nixos/modules/services/security/haveged.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / services / security / haveged.nix

at 17.09-beta 1.3 kB view raw

 1{ config, lib, pkgs, ... }:
 2
 3with lib;
 4
 5let
 6
 7  cfg = config.services.haveged;
 8
 9in
10
11
12{
13
14  ###### interface
15
16  options = {
17
18    services.haveged = {
19
20      enable = mkOption {
21        type = types.bool;
22        default = false;
23        description = ''
24          Whether to enable to haveged entropy daemon, which refills 
25          /dev/random when low.
26        '';
27      };
28      
29      refill_threshold = mkOption {
30        type = types.int;
31        default = 1024;
32        description = ''
33          The number of bits of available entropy beneath which
34          haveged should refill the entropy pool.
35        '';
36      };
37      
38    };
39    
40  };
41  
42  
43  ###### implementation
44  
45  config = mkIf cfg.enable {
46  
47    systemd.services.haveged =
48      { description = "Entropy Harvesting Daemon";
49        unitConfig.Documentation = "man:haveged(8)";
50        wantedBy = [ "multi-user.target" ];
51
52        path = [ pkgs.haveged ];
53
54        serviceConfig = {
55          ExecStart = "${pkgs.haveged}/bin/haveged -F -w ${toString cfg.refill_threshold} -v 1";
56          SuccessExitStatus = 143;
57          PrivateTmp = true;
58          PrivateDevices = true;
59          PrivateNetwork = true;
60          ProtectSystem = "full";
61          ProtectHome = true;
62        };
63      };
64
65  };
66  
67}