search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.42k stars 13.63k forks source link

services.ttyd uses overzealous (incorrect) assertion for SSL #340414

Open dmayle opened 1 week ago

dmayle commented 1 week ago

Describe the bug

services.ttyd has an assertion on enableSSL that requires certFile, keyFile, and caFile, but caFile is optional with SSL and only used for client certificate validation. ttyd is able to serve over SSL with valid certificates

Steps To Reproduce

Steps to reproduce the behavior:

{
  services.ttyd = {
    enable = true;
    enableSSL = true;
    certFile = /path/to/cert.pem;
    keyFile = /path/to/key.pem;
}

Expected behavior

services.ttyd builds with the provided options

Notify maintainers

@thoughtpolice @pbsds

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 6.6.47, NixOS, 24.11 (Vicuna), 24.11.20240828.71e91c4`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.18.5`
 - nixpkgs: `/etc/nixpath/nixpkgs`

Add a :+1: reaction to issues you find important.

dmayle commented 1 week ago

I've committed a fixed ttyd.nix file to my own flake that fixes the assertion (as well as adding the "--ssl" flag, which was missing) https://github.com/dmayle/nix-config/blob/main/nixos-profiles/ttyd.nix

pbsds commented 1 week ago

please view https://github.com/NixOS/nixpkgs/pull/340554