colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rngd: add option to run w/debug flag

Browse Source 
Added while testing if adding hardening
directives to the service blocked access
to various sources, might be useful in the future.
This commit is contained in:
Will Dietz 2019-05-06 01:43:35 -05:00
parent 5e407fcbb0
commit b809071ffb
1 changed files with 23 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
nixos/modules/security/rngd.nix
View File

@ -2,20 +2,30 @@
with lib; with lib;
let
cfg = config.security.rngd;
in
{ {
options = { options = {
security.rngd.enable = mkOption { security.rngd = {
type = types.bool; enable = mkOption {
default = true; type = types.bool;
description = '' default = true;
Whether to enable the rng daemon, which adds entropy from description = ''
hardware sources of randomness to the kernel entropy pool when Whether to enable the rng daemon, which adds entropy from
available. hardware sources of randomness to the kernel entropy pool when
''; available.
'';
};
debug = mkOption {
type = types.bool;
default = false;
description = "Whether to enable debug output (-d).";
};
}; };
}; };
config = mkIf config.security.rngd.enable { config = mkIf cfg.enable {
services.udev.extraRules = '' services.udev.extraRules = ''
KERNEL=="random", TAG+="systemd" KERNEL=="random", TAG+="systemd"
SUBSYSTEM=="cpu", ENV{MODALIAS}=="cpu:type:x86,*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service" SUBSYSTEM=="cpu", ENV{MODALIAS}=="cpu:type:x86,*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
@ -29,7 +39,10 @@ with lib;
description = "Hardware RNG Entropy Gatherer Daemon"; description = "Hardware RNG Entropy Gatherer Daemon";
serviceConfig.ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"; serviceConfig = {
ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
+ optionalString cfg.debug " -d";
};
}; };
}; };
} }