nixos/modules/services/security/haveged.nix at 16.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / security / haveged.nix

at 16.09-beta 1.2 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  cfg = config.services.haveged;
 8
 9in
10
11
12{
13
14  ###### interface
15
16  options = {
17
18    services.haveged = {
19
20      enable = mkOption {
21        type = types.bool;
22        default = false;
23        description = ''
24          Whether to enable to haveged entropy daemon, which refills 
25          /dev/random when low.
26        '';
27      };
28      
29      refill_threshold = mkOption {
30        type = types.int;
31        default = 1024;
32        description = ''
33          The number of bits of available entropy beneath which
34          haveged should refill the entropy pool.
35        '';
36      };
37      
38    };
39    
40  };
41  
42  
43  ###### implementation
44  
45  config = mkIf cfg.enable {
46  
47    systemd.services.haveged =
48      { description = "Entropy Harvesting Daemon";
49        unitConfig.Documentation = "man:haveged(8)";
50        wantedBy = [ "multi-user.target" ];
51        
52        path = [ pkgs.haveged ];
53        
54        serviceConfig = 
55          { Type = "forking";
56            ExecStart = "${pkgs.haveged}/sbin/haveged -w ${toString cfg.refill_threshold} -v 1";
57            PIDFile = "/run/haveged.pid";
58          };
59      };
60
61  };
62  
63}