rngd: add option to run w/debug flag
Added while testing if adding hardening directives to the service blocked access to various sources, might be useful in the future.
This commit is contained in:
parent
5e407fcbb0
commit
b809071ffb
|
@ -2,20 +2,30 @@
|
|||
|
||||
with lib;
|
||||
|
||||
let
|
||||
cfg = config.security.rngd;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
security.rngd.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to enable the rng daemon, which adds entropy from
|
||||
hardware sources of randomness to the kernel entropy pool when
|
||||
available.
|
||||
'';
|
||||
security.rngd = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Whether to enable the rng daemon, which adds entropy from
|
||||
hardware sources of randomness to the kernel entropy pool when
|
||||
available.
|
||||
'';
|
||||
};
|
||||
debug = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to enable debug output (-d).";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.security.rngd.enable {
|
||||
config = mkIf cfg.enable {
|
||||
services.udev.extraRules = ''
|
||||
KERNEL=="random", TAG+="systemd"
|
||||
SUBSYSTEM=="cpu", ENV{MODALIAS}=="cpu:type:x86,*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
|
||||
|
@ -29,7 +39,10 @@ with lib;
|
|||
|
||||
description = "Hardware RNG Entropy Gatherer Daemon";
|
||||
|
||||
serviceConfig.ExecStart = "${pkgs.rng-tools}/sbin/rngd -f";
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
|
||||
+ optionalString cfg.debug " -d";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue