Merge commit 'a2e06fc3423c4be53181b15c28dfbe0bcf67dd73'

author: Alyssa Ross <hi@alyssa.is> 2020-04-01 15:50:50 +0000
committer: Alyssa Ross <hi@alyssa.is> 2020-04-01 15:50:50 +0000
commit: 75eafe97f7df0d653bec67f3962214d7c357831f (patch)
tree: 09f2cc901e0e637876cbb78d192dfe2fcfef8156 /nixpkgs/nixos/modules/security/rngd.nix
parent: a53b121bf4331497da63df3b1b7f1a7897dad146 (diff)
parent: a2e06fc3423c4be53181b15c28dfbe0bcf67dd73 (diff)
download: nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar
nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.gz
nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.bz2
nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.lz
nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.xz
nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.zst
nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.zip
1 files changed, 11 insertions, 1 deletions
diff --git a/nixpkgs/nixos/modules/security/rngd.nix b/nixpkgs/nixos/modules/security/rngd.nix
index d9d6d9c9f253..cffa1a5849f9 100644
--- a/nixpkgs/nixos/modules/security/rngd.nix
+++ b/nixpkgs/nixos/modules/security/rngd.nix
@@ -37,14 +37,24 @@ in
 
       after = [ "dev-random.device" ];
 
+      # Clean shutdown without DefaultDependencies
+      conflicts = [ "shutdown.target" ];
+      before = [
+        "sysinit.target"
+        "shutdown.target"
+      ];
+
       description = "Hardware RNG Entropy Gatherer Daemon";
 
+      # rngd may have to start early to avoid entropy starvation during boot with encrypted swap
+      unitConfig.DefaultDependencies = false;
       serviceConfig = {
         ExecStart = "${pkgs.rng-tools}/sbin/rngd -f"
           + optionalString cfg.debug " -d";
+        # PrivateTmp would introduce a circular dependency if /tmp is on tmpfs and swap is encrypted,
+        # thus depending on rngd before swap, while swap depends on rngd to avoid entropy starvation.
         NoNewPrivileges = true;
         PrivateNetwork = true;
-        PrivateTmp = true;
         ProtectSystem = "full";
         ProtectHome = true;
       };
author	Alyssa Ross <hi@alyssa.is>	2020-04-01 15:50:50 +0000
committer	Alyssa Ross <hi@alyssa.is>	2020-04-01 15:50:50 +0000
commit	75eafe97f7df0d653bec67f3962214d7c357831f (patch)
tree	09f2cc901e0e637876cbb78d192dfe2fcfef8156 /nixpkgs/nixos/modules/security/rngd.nix
parent	a53b121bf4331497da63df3b1b7f1a7897dad146 (diff)
parent	a2e06fc3423c4be53181b15c28dfbe0bcf67dd73 (diff)
download	nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.gz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.bz2 nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.lz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.xz nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.tar.zst nixlib-75eafe97f7df0d653bec67f3962214d7c357831f.zip