···

       
128
       
128
       
 
       
  };

     

       
129
       
129
       
 
       


     

       
130
       
130
       
 
       
  config = mkIf cfg.enable {

     

       
131
       
131
       
-
       
    assertions = [

     

       
132
       
132
       
-
       
      {

     

       
133
       
133
       
-
       
        assertion = cfg.insecure || (cfg.certFile != null && cfg.keyFile != null);

     

       
134
       
134
       
-
       
        message = ''

     

       
135
       
135
       
-
       
          Galene needs both certFile and keyFile defined for encryption, or

     

       
136
       
136
       
-
       
          the insecure flag.

     

       
137
       
137
       
-
       
        '';

     

       
138
       
138
       
-
       
      }

     

       
139
       
139
       
-
       
    ];

     

       
140
       
140
       
-
       


     

       
141
       
131
       
 
       
    systemd.services.galene = {

     

       
142
       
132
       
 
       
      description = "galene";

     

       
143
       
133
       
 
       
      after = [ "network.target" ];

     

       
144
       
134
       
 
       
      wantedBy = [ "multi-user.target" ];

     

       
145
       
135
       
 
       


     

       
146
       
136
       
 
       
      preStart = ''

     

       
147
       
147
       
-
       
        ${optionalString (cfg.insecure != true) ''

     

       
137
       
137
       
+
       
        ${optionalString (cfg.insecure != true && cfg.certFile != null && cfg.keyFile != null) ''

     

       
148
       
138
       
 
       
          install -m 700 -o '${cfg.user}' -g '${cfg.group}' ${cfg.certFile} ${cfg.dataDir}/cert.pem

     

       
149
       
139
       
 
       
          install -m 700 -o '${cfg.user}' -g '${cfg.group}' ${cfg.keyFile} ${cfg.dataDir}/key.pem

     

       
150
       
140
       
 
       
        ''}