Merge pull request #303890 from oluceps/ss-module

nixos/shadowsocks: ensure password be set
author: Pascal Wittmann <mail@pascal-wittmann.de> 2024-04-17 11:17:23 +0200
committer: GitHub <noreply@github.com> 2024-04-17 11:17:23 +0200
commit: 6ae4216336db2ac4682b2110a6a98584023d7278 (patch)
tree: 0b15351ef7373081d73e8f5d51ae65bf56f25168 /nixos
parent: 7bb0d5b6bbd7add06c6ebef74a3a8f206ea25a0e (diff)
parent: c2c632ff310bc090e5763fc4508edd0012ddc80a (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/nixos/modules/services/networking/shadowsocks.nix b/nixos/modules/services/networking/shadowsocks.nix
index 84d7ece075fef..2f6f40f2b0f60 100644
--- a/nixos/modules/services/networking/shadowsocks.nix
+++ b/nixos/modules/services/networking/shadowsocks.nix
@@ -136,10 +136,16 @@ in
   ###### implementation
 
   config = mkIf cfg.enable {
-    assertions = singleton
-      { assertion = cfg.password == null || cfg.passwordFile == null;
-        message = "Cannot use both password and passwordFile for shadowsocks-libev";
-      };
+    assertions = [
+      {
+        # xor, make sure either password or passwordFile be set.
+        # shadowsocks-libev not support plain/none encryption method
+        # which indicated that password must set.
+        assertion = let noPasswd = cfg.password == null; noPasswdFile = cfg.passwordFile == null;
+          in (noPasswd && !noPasswdFile) || (!noPasswd && noPasswdFile);
+        message = "Option `password` or `passwordFile` must be set and cannot be set simultaneously";
+      }
+    ];
 
     systemd.services.shadowsocks-libev = {
       description = "shadowsocks-libev Daemon";
author	Pascal Wittmann <mail@pascal-wittmann.de>	2024-04-17 11:17:23 +0200
committer	GitHub <noreply@github.com>	2024-04-17 11:17:23 +0200
commit	6ae4216336db2ac4682b2110a6a98584023d7278 (patch)
tree	0b15351ef7373081d73e8f5d51ae65bf56f25168 /nixos
parent	7bb0d5b6bbd7add06c6ebef74a3a8f206ea25a0e (diff)
parent	c2c632ff310bc090e5763fc4508edd0012ddc80a (diff)