Merge pull request #184845 from auchter/auchter/soju-tls

2 years ago · 805e3f9451
parent f053913c60 5c0e18a6bb
commit 805e3f9451
1 changed files with 12 additions and 0 deletions
--- a/nixos/modules/services/networking/soju.nix
+++ b/nixos/modules/services/networking/soju.nix
@ -49,12 +49,14 @@ in

    tlsCertificate = mkOption {
      type = types.nullOr types.path;
+      default = null;
      example = "/var/host.cert";
      description = lib.mdDoc "Path to server TLS certificate.";
    };

    tlsCertificateKey = mkOption {
      type = types.nullOr types.path;
+      default = null;
      example = "/var/host.key";
      description = lib.mdDoc "Path to server TLS certificate key.";
    };
@ -97,6 +99,16 @@ in
  ###### implementation

  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = (cfg.tlsCertificate != null) == (cfg.tlsCertificateKey != null);
+        message = ''
+          services.soju.tlsCertificate and services.soju.tlsCertificateKey
+          must both be specified to enable TLS.
+        '';
+      }
+    ];
+
    systemd.services.soju = {
      description = "soju IRC bouncer";
      wantedBy = [ "multi-user.target" ];