add assertions: selfprivacy.sso.enable -> modules.*.enableSso

2025-02-03 01:51:19 +04:00
parent 331fa63b33
commit 1ff180ad1a
8 changed files with 35 additions and 1 deletions
--- a/sp-modules/roundcube/config-paths-needed.json
+++ b/sp-modules/roundcube/config-paths-needed.json
@@ -9,5 +9,6 @@
  [ "selfprivacy", "passthru", "auth", "oauth2-provider-name" ],
  [ "selfprivacy", "passthru", "auth", "oauth2-systemd-service" ],
  [ "selfprivacy", "passthru", "mailserver", "oauth-client-id" ],
-  [ "selfprivacy", "passthru", "mailserver", "oauth-client-secret-fp" ]
+  [ "selfprivacy", "passthru", "mailserver", "oauth-client-secret-fp" ],
+  [ "selfprivacy", "sso", "enable" ]
 ]
--- a/sp-modules/roundcube/module.nix
+++ b/sp-modules/roundcube/module.nix
@@ -57,6 +57,13 @@ in

  config = lib.mkIf cfg.enable (lib.mkMerge [
    {
+      assertions = [
+        {
+          assertion = cfg.enableSso -> config.selfprivacy.sso.enable;
+          message =
+            "SSO cannot be enabled for Roundcube when SSO is disabled globally.";
+        }
+      ];
      services.roundcube = {
        enable = true;
        # this is the url of the vhost, not necessarily the same as the fqdn of