diff options
| author | Markus Theil <theil.markus@gmail.com> | 2023-10-10 20:56:45 +0200 |
|---|---|---|
| committer | Markus Theil <theil.markus@gmail.com> | 2023-10-20 10:04:11 +0200 |
| commit | e98a8367ecfa30b125bdf31fb5c66b137d3d31ac (patch) | |
| tree | 7f64bdbeb900a7844a7eb3199b93e6b36db07a03 | |
| parent | 79c799f5764ab96f66279e52cc612f2c06cac4eb (diff) | |
| download | nixlib-e98a8367ecfa30b125bdf31fb5c66b137d3d31ac.tar nixlib-e98a8367ecfa30b125bdf31fb5c66b137d3d31ac.tar.gz nixlib-e98a8367ecfa30b125bdf31fb5c66b137d3d31ac.tar.bz2 nixlib-e98a8367ecfa30b125bdf31fb5c66b137d3d31ac.tar.lz nixlib-e98a8367ecfa30b125bdf31fb5c66b137d3d31ac.tar.xz nixlib-e98a8367ecfa30b125bdf31fb5c66b137d3d31ac.tar.zst nixlib-e98a8367ecfa30b125bdf31fb5c66b137d3d31ac.zip | |
jitterentropy-rngd: init at 1.2.8
Add jitterentropy-rngd, a tool similar to rng-tools. While not necessarily needed, it is useful for those who want to strengthen their kernel entropy input pool by periodic insertion of an independent source. The entropy source is a NIST SP800-90B compliant non-physical true RNG source on most systems. See the jitterentropy documentation for details (http://chronox.de/jent/doc/CPU-Jitter-NPTRNG.pdf). Signed-off-by: Markus Theil <theil.markus@gmail.com>
| -rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/services/security/jitterentropy-rngd.nix | 18 | ||||
| -rw-r--r-- | pkgs/by-name/ji/jitterentropy-rngd/package.nix | 34 |
3 files changed, 53 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 811b82f28ce1..c4056f15a24f 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1148,6 +1148,7 @@ ./services/security/hologram-agent.nix ./services/security/hologram-server.nix ./services/security/infnoise.nix + ./services/security/jitterentropy-rngd.nix ./services/security/kanidm.nix ./services/security/munge.nix ./services/security/nginx-sso.nix diff --git a/nixos/modules/services/security/jitterentropy-rngd.nix b/nixos/modules/services/security/jitterentropy-rngd.nix new file mode 100644 index 000000000000..7bfacb5ddc5d --- /dev/null +++ b/nixos/modules/services/security/jitterentropy-rngd.nix @@ -0,0 +1,18 @@ +{ lib, config, pkgs, ... }: +let + cfg = config.services.jitterentropy-rngd; +in +{ + options.services.jitterentropy-rngd = { + enable = + lib.mkEnableOption (lib.mdDoc "jitterentropy-rngd service configuration"); + package = lib.mkPackageOptionMD pkgs "jitterentropy-rngd" { }; + }; + + config = lib.mkIf cfg.enable { + systemd.packages = [ cfg.package ]; + systemd.services."jitterentropy".wantedBy = [ "basic.target" ]; + }; + + meta.maintainers = with lib.maintainers; [ thillux ]; +} diff --git a/pkgs/by-name/ji/jitterentropy-rngd/package.nix b/pkgs/by-name/ji/jitterentropy-rngd/package.nix new file mode 100644 index 000000000000..feb7d1e2fb12 --- /dev/null +++ b/pkgs/by-name/ji/jitterentropy-rngd/package.nix @@ -0,0 +1,34 @@ +{ lib, stdenv, fetchFromGitHub }: + +stdenv.mkDerivation rec { + pname = "jitterentropy-rngd"; + version = "1.2.8"; + + src = fetchFromGitHub { + owner = "smuellerDD"; + repo = pname; + rev = "v${version}"; + hash = "sha256-LDym636ss3B1G/vrqatu9g5vbVEeDX0JQcxZ/IxGeY0="; + }; + + enableParallelBuilding = true; + + installPhase = '' + runHook preInstall + + mkdir -p $out + make install DESTDIR= PREFIX=$out UNITDIR=$out/lib/systemd/system + + runHook postInstall + ''; + + meta = with lib; { + description = ''A random number generator, which injects entropy to the kernel''; + homepage = "https://github.com/smuellerDD/jitterentropy-rngd"; + changelog = "https://github.com/smuellerDD/jitterentropy-rngd/releases/tag/v${version}"; + license = [ licenses.gpl2Only licenses.bsd3 ]; + platforms = platforms.linux; + maintainers = with maintainers; [ thillux ]; + mainProgram = "jitterentropy-rngd"; + }; +} |