correct
		++ [ "--max-clients" (toString cfg.maxClients) ]
		++ optionals (cfg.indexFile != null) [ "--index" cfg.indexFile ]
		++ optionals cfg.enableIPv6 [ "--ipv6" ]
		++ optionals cfg.enableSSL [ "--ssl-cert" cfg.certFile
		"--ssl-key" cfg.keyFile
		"--ssl-ca" cfg.caFile ]
		++ optionals cfg.enableSSL [ "--ssl"
		"--ssl-cert" cfg.certFile
		"--ssl-key" cfg.keyFile ]
		++ optionals ( cfg.enableSSL && cfg.caFile != null ) [ "--ssl-ca" cfg.caFile ]
		++ [ "--debug" (toString cfg.logLevel) ];

		in
		@@ -197,8 +196,8 @@ in

		assertions =
		[ { assertion = cfg.enableSSL
		-> cfg.certFile != null && cfg.keyFile != null && cfg.caFile != null;
		message = "SSL is enabled for ttyd, but no certFile, keyFile or caFile has been specified."; }
		-> cfg.certFile != null && cfg.keyFile != null;
		message = "SSL is enabled for ttyd, but no certFile or keyFile has been specified."; }
		{ assertion = cfg.writeable != null;
		message = "services.ttyd.writeable must be set"; }
		{ assertion = ! (cfg.interface != null && cfg.socket != null);

Admin message