diff options
author | Linus Heckemann <git@sphalerite.org> | 2020-03-02 15:39:14 +0100 |
---|---|---|
committer | Linus Heckemann <git@sphalerite.org> | 2020-03-10 15:54:02 +0100 |
commit | 0587329191ace2463c2880006baebbb3889d07bc (patch) | |
tree | 5215400cd4199a8814901eb053547a1cfbc142c7 /nixos | |
parent | cc9a4c8a06bba3c49323a9eb5df18fca4641acfc (diff) | |
download | nixlib-0587329191ace2463c2880006baebbb3889d07bc.tar nixlib-0587329191ace2463c2880006baebbb3889d07bc.tar.gz nixlib-0587329191ace2463c2880006baebbb3889d07bc.tar.bz2 nixlib-0587329191ace2463c2880006baebbb3889d07bc.tar.lz nixlib-0587329191ace2463c2880006baebbb3889d07bc.tar.xz nixlib-0587329191ace2463c2880006baebbb3889d07bc.tar.zst nixlib-0587329191ace2463c2880006baebbb3889d07bc.zip |
freeradius: make debug logging optional
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/networking/freeradius.nix | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/nixos/modules/services/networking/freeradius.nix b/nixos/modules/services/networking/freeradius.nix index e192b70c129c..3a94c6807107 100644 --- a/nixos/modules/services/networking/freeradius.nix +++ b/nixos/modules/services/networking/freeradius.nix @@ -17,7 +17,8 @@ let ''; serviceConfig = { - ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout -xx"; + ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout" + + optionalString cfg.debug " -xx"; ExecReload = [ "${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout" "${pkgs.coreutils}/bin/kill -HUP $MAINPID" @@ -41,6 +42,16 @@ let ''; }; + debug = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable debug logging for freeradius (-xx + option). This should not be left on, since it includes + sensitive data such as passwords in the logs. + ''; + }; + }; in @@ -66,6 +77,7 @@ in }; systemd.services.freeradius = freeradiusService cfg; + warnings = optional cfg.debug "Freeradius debug logging is enabled. This will log passwords in plaintext to the journal!"; }; |