diff options
| author | Alexei Robyn <shados@shados.net> | 2014-01-17 20:02:13 +1100 |
|---|---|---|
| committer | Alexei Robyn <shados@shados.net> | 2014-01-17 22:10:52 +1100 |
| commit | 6d80803e66a428011c45603d5c520e22c39b7c44 (patch) | |
| tree | 983f792252b46ebb5489a9c2a4e560c97c07bf5d /nixos | |
| parent | 0915582af9c8d7d38cc8a6cfa33c95cb15022be8 (diff) | |
| download | nixpkgs-6d80803e66a428011c45603d5c520e22c39b7c44.tar nixpkgs-6d80803e66a428011c45603d5c520e22c39b7c44.tar.gz nixpkgs-6d80803e66a428011c45603d5c520e22c39b7c44.tar.bz2 nixpkgs-6d80803e66a428011c45603d5c520e22c39b7c44.tar.lz nixpkgs-6d80803e66a428011c45603d5c520e22c39b7c44.tar.xz nixpkgs-6d80803e66a428011c45603d5c520e22c39b7c44.tar.zst nixpkgs-6d80803e66a428011c45603d5c520e22c39b7c44.zip | |
Adds a service for haveged, the entropy daemon
Includes configuration option for the threshold beneath which to refill the entropy pool - defaults to 1024 bits as this is the number used in other distro's existing service files I looked at.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/security/haveged.nix | 63 |
2 files changed, 64 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 86a3dca0d1e..442edd8029d 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -201,6 +201,7 @@ ./services/scheduling/fcron.nix ./services/search/elasticsearch.nix ./services/security/clamav.nix + ./services/security/haveged.nix ./services/security/fprot.nix ./services/security/frandom.nix ./services/security/tor.nix diff --git a/nixos/modules/services/security/haveged.nix b/nixos/modules/services/security/haveged.nix new file mode 100644 index 00000000000..c3ea3fb03ed --- /dev/null +++ b/nixos/modules/services/security/haveged.nix @@ -0,0 +1,63 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +let + + cfg = config.services.haveged; + +in + + +{ + + ###### interface + + options = { + + services.haveged = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable to haveged entropy daemon, which refills + /dev/random when low. + ''; + }; + + refill_threshold = mkOption { + type = types.int; + default = 1024; + description = '' + The number of bits of available entropy beneath which + haveged should refill the entropy pool. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + systemd.services.haveged = + { description = "Entropy Harvesting Daemon"; + unitConfig.documentation = "man:haveged(8)"; + wantedBy = [ "multi-user.target" ]; + + path = [ pkgs.haveged ]; + + serviceConfig = + { Type = "forking"; + ExecStart = "${pkgs.haveged}/sbin/haveged -w ${toString cfg.refill_threshold} -v 1"; + PIDFile = "/run/haveged.pid"; + }; + }; + + }; + +} \ No newline at end of file |