diff options
author | oluceps <i@oluceps.uk> | 2024-04-13 19:32:26 +0000 |
---|---|---|
committer | oluceps <i@oluceps.uk> | 2024-04-16 13:34:08 +0000 |
commit | c2c632ff310bc090e5763fc4508edd0012ddc80a (patch) | |
tree | 53b9b090abe010aaf9c72d5c6dae2511fd8ece8f /nixos | |
parent | 0dd6aae052b3748d761c93efa16b49c02f8a14e4 (diff) |
nixos/shadowsocks: ensure password be set
Co-authored-by: Pascal Wittmann <mail@pascal-wittmann.de>
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/shadowsocks.nix | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/nixos/modules/services/networking/shadowsocks.nix b/nixos/modules/services/networking/shadowsocks.nix index 2034dca6f26b2..ab9aa4538b400 100644 --- a/nixos/modules/services/networking/shadowsocks.nix +++ b/nixos/modules/services/networking/shadowsocks.nix @@ -136,10 +136,16 @@ in ###### implementation config = mkIf cfg.enable { - assertions = singleton - { assertion = cfg.password == null || cfg.passwordFile == null; - message = "Cannot use both password and passwordFile for shadowsocks-libev"; - }; + assertions = [ + { + # xor, make sure either password or passwordFile be set. + # shadowsocks-libev not support plain/none encryption method + # which indicated that password must set. + assertion = let noPasswd = cfg.password == null; noPasswdFile = cfg.passwordFile == null; + in (noPasswd && !noPasswdFile) || (!noPasswd && noPasswdFile); + message = "Option `password` or `passwordFile` must be set and cannot be set simultaneously"; + } + ]; systemd.services.shadowsocks-libev = { description = "shadowsocks-libev Daemon"; |