nixos/modules/security/rngd.nix at 16.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / security / rngd.nix

at 16.09-beta 1.1 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5{
 6  options = {
 7    security.rngd.enable = mkOption {
 8      type = types.bool;
 9      default = true;
10      description = ''
11        Whether to enable the rng daemon, which adds entropy from
12        hardware sources of randomness to the kernel entropy pool when
13        available.
14      '';
15    };
16  };
17
18  config = mkIf config.security.rngd.enable {
19    services.udev.extraRules = ''
20      KERNEL=="random", TAG+="systemd"
21      SUBSYSTEM=="cpu", ENV{MODALIAS}=="x86cpu:*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
22      KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
23      ${if config.services.tcsd.enable then "" else ''KERNEL=="tpm0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"''}
24    '';
25
26    systemd.services.rngd = {
27      bindsTo = [ "dev-random.device" ];
28
29      after = [ "dev-random.device" ];
30
31      description = "Hardware RNG Entropy Gatherer Daemon";
32
33      serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f -v" +
34        (if config.services.tcsd.enable then " --no-tpm=1" else "");
35    };
36  };
37}