FreeRADIUS is a popular and flexible open-source RADIUS (Remote Authentication Dial-In User Service) server that provides centralized authentication, authentication logging, and accounting management for network devices.
In this tutorial, we will go through the steps to get FreeRADIUS installed on NixOS, which is a Linux distribution that emphasizes a declarative configuration model and atomic upgrades and rollbacks.
Before you start, ensure that you have a running NixOS instance and root access to the machine.
Update NixOS:
sudo nix-channel --update && sudo nixos-rebuild switch
Next, install FreeRADIUS:
sudo nix-env -iA nixos.freeradius
Modify /etc/raddb/mods-enabled/eap to include the following lines:
eap {
tls {
private_key_password = "yourpassword"
private_key_file = ${certdir}/server.key
certificate_file = ${certdir}/server.crt
}
}
Generate a self-signed SSL/TLS certificate for FreeRADIUS:
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/raddb/certs/server.key -out /etc/raddb/certs/server.crt
Note: Replace 3650 with the number of days the certificate should remain valid. You can change this value as required.
Finally, enable and start the FreeRADIUS service:
sudo systemctl enable freeradius
sudo systemctl start freeradius
By following the instructions outlined in this tutorial, you should now have FreeRADIUS successfully installed and running on your NixOS instance. You can now configure the RADIUS server to authenticate network devices by modifying the /etc/raddb/users file.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
Alternatively, for the best virtual desktop, try Shells!
