Merge pull request #96092 from nbraud/security/rngd
nixos/modules/security/rngd: Disable by default
This commit is contained in:
commit
f7a6a1a183
@ -815,6 +815,13 @@ CREATE ROLE postgres LOGIN SUPERUSER;
|
||||
the value of <option>services.jellyfin.package</option> to <literal>pkgs.jellyfin_10_5</literal>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>security.rngd</literal> service is now disabled by default.
|
||||
This choice was made because there's krngd in the linux kernel space making it (for most usecases)
|
||||
functionally redundent.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
|
||||
|
@ -10,11 +10,10 @@ in
|
||||
security.rngd = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable the rng daemon, which adds entropy from
|
||||
hardware sources of randomness to the kernel entropy pool when
|
||||
available.
|
||||
Whether to enable the rng daemon. Devices that the kernel recognises
|
||||
as entropy sources are handled automatically by krngd.
|
||||
'';
|
||||
};
|
||||
debug = mkOption {
|
||||
@ -26,12 +25,6 @@ in
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.udev.extraRules = ''
|
||||
KERNEL=="random", TAG+="systemd"
|
||||
SUBSYSTEM=="cpu", ENV{MODALIAS}=="cpu:type:x86,*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
|
||||
KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
|
||||
'';
|
||||
|
||||
systemd.services.rngd = {
|
||||
bindsTo = [ "dev-random.device" ];
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user