diff --git a/modules/security/rngd.nix b/modules/security/rngd.nix
index a4bf0d1eb2af..519fb62133cd 100644
--- a/modules/security/rngd.nix
+++ b/modules/security/rngd.nix
@@ -5,7 +5,7 @@ with pkgs.lib;
 {
   options = {
     security.rngd.enable = mkOption {
-      default = false;
+      default = true;
       description = ''
         Whether to enable the rng daemon, which adds entropy from
         hardware sources of randomness to the kernel entropy pool when
@@ -15,12 +15,23 @@ with pkgs.lib;
   };
 
   config = mkIf config.security.rngd.enable {
+    services.udev.extraRules = ''
+      KERNEL=="random", TAG+="systemd"
+      SUBSYSTEM=="cpu", ENV{MODALIAS}=="x86cpu:*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
+      KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
+      KERNEL=="tmp0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
+    '';
+
     boot.systemd.services.rngd = {
-      wantedBy = [ "multi-user.target" ];
+      bindsTo = [ "dev-random.device" ];
+
+      after = [ "dev-random.device" ];
 
       description = "Hardware RNG Entropy Gatherer Daemon";
 
       serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f";
+
+      restartTriggers = [ pkgs.rng_tools ];
     };
   };
 }