nixos/shadowsocks: ensure password be set

Co-authored-by: Pascal Wittmann <mail@pascal-wittmann.de>
author: oluceps <i@oluceps.uk> 2024-04-13 19:32:26 +0000
committer: oluceps <i@oluceps.uk> 2024-04-16 13:34:08 +0000
commit: c2c632ff310bc090e5763fc4508edd0012ddc80a (patch)
tree: 53b9b090abe010aaf9c72d5c6dae2511fd8ece8f /nixos
parent: 0dd6aae052b3748d761c93efa16b49c02f8a14e4 (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/nixos/modules/services/networking/shadowsocks.nix b/nixos/modules/services/networking/shadowsocks.nix
index 2034dca6f26b2..ab9aa4538b400 100644
--- a/nixos/modules/services/networking/shadowsocks.nix
+++ b/nixos/modules/services/networking/shadowsocks.nix
@@ -136,10 +136,16 @@ in
   ###### implementation
 
   config = mkIf cfg.enable {
-    assertions = singleton
-      { assertion = cfg.password == null || cfg.passwordFile == null;
-        message = "Cannot use both password and passwordFile for shadowsocks-libev";
-      };
+    assertions = [
+      {
+        # xor, make sure either password or passwordFile be set.
+        # shadowsocks-libev not support plain/none encryption method
+        # which indicated that password must set.
+        assertion = let noPasswd = cfg.password == null; noPasswdFile = cfg.passwordFile == null;
+          in (noPasswd && !noPasswdFile) || (!noPasswd && noPasswdFile);
+        message = "Option `password` or `passwordFile` must be set and cannot be set simultaneously";
+      }
+    ];
 
     systemd.services.shadowsocks-libev = {
       description = "shadowsocks-libev Daemon";
author	oluceps <i@oluceps.uk>	2024-04-13 19:32:26 +0000
committer	oluceps <i@oluceps.uk>	2024-04-16 13:34:08 +0000
commit	c2c632ff310bc090e5763fc4508edd0012ddc80a (patch)
tree	53b9b090abe010aaf9c72d5c6dae2511fd8ece8f /nixos
parent	0dd6aae052b3748d761c93efa16b49c02f8a14e4 (diff)