Merge pull request #82252 from mayflower/radius-http2

FreeRADIUS improvements
author: Linus Heckemann <git@sphalerite.org> 2020-03-10 16:01:46 +0100
committer: GitHub <noreply@github.com> 2020-03-10 16:01:46 +0100
commit: dfc70d37f4a7f1066af05118a47bb2bd01c751f9 (patch)
tree: 6e68b18b3eed15172c9fe393a652b3f266406831 /nixos
parent: 320334aee7f64b85c7ef4a6c508f51dd182151fa (diff)
parent: 065716ab9517747ec760bd0193553ab8453cc53b (diff)
download: nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar
nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar.gz
nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar.bz2
nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar.lz
nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar.xz
nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar.zst
nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.zip
1 files changed, 15 insertions, 3 deletions
diff --git a/nixos/modules/services/networking/freeradius.nix b/nixos/modules/services/networking/freeradius.nix
index e192b70c129c..f3fdd576b65c 100644
--- a/nixos/modules/services/networking/freeradius.nix
+++ b/nixos/modules/services/networking/freeradius.nix
@@ -10,14 +10,15 @@ let
   {
     description = "FreeRadius server";
     wantedBy = ["multi-user.target"];
-    after = ["network-online.target"];
-    wants = ["network-online.target"];
+    after = ["network.target"];
+    wants = ["network.target"];
     preStart = ''
       ${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout
     '';
 
     serviceConfig = {
-        ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout -xx";
+        ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout" +
+                    optionalString cfg.debug " -xx";
         ExecReload = [
           "${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout"
           "${pkgs.coreutils}/bin/kill -HUP $MAINPID"
@@ -41,6 +42,16 @@ let
       '';
     };
 
+    debug = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable debug logging for freeradius (-xx
+        option). This should not be left on, since it includes
+        sensitive data such as passwords in the logs.
+      '';
+    };
+
   };
 
 in
@@ -66,6 +77,7 @@ in
     };
 
     systemd.services.freeradius = freeradiusService cfg;
+    warnings = optional cfg.debug "Freeradius debug logging is enabled. This will log passwords in plaintext to the journal!";
 
   };
author	Linus Heckemann <git@sphalerite.org>	2020-03-10 16:01:46 +0100
committer	GitHub <noreply@github.com>	2020-03-10 16:01:46 +0100
commit	dfc70d37f4a7f1066af05118a47bb2bd01c751f9 (patch)
tree	6e68b18b3eed15172c9fe393a652b3f266406831 /nixos
parent	320334aee7f64b85c7ef4a6c508f51dd182151fa (diff)
parent	065716ab9517747ec760bd0193553ab8453cc53b (diff)
download	nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar.gz nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar.bz2 nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar.lz nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar.xz nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.tar.zst nixlib-dfc70d37f4a7f1066af05118a47bb2bd01c751f9.zip