jitterentropy-rngd: init at 1.2.8

Add jitterentropy-rngd, a tool similar to rng-tools. While not necessarily needed, it is useful for those who want to strengthen their kernel entropy input pool by periodic insertion of an independent source. The entropy source is a NIST SP800-90B compliant non-physical true RNG source on most systems. See the jitterentropy documentation for details (http://chronox.de/jent/doc/CPU-Jitter-NPTRNG.pdf). Signed-off-by: Markus Theil <theil.markus@gmail.com>
2023-10-10 20:56:45 +02:00 · 2023-10-10 20:56:45 +02:00 · e98a8367ec
commit e98a8367ec
parent 79c799f576
3 changed files with 53 additions and 0 deletions
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -1148,6 +1148,7 @@
  ./services/security/hologram-agent.nix
  ./services/security/hologram-server.nix
  ./services/security/infnoise.nix
+  ./services/security/jitterentropy-rngd.nix
  ./services/security/kanidm.nix
  ./services/security/munge.nix
  ./services/security/nginx-sso.nix
--- a/nixos/modules/services/security/jitterentropy-rngd.nix
+++ b/nixos/modules/services/security/jitterentropy-rngd.nix
@ -0,0 +1,18 @@
+{ lib, config, pkgs, ... }:
+let
+  cfg = config.services.jitterentropy-rngd;
+in
+{
+  options.services.jitterentropy-rngd = {
+    enable =
+      lib.mkEnableOption (lib.mdDoc "jitterentropy-rngd service configuration");
+    package = lib.mkPackageOptionMD pkgs "jitterentropy-rngd" { };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.packages = [ cfg.package ];
+    systemd.services."jitterentropy".wantedBy = [ "basic.target" ];
+  };
+
+  meta.maintainers = with lib.maintainers; [ thillux ];
+}
--- a/pkgs/by-name/ji/jitterentropy-rngd/package.nix
+++ b/pkgs/by-name/ji/jitterentropy-rngd/package.nix
@ -0,0 +1,34 @@
+{ lib, stdenv, fetchFromGitHub }:
+
+stdenv.mkDerivation rec {
+  pname = "jitterentropy-rngd";
+  version = "1.2.8";
+
+  src = fetchFromGitHub {
+    owner = "smuellerDD";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-LDym636ss3B1G/vrqatu9g5vbVEeDX0JQcxZ/IxGeY0=";
+  };
+
+  enableParallelBuilding = true;
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out
+    make install DESTDIR= PREFIX=$out UNITDIR=$out/lib/systemd/system
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = ''A random number generator, which injects entropy to the kernel'';
+    homepage = "https://github.com/smuellerDD/jitterentropy-rngd";
+    changelog = "https://github.com/smuellerDD/jitterentropy-rngd/releases/tag/v${version}";
+    license = [ licenses.gpl2Only licenses.bsd3 ];
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ thillux ];
+    mainProgram = "jitterentropy-rngd";
+  };
+}