add assertions: selfprivacy.sso.enable -> modules.*.enableSso

2025-02-03 01:51:19 +04:00
parent 331fa63b33
commit 1ff180ad1a
8 changed files with 35 additions and 1 deletions
--- a/sp-modules/gitea/config-paths-needed.json
+++ b/sp-modules/gitea/config-paths-needed.json
@@ -11,6 +11,7 @@
  [ "selfprivacy", "passthru", "auth", "oauth2-discovery-url" ],
  [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
  [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
+  [ "selfprivacy", "sso", "enable" ],
  [ "selfprivacy", "useBinds" ],
  [ "services", "forgejo", "group" ],
  [ "services", "forgejo", "package" ]
--- a/sp-modules/gitea/module.nix
+++ b/sp-modules/gitea/module.nix
@@ -200,6 +200,13 @@ in

  config = lib.mkIf cfg.enable (lib.mkMerge [
    {
+      assertions = [
+        {
+          assertion = cfg.enableSso -> sp.sso.enable;
+          message =
+            "SSO cannot be enabled for Forgejo when SSO is disabled globally.";
+        }
+      ];
      fileSystems = lib.mkIf sp.useBinds {
        "/var/lib/gitea" = {
          device = "/volumes/${cfg.location}/gitea";