pyrox.dev / nixpkgs
lol
fork atom

nixos/cloudflared: remove assertion for certificateFile (#390109)

Nick Cao 3070dbed 6b20b2d4

options
unified split
Changed files
+4 -8
nixos
modules
services
networking
cloudflared.nix
+4 -8
nixos/modules/services/networking/cloudflared.nix 
···

       
10

       
 

       
  certificateFile = lib.mkOption {


     

       
11

       
 

       
    type = with lib.types; nullOr path;


     

       
12

       
 

       
    description = ''


     

       
13

       
-

       
      Cert.pem file.


     

       
14

       
 

       



     

       
15

       
-

       
      See [Cert.pem](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-useful-terms/#certpem).


     

       

       

       
     

       

       

       
     

       
16

       
 

       
    '';


     

       
17

       
 

       
    default = null;


     

       
18

       
 

       
  };


     
···

       
301

       
 

       
  };


     

       
302

       
 

       



     

       
303

       
 

       
  config = lib.mkIf cfg.enable {


     

       
304

       
-

       
    assertions = lib.mapAttrsToList (name: tunnel: {


     

       
305

       
-

       
      assertion =


     

       
306

       
-

       
        tunnel.ingress == { } || (cfg.certificateFile != null || tunnel.certificateFile != null);


     

       
307

       
-

       
      message = "Cloudflare Tunnel ${name} has a declarative configuration, but no certificate file was defined.";


     

       
308

       
-

       
    }) cfg.tunnels;


     

       
309

       
-

       



     

       
310

       
 

       
    systemd.targets = lib.mapAttrs' (


     

       
311

       
 

       
      name: tunnel:


     

       
312

       
 

       
      lib.nameValuePair "cloudflared-tunnel-${name}" {


     
···

       
10

       
 

       
  certificateFile = lib.mkOption {


     

       
11

       
 

       
    type = with lib.types; nullOr path;


     

       
12

       
 

       
    description = ''


     

       
13

       
+

       
      Account certificate file, necessary to create, delete and manage tunnels. It can be obtained by running `cloudflared login`.


     

       
14

       
 

       



     

       
15

       
+

       
      Note that this is **necessary** for a fully declarative set up, as routes can not otherwise be created outside of the Cloudflare interface.


     

       
16

       
+

       



     

       
17

       
+

       
      See [Cert.pem](https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-useful-terms/#certpem) for information about the file, and [Tunnel permissions](https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/tunnel-permissions/) for a comparison between the account certificate and the tunnel credentials file.


     

       
18

       
 

       
    '';


     

       
19

       
 

       
    default = null;


     

       
20

       
 

       
  };


     
···

       
303

       
 

       
  };


     

       
304

       
 

       



     

       
305

       
 

       
  config = lib.mkIf cfg.enable {


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
306

       
 

       
    systemd.targets = lib.mapAttrs' (


     

       
307

       
 

       
      name: tunnel:


     

       
308

       
 

       
      lib.nameValuePair "cloudflared-tunnel-${name}" {