ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-12-28 14:22:50 +03:00
Code Issues Projects Releases Wiki Activity

rngd: Require /dev/random, only start when a hardware randomness source becomes available

Browse Source
This commit is contained in:
Shea Levy 2012-11-26 08:45:23 -05:00
parent f3c9c83e04
commit a5ef0ffe12
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/security/rngd.nix
View File

@ -5,7 +5,7 @@ with pkgs.lib;
{
options = {
security.rngd.enable = mkOption {
default = false;
default = true;
description = ''
Whether to enable the rng daemon, which adds entropy from
hardware sources of randomness to the kernel entropy pool when
@ -15,12 +15,23 @@ with pkgs.lib;
};
config = mkIf config.security.rngd.enable {
services.udev.extraRules = ''
KERNEL=="random", TAG+="systemd"
SUBSYSTEM=="cpu", ENV{MODALIAS}=="x86cpu:*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
KERNEL=="tmp0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
'';
boot.systemd.services.rngd = {
wantedBy = [ "multi-user.target" ];
bindsTo = [ "dev-random.device" ];
after = [ "dev-random.device" ];
description = "Hardware RNG Entropy Gatherer Daemon";
serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f";
restartTriggers = [ pkgs.rng_tools ];
};
};
}