add assertions: selfprivacy.sso.enable -> modules.*.enableSso

sp-modules/gitea/config-paths-needed.json

@@ -11,6 +11,7 @@
   [ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
   [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
   [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
+  [ "selfprivacy", "sso", "enable" ],
   [ "selfprivacy", "useBinds" ],
   [ "services", "forgejo", "group" ],
   [ "services", "forgejo", "package" ]

sp-modules/gitea/module.nix

@@ -200,6 +200,13 @@ in
 
   config = lib.mkIf cfg.enable (lib.mkMerge [
     {
+      assertions = [
+        {
+          assertion = cfg.enableSso -> sp.sso.enable;
+          message =
+            "SSO cannot be enabled for Forgejo when SSO is disabled globally.";
+        }
+      ];
       fileSystems = lib.mkIf sp.useBinds {
         "/var/lib/gitea" = {
           device = "/volumes/${cfg.location}/gitea";

sp-modules/nextcloud/config-paths-needed.json

@@ -11,6 +11,7 @@
   [ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
   [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
   [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
+  [ "selfprivacy", "sso", "enable" ],
   [ "selfprivacy", "useBinds" ],
   [ "services", "nextcloud" ],
   [ "services", "phpfpm", "pools", "nextcloud", "group" ],

sp-modules/nextcloud/module.nix

@@ -152,6 +152,13 @@ in
   # config = lib.mkIf sp.modules.nextcloud.enable
   config = lib.mkIf sp.modules.nextcloud.enable (lib.mkMerge [
     {
+      assertions = [
+        {
+          assertion = cfg.enableSso -> sp.sso.enable;
+          message =
+            "SSO cannot be enabled for Nextcloud when SSO is disabled globally.";
+        }
+      ];
       fileSystems = lib.mkIf sp.useBinds {
         "/var/lib/nextcloud" = {
           device = "/volumes/${cfg.location}/nextcloud";

sp-modules/roundcube/config-paths-needed.json

@@ -9,5 +9,6 @@
   [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
   [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
   [ "selfprivacy", "passthru", "mailserver", "oauth-client-id" ],
-  [ "selfprivacy", "passthru", "mailserver", "oauth-client-secret-fp" ]
+  [ "selfprivacy", "passthru", "mailserver", "oauth-client-secret-fp" ],
+  [ "selfprivacy", "sso", "enable" ]
 ]

sp-modules/roundcube/module.nix

@@ -57,6 +57,13 @@ in
 
   config = lib.mkIf cfg.enable (lib.mkMerge [
     {
+      assertions = [
+        {
+          assertion = cfg.enableSso -> config.selfprivacy.sso.enable;
+          message =
+            "SSO cannot be enabled for Roundcube when SSO is disabled globally.";
+        }
+      ];
       services.roundcube = {
         enable = true;
         # this is the url of the vhost, not necessarily the same as the fqdn of

sp-modules/simple-nixos-mailserver/config-paths-needed.json

@@ -15,6 +15,7 @@
   [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
   [ "selfprivacy", "passthru", "roundcube", "oauth-client-id" ],
   [ "selfprivacy", "passthru", "roundcube", "oauth-client-secret-fp" ],
+  [ "selfprivacy", "sso", "enable" ],
   [ "selfprivacy", "useBinds" ],
   [ "selfprivacy", "username" ],
   [ "selfprivacy", "users" ],

sp-modules/simple-nixos-mailserver/config.nix

@@ -71,6 +71,15 @@ let
 in
 lib.mkIf sp.modules.simple-nixos-mailserver.enable (lib.mkMerge [
   {
+    assertions = [
+      {
+        assertion =
+          config.selfprivacy.modules.simple-nixos-mailserver.enableSso
+          -> config.selfprivacy.sso.enable;
+        message =
+          "SSO cannot be enabled for Roundcube when SSO is disabled globally.";
+      }
+    ];
     fileSystems = lib.mkIf sp.useBinds
       {
         "/var/vmail" = {