diff options
| author | Domen Kožar <domen@dev.si> | 2014-01-18 09:38:51 -0800 |
|---|---|---|
| committer | Domen Kožar <domen@dev.si> | 2014-01-18 09:38:51 -0800 |
| commit | e5b6de80bb5c5ffb5e37c906e03412a4d4d514d6 (patch) | |
| tree | fa2a4a35fa886e1aa5e06cccced77e18d2e74596 /nixos | |
| parent | d454e094ef23b9f36708adfeac4109fe148df98e (diff) | |
| parent | 6d80803e66a428011c45603d5c520e22c39b7c44 (diff) | |
| download | nixpkgs-e5b6de80bb5c5ffb5e37c906e03412a4d4d514d6.tar nixpkgs-e5b6de80bb5c5ffb5e37c906e03412a4d4d514d6.tar.gz nixpkgs-e5b6de80bb5c5ffb5e37c906e03412a4d4d514d6.tar.bz2 nixpkgs-e5b6de80bb5c5ffb5e37c906e03412a4d4d514d6.tar.lz nixpkgs-e5b6de80bb5c5ffb5e37c906e03412a4d4d514d6.tar.xz nixpkgs-e5b6de80bb5c5ffb5e37c906e03412a4d4d514d6.tar.zst nixpkgs-e5b6de80bb5c5ffb5e37c906e03412a4d4d514d6.zip | |
Merge pull request #1536 from Shados/service-haveged
Adds a service for haveged, the entropy daemon
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/security/haveged.nix | 63 |
2 files changed, 64 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 86a3dca0d1e..442edd8029d 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -201,6 +201,7 @@ ./services/scheduling/fcron.nix ./services/search/elasticsearch.nix ./services/security/clamav.nix + ./services/security/haveged.nix ./services/security/fprot.nix ./services/security/frandom.nix ./services/security/tor.nix diff --git a/nixos/modules/services/security/haveged.nix b/nixos/modules/services/security/haveged.nix new file mode 100644 index 00000000000..c3ea3fb03ed --- /dev/null +++ b/nixos/modules/services/security/haveged.nix @@ -0,0 +1,63 @@ +{ config, pkgs, ... }: + +with pkgs.lib; + +let + + cfg = config.services.haveged; + +in + + +{ + + ###### interface + + options = { + + services.haveged = { + + enable = mkOption { + type = types.bool; + default = false; + description = '' + Whether to enable to haveged entropy daemon, which refills + /dev/random when low. + ''; + }; + + refill_threshold = mkOption { + type = types.int; + default = 1024; + description = '' + The number of bits of available entropy beneath which + haveged should refill the entropy pool. + ''; + }; + + }; + + }; + + + ###### implementation + + config = mkIf cfg.enable { + + systemd.services.haveged = + { description = "Entropy Harvesting Daemon"; + unitConfig.documentation = "man:haveged(8)"; + wantedBy = [ "multi-user.target" ]; + + path = [ pkgs.haveged ]; + + serviceConfig = + { Type = "forking"; + ExecStart = "${pkgs.haveged}/sbin/haveged -w ${toString cfg.refill_threshold} -v 1"; + PIDFile = "/run/haveged.pid"; + }; + }; + + }; + +} \ No newline at end of file |