public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rngd: Require /dev/random, only start when a hardware randomness source becomes available

Browse Source
This commit is contained in:
Shea Levy 2012-11-26 08:45:23 -05:00
parent f3c9c83e04
commit a5ef0ffe12
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/security/rngd.nix
View File

@ -5,7 +5,7 @@ with pkgs.lib;
{ {
options = { options = {
security.rngd.enable = mkOption { security.rngd.enable = mkOption {
default = false; default = true;
description = '' description = ''
Whether to enable the rng daemon, which adds entropy from Whether to enable the rng daemon, which adds entropy from
hardware sources of randomness to the kernel entropy pool when hardware sources of randomness to the kernel entropy pool when
@ -15,12 +15,23 @@ with pkgs.lib;
}; };
config = mkIf config.security.rngd.enable { config = mkIf config.security.rngd.enable {
services.udev.extraRules = ''
KERNEL=="random", TAG+="systemd"
SUBSYSTEM=="cpu", ENV{MODALIAS}=="x86cpu:*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
KERNEL=="tmp0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
'';
boot.systemd.services.rngd = { boot.systemd.services.rngd = {
wantedBy = [ "multi-user.target" ]; bindsTo = [ "dev-random.device" ];
after = [ "dev-random.device" ];
description = "Hardware RNG Entropy Gatherer Daemon"; description = "Hardware RNG Entropy Gatherer Daemon";
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f"; serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f";
restartTriggers = [ pkgs.rng_tools ];
}; };
}; };
} }