pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / security / esdm.nix
at 23.11-beta 3.6 kB view raw
1{ lib, config, pkgs, ... }: 2 3let 4 cfg = config.services.esdm; 5in 6{ 7 options.services.esdm = { 8 enable = lib.mkEnableOption (lib.mdDoc "ESDM service configuration"); 9 package = lib.mkPackageOptionMD pkgs "esdm" { }; 10 serverEnable = lib.mkOption { 11 type = lib.types.bool; 12 default = true; 13 description = lib.mdDoc '' 14 Enable option for ESDM server service. If serverEnable == false, then the esdm-server 15 will not start. Also the subsequent services esdm-cuse-random, esdm-cuse-urandom 16 and esdm-proc will not start as these have the entry Want=esdm-server.service. 17 ''; 18 }; 19 cuseRandomEnable = lib.mkOption { 20 type = lib.types.bool; 21 default = true; 22 description = lib.mdDoc '' 23 Enable option for ESDM cuse-random service. Determines if the esdm-cuse-random.service 24 is started. 25 ''; 26 }; 27 cuseUrandomEnable = lib.mkOption { 28 type = lib.types.bool; 29 default = true; 30 description = lib.mdDoc '' 31 Enable option for ESDM cuse-urandom service. Determines if the esdm-cuse-urandom.service 32 is started. 33 ''; 34 }; 35 procEnable = lib.mkOption { 36 type = lib.types.bool; 37 default = true; 38 description = lib.mdDoc '' 39 Enable option for ESDM proc service. Determines if the esdm-proc.service 40 is started. 41 ''; 42 }; 43 verbose = lib.mkOption { 44 type = lib.types.bool; 45 default = false; 46 description = lib.mdDoc '' 47 Enable verbose ExecStart for ESDM. If verbose == true, then the corresponding "ExecStart" 48 values of the 4 aforementioned services are overwritten with the option 49 for the highest verbosity. 50 ''; 51 }; 52 }; 53 54 config = lib.mkIf cfg.enable ( 55 lib.mkMerge [ 56 ({ 57 systemd.packages = [ cfg.package ]; 58 }) 59 # It is necessary to set those options for these services to be started by systemd in NixOS 60 (lib.mkIf cfg.serverEnable { 61 systemd.services."esdm-server".wantedBy = [ "basic.target" ]; 62 systemd.services."esdm-server".serviceConfig = lib.mkIf cfg.verbose { 63 ExecStart = [ 64 " " # unset previous value defined in 'esdm-server.service' 65 "${cfg.package}/bin/esdm-server -f -vvvvvv" 66 ]; 67 }; 68 }) 69 70 (lib.mkIf cfg.cuseRandomEnable { 71 systemd.services."esdm-cuse-random".wantedBy = [ "basic.target" ]; 72 systemd.services."esdm-cuse-random".serviceConfig = lib.mkIf cfg.verbose { 73 ExecStart = [ 74 " " # unset previous value defined in 'esdm-cuse-random.service' 75 "${cfg.package}/bin/esdm-cuse-random -f -v 6" 76 ]; 77 }; 78 }) 79 80 (lib.mkIf cfg.cuseUrandomEnable { 81 systemd.services."esdm-cuse-urandom".wantedBy = [ "basic.target" ]; 82 systemd.services."esdm-cuse-urandom".serviceConfig = lib.mkIf cfg.verbose { 83 ExecStart = [ 84 " " # unset previous value defined in 'esdm-cuse-urandom.service' 85 "${config.services.esdm.package}/bin/esdm-cuse-urandom -f -v 6" 86 ]; 87 }; 88 }) 89 90 (lib.mkIf cfg.procEnable { 91 systemd.services."esdm-proc".wantedBy = [ "basic.target" ]; 92 systemd.services."esdm-proc".serviceConfig = lib.mkIf cfg.verbose { 93 ExecStart = [ 94 " " # unset previous value defined in 'esdm-proc.service' 95 "${cfg.package}/bin/esdm-proc --relabel -f -o allow_other /proc/sys/kernel/random -v 6" 96 ]; 97 }; 98 }) 99 ]); 100 101 meta.maintainers = with lib.maintainers; [ orichter thillux ]; 102}