diff options
author | Alyssa Ross <hi@alyssa.is> | 2020-04-01 15:50:50 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2020-04-01 15:50:50 +0000 |
commit | 75eafe97f7df0d653bec67f3962214d7c357831f (patch) | |
tree | 09f2cc901e0e637876cbb78d192dfe2fcfef8156 /nixpkgs/nixos/modules/security/rngd.nix | |
parent | a53b121bf4331497da63df3b1b7f1a7897dad146 (diff) | |
parent | a2e06fc3423c4be53181b15c28dfbe0bcf67dd73 (diff) | |
download | nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.gz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.bz2 nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.lz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.xz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.zst nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.zip |
Merge commit 'a2e06fc3423c4be53181b15c28dfbe0bcf67dd73'
Diffstat (limited to 'nixpkgs/nixos/modules/security/rngd.nix')
-rw-r--r-- | nixpkgs/nixos/modules/security/rngd.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/nixpkgs/nixos/modules/security/rngd.nix b/nixpkgs/nixos/modules/security/rngd.nix index d9d6d9c9f253..cffa1a5849f9 100644 --- a/nixpkgs/nixos/modules/security/rngd.nix +++ b/nixpkgs/nixos/modules/security/rngd.nix @@ -37,14 +37,24 @@ in after = [ "dev-random.device" ]; + # Clean shutdown without DefaultDependencies + conflicts = [ "shutdown.target" ]; + before = [ + "sysinit.target" + "shutdown.target" + ]; + description = "Hardware RNG Entropy Gatherer Daemon"; + # rngd may have to start early to avoid entropy starvation during boot with encrypted swap + unitConfig.DefaultDependencies = false; serviceConfig = { ExecStart = "${pkgs.rng-tools}/sbin/rngd -f" + optionalString cfg.debug " -d"; + # PrivateTmp would introduce a circular dependency if /tmp is on tmpfs and swap is encrypted, + # thus depending on rngd before swap, while swap depends on rngd to avoid entropy starvation. NoNewPrivileges = true; PrivateNetwork = true; - PrivateTmp = true; ProtectSystem = "full"; ProtectHome = true; }; |