public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

freeradius: make debug logging optional

Browse Source
This commit is contained in:
Linus Heckemann 2020-03-02 15:39:14 +01:00
parent cc9a4c8a06
commit 0587329191
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/services/networking/freeradius.nix
View File

@ -17,7 +17,8 @@ let
''; '';
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout -xx"; ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout" +
optionalString cfg.debug " -xx";
ExecReload = [ ExecReload = [
"${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout" "${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout"
"${pkgs.coreutils}/bin/kill -HUP $MAINPID" "${pkgs.coreutils}/bin/kill -HUP $MAINPID"
@ -41,6 +42,16 @@ let
''; '';
}; };
debug = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable debug logging for freeradius (-xx
option). This should not be left on, since it includes
sensitive data such as passwords in the logs.
'';
};
}; };
in in
@ -66,6 +77,7 @@ in
}; };
systemd.services.freeradius = freeradiusService cfg; systemd.services.freeradius = freeradiusService cfg;
warnings = optional cfg.debug "Freeradius debug logging is enabled. This will log passwords in plaintext to the journal!";
}; };