colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

freeradius: make debug logging optional

Browse Source
This commit is contained in:
Linus Heckemann 2020-03-02 15:39:14 +01:00
parent cc9a4c8a06
commit 0587329191
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/services/networking/freeradius.nix
View File

@ -17,7 +17,8 @@ let
'';
serviceConfig = {
ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout -xx";
ExecStart = "${pkgs.freeradius}/bin/radiusd -f -d ${cfg.configDir} -l stdout" +
optionalString cfg.debug " -xx";
ExecReload = [
"${pkgs.freeradius}/bin/radiusd -C -d ${cfg.configDir} -l stdout"
"${pkgs.coreutils}/bin/kill -HUP $MAINPID"
@ -41,6 +42,16 @@ let
'';
};
debug = mkOption {
type = types.bool;
default = false;
description = ''
Whether to enable debug logging for freeradius (-xx
option). This should not be left on, since it includes
sensitive data such as passwords in the logs.
'';
};
};
in
@ -66,6 +77,7 @@ in
};
systemd.services.freeradius = freeradiusService cfg;
warnings = optional cfg.debug "Freeradius debug logging is enabled. This will log passwords in plaintext to the journal!";
};