public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixpkgs/nixos/modules/security/rngd.nix

40 lines
1.1 KiB
Nix
Raw Normal View History

Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem.
2014-04-14 16:26:48 +02:00
{ config, lib, pkgs, ... }:
Add rngd service. Inspired by http://pkgs.fedoraproject.org/cgit/rng-tools.git/tree/rngd.service?id=27b1912b2d9659b6934fd4c887e46c13958e7e3c
2012-11-22 02:07:25 -05:00
Rewrite ‘with pkgs.lib’ -> ‘with lib’ Using pkgs.lib on the spine of module evaluation is problematic because the pkgs argument depends on the result of module evaluation. To prevent an infinite recursion, pkgs and some of the modules are evaluated twice, which is inefficient. Using ‘with lib’ prevents this problem.
2014-04-14 16:26:48 +02:00
with lib;
Add rngd service. Inspired by http://pkgs.fedoraproject.org/cgit/rng-tools.git/tree/rngd.service?id=27b1912b2d9659b6934fd4c887e46c13958e7e3c
2012-11-22 02:07:25 -05:00
{
options = {
security.rngd.enable = mkOption {
Add lots of missing option types
2013-10-30 17:37:45 +01:00
type = types.bool;
rngd: Require /dev/random, only start when a hardware randomness source becomes available
2012-11-26 08:45:23 -05:00
default = true;
Add rngd service. Inspired by http://pkgs.fedoraproject.org/cgit/rng-tools.git/tree/rngd.service?id=27b1912b2d9659b6934fd4c887e46c13958e7e3c
2012-11-22 02:07:25 -05:00
description = ''
Typo
2012-11-22 10:41:54 +01:00
Whether to enable the rng daemon, which adds entropy from
Add rngd service. Inspired by http://pkgs.fedoraproject.org/cgit/rng-tools.git/tree/rngd.service?id=27b1912b2d9659b6934fd4c887e46c13958e7e3c
2012-11-22 02:07:25 -05:00
hardware sources of randomness to the kernel entropy pool when
Disable rngd by default while I work on some patches to make it more systemd-friendly
2012-11-22 10:14:41 -05:00
available.
Add rngd service. Inspired by http://pkgs.fedoraproject.org/cgit/rng-tools.git/tree/rngd.service?id=27b1912b2d9659b6934fd4c887e46c13958e7e3c
2012-11-22 02:07:25 -05:00
'';
};
};
config = mkIf config.security.rngd.enable {
rngd: Require /dev/random, only start when a hardware randomness source becomes available
2012-11-26 08:45:23 -05:00
services.udev.extraRules = ''
KERNEL=="random", TAG+="systemd"
SUBSYSTEM=="cpu", ENV{MODALIAS}=="x86cpu:*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
KERNEL=="tmp0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
'';
Rename ‘boot.systemd’ to ‘systemd’ Suggested by Mathijs Kwik. ‘boot.systemd’ is a misnomer because systemd affects more than just booting. And it saves some typing.
2013-01-16 12:33:18 +01:00
systemd.services.rngd = {
rngd: Require /dev/random, only start when a hardware randomness source becomes available
2012-11-26 08:45:23 -05:00
bindsTo = [ "dev-random.device" ];
after = [ "dev-random.device" ];
Add rngd service. Inspired by http://pkgs.fedoraproject.org/cgit/rng-tools.git/tree/rngd.service?id=27b1912b2d9659b6934fd4c887e46c13958e7e3c
2012-11-22 02:07:25 -05:00
description = "Hardware RNG Entropy Gatherer Daemon";
Only disable TPM access by rngd when tcsd is enabled.
2014-04-22 13:41:22 +02:00
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v" +
(if config.services.tcsd.enable then " --no-tpm=1" else "");
rngd: Require /dev/random, only start when a hardware randomness source becomes available
2012-11-26 08:45:23 -05:00
restartTriggers = [ pkgs.rng_tools ];
Add rngd service. Inspired by http://pkgs.fedoraproject.org/cgit/rng-tools.git/tree/rngd.service?id=27b1912b2d9659b6934fd4c887e46c13958e7e3c
2012-11-22 02:07:25 -05:00
};
};
}
Reference in New Issue Copy Permalink