diff --git a/.gitignore b/.gitignore
index 610550b9..d047cbfd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,6 +17,8 @@
 /headscale
 config.json
 config.yaml
+derp.yaml
+*.hujson
 *.key
 /db.sqlite
 *.sqlite3
diff --git a/acls.go b/acls.go
index 1550c340..4017e28e 100644
--- a/acls.go
+++ b/acls.go
@@ -34,6 +34,11 @@ const (
 
 // LoadACLPolicy loads the ACL policy from the specify path, and generates the ACL rules.
 func (h *Headscale) LoadACLPolicy(path string) error {
+	log.Debug().
+		Str("func", "LoadACLPolicy").
+		Str("path", path).
+		Msg("Loading ACL policy from path")
+
 	policyFile, err := os.Open(path)
 	if err != nil {
 		return err
@@ -67,6 +72,8 @@ func (h *Headscale) LoadACLPolicy(path string) error {
 	}
 	h.aclRules = rules
 
+	log.Trace().Interface("ACL", rules).Msg("ACL rules generated")
+
 	return nil
 }
 
diff --git a/app.go b/app.go
index db788908..b9d570c5 100644
--- a/app.go
+++ b/app.go
@@ -418,12 +418,12 @@ func (h *Headscale) Serve() error {
 
 	err = h.ensureUnixSocketIsAbsent()
 	if err != nil {
-		panic(err)
+		return fmt.Errorf("unable to remove old socket file: %w", err)
 	}
 
 	socketListener, err := net.Listen("unix", h.cfg.UnixSocket)
 	if err != nil {
-		panic(err)
+		return fmt.Errorf("failed to set up gRPC socket: %w", err)
 	}
 
 	// Handle common process-killing signals so we can gracefully shut down:
@@ -441,7 +441,7 @@ func (h *Headscale) Serve() error {
 
 	networkListener, err := net.Listen("tcp", h.cfg.Addr)
 	if err != nil {
-		panic(err)
+		return fmt.Errorf("failed to bind to TCP address: %w", err)
 	}
 
 	// Create the cmux object that will multiplex 2 protocols on the same port.
diff --git a/config-example.yaml b/config-example.yaml
index 692c605a..29b2f3ff 100644
--- a/config-example.yaml
+++ b/config-example.yaml
@@ -54,6 +54,8 @@ tls_letsencrypt_challenge_type: HTTP-01
 tls_cert_path: ""
 tls_key_path: ""
 
+log_level: info
+
 # Path to a file containg ACL policies.
 acl_policy_path: ""