How to Install FreeRADIUS on NixOS

Introduction

FreeRADIUS is a popular and flexible open-source RADIUS (Remote Authentication Dial-In User Service) server that provides centralized authentication, authentication logging, and accounting management for network devices.

In this tutorial, we will go through the steps to get FreeRADIUS installed on NixOS, which is a Linux distribution that emphasizes a declarative configuration model and atomic upgrades and rollbacks.

Prerequisites

Before you start, ensure that you have a running NixOS instance and root access to the machine.

Installation

1. Update NixOS:

   sudo nix-channel --update && sudo nixos-rebuild switch
   

2. Next, install FreeRADIUS:

   sudo nix-env -iA nixos.freeradius
   

3. Modify /etc/raddb/mods-enabled/eap to include the following lines:

   eap {
     tls {
       private_key_password = "yourpassword"
       private_key_file = ${certdir}/server.key
       certificate_file = ${certdir}/server.crt
     }
   }
   

4. Generate a self-signed SSL/TLS certificate for FreeRADIUS:

   sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/raddb/certs/server.key -out /etc/raddb/certs/server.crt
   

   Note: Replace 3650 with the number of days the certificate should remain valid. You can change this value as required.

5. Finally, enable and start the FreeRADIUS service:

   sudo systemctl enable freeradius
   sudo systemctl start freeradius
   

Conclusion

By following the instructions outlined in this tutorial, you should now have FreeRADIUS successfully installed and running on your NixOS instance. You can now configure the RADIUS server to authenticate network devices by modifying the /etc/raddb/users file.