nixpkgs/modules/security/rngd.nix
Eelco Dolstra ae4e94d9ac Rename ‘boot.systemd’ to ‘systemd’
Suggested by Mathijs Kwik.  ‘boot.systemd’ is a misnomer because
systemd affects more than just booting.  And it saves some typing.
2013-01-16 12:33:18 +01:00

38 lines
1,011 B
Nix

{ config, pkgs, ... }:
with pkgs.lib;
{
options = {
security.rngd.enable = mkOption {
default = true;
description = ''
Whether to enable the rng daemon, which adds entropy from
hardware sources of randomness to the kernel entropy pool when
available.
'';
};
};
config = mkIf config.security.rngd.enable {
services.udev.extraRules = ''
KERNEL=="random", TAG+="systemd"
SUBSYSTEM=="cpu", ENV{MODALIAS}=="x86cpu:*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
KERNEL=="tmp0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
'';
systemd.services.rngd = {
bindsTo = [ "dev-random.device" ];
after = [ "dev-random.device" ];
description = "Hardware RNG Entropy Gatherer Daemon";
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f";
restartTriggers = [ pkgs.rng_tools ];
};
};
}