From 6d80803e66a428011c45603d5c520e22c39b7c44 Mon Sep 17 00:00:00 2001
From: Alexei Robyn <shados@shados.net>
Date: Fri, 17 Jan 2014 20:02:13 +1100
Subject: Adds a service for haveged, the entropy daemon

Includes configuration option for the threshold beneath which to refill
the entropy pool - defaults to 1024 bits as this is the number used in
other distro's existing service files I looked at.
---
 nixos/modules/module-list.nix               |  1 +
 nixos/modules/services/security/haveged.nix | 63 +++++++++++++++++++++++++++++
 2 files changed, 64 insertions(+)
 create mode 100644 nixos/modules/services/security/haveged.nix

(limited to 'nixos')

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 86a3dca0d1e..442edd8029d 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -201,6 +201,7 @@
   ./services/scheduling/fcron.nix
   ./services/search/elasticsearch.nix
   ./services/security/clamav.nix
+  ./services/security/haveged.nix
   ./services/security/fprot.nix
   ./services/security/frandom.nix
   ./services/security/tor.nix
diff --git a/nixos/modules/services/security/haveged.nix b/nixos/modules/services/security/haveged.nix
new file mode 100644
index 00000000000..c3ea3fb03ed
--- /dev/null
+++ b/nixos/modules/services/security/haveged.nix
@@ -0,0 +1,63 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.haveged;
+
+in
+
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.haveged = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable to haveged entropy daemon, which refills 
+          /dev/random when low.
+        '';
+      };
+      
+      refill_threshold = mkOption {
+        type = types.int;
+        default = 1024;
+        description = ''
+          The number of bits of available entropy beneath which
+          haveged should refill the entropy pool.
+        '';
+      };
+      
+    };
+    
+  };
+  
+  
+  ###### implementation
+  
+  config = mkIf cfg.enable {
+  
+    systemd.services.haveged =
+      { description = "Entropy Harvesting Daemon";
+        unitConfig.documentation = "man:haveged(8)";
+        wantedBy = [ "multi-user.target" ];
+        
+        path = [ pkgs.haveged ];
+        
+        serviceConfig = 
+          { Type = "forking";
+            ExecStart = "${pkgs.haveged}/sbin/haveged -w ${toString cfg.refill_threshold} -v 1";
+            PIDFile = "/run/haveged.pid";
+          };
+      };
+
+  };
+  
+}
\ No newline at end of file
-- 
cgit 1.4.1