nixos/acme: fix assertion, add actual values to message (#263543)

author: K900 <me@0upti.me> 2023-10-26 12:28:43 +0300
committer: GitHub <noreply@github.com> 2023-10-26 11:28:43 +0200
commit: 5438b83028a83e320f5fae9b11a11478b149c391 (patch)
tree: 5df7573d0d7ea51c3ff0836b2a808a332b7b8442 /nixos/modules/security
parent: 56ffb3d80f16383c38bebe067578a1e5b41487c4 (diff)
1 files changed, 6 insertions, 8 deletions
diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix
index 186e6bb24de9c..932bf3e791159 100644
--- a/nixos/modules/security/acme/default.nix
+++ b/nixos/modules/security/acme/default.nix
@@ -938,13 +938,10 @@ in {
             and remove the wildcard from the path.
           '';
         }
-        {
-          assertion = lib.length (lib.filter (x: x != null) [
-            data.dnsProvider
-            data.webroot
-            data.listenHTTP
-            data.s3Bucket
-          ]) != 1;
+        (let exclusiveAttrs = {
+          inherit (data) dnsProvider webroot listenHTTP s3Bucket;
+        }; in {
+          assertion = lib.length (lib.filter (x: x != null) (builtins.attrValues exclusiveAttrs)) == 1;
           message = ''
             Exactly one of the options
             `security.acme.certs.${cert}.dnsProvider`,
@@ -952,8 +949,9 @@ in {
             `security.acme.certs.${cert}.listenHTTP` and
             `security.acme.certs.${cert}.s3Bucket`
             is required.
+            Current values: ${(lib.generators.toPretty {} exclusiveAttrs)}.
           '';
-        }
+        })
         {
           assertion = all (hasSuffix "_FILE") (attrNames data.credentialFiles);
           message = ''
author	K900 <me@0upti.me>	2023-10-26 12:28:43 +0300
committer	GitHub <noreply@github.com>	2023-10-26 11:28:43 +0200
commit	5438b83028a83e320f5fae9b11a11478b149c391 (patch)
tree	5df7573d0d7ea51c3ff0836b2a808a332b7b8442 /nixos/modules/security
parent	56ffb3d80f16383c38bebe067578a1e5b41487c4 (diff)