From cd513482d46c41243934ef5835cda30ca228c474 Mon Sep 17 00:00:00 2001
From: Shea Levy <shea@shealevy.com>
Date: Thu, 22 Nov 2012 02:07:25 -0500
Subject: [PATCH] Add rngd service.

Inspired by http://pkgs.fedoraproject.org/cgit/rng-tools.git/tree/rngd.service?id=27b1912b2d9659b6934fd4c887e46c13958e7e3c
---
 modules/module-list.nix   |  1 +
 modules/security/rngd.nix | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 modules/security/rngd.nix

diff --git a/modules/module-list.nix b/modules/module-list.nix
index 1f25f2aa1e..3f66ff917f 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -48,6 +48,7 @@
   ./security/pam.nix
   ./security/pam_usb.nix
   ./security/polkit.nix
+  ./security/rngd.nix
   ./security/rtkit.nix
   ./security/setuid-wrappers.nix
   ./security/sudo.nix
diff --git a/modules/security/rngd.nix b/modules/security/rngd.nix
new file mode 100644
index 0000000000..1dfea8ce96
--- /dev/null
+++ b/modules/security/rngd.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  options = {
+    security.rngd.enable = mkOption {
+      default = true;
+      description = ''
+        Whether tho enable the rng daemon, which adds entropy from
+        hardware sources of randomness to the kernel entropy pool when
+        available. It is strongly recommended to keep this enabled!
+      '';
+    };
+  };
+
+  config = mkIf config.security.rngd.enable {
+    boot.systemd.services.rngd = {
+      wantedBy = [ config.boot.systemd.defaultUnit ];
+
+      description = "Hardware RNG Entropy Gatherer Daemon";
+
+      serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f";
+    };
+  };
+}