From 664624a478ff0952f5b2f87769de43552d888896 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Sat, 31 Aug 2024 20:44:22 +0200
Subject: [PATCH] feat(jitterentropy): introduce a jitterentropy module

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
---
 modules/all-modules.nix           |  1 +
 modules/jitter-rng/default.nix    | 21 +++++++++++++++++++++
 modules/jitter-rng/jitter-rng.nix | 18 ++++++++++++++++++
 3 files changed, 40 insertions(+)
 create mode 100644 modules/jitter-rng/default.nix
 create mode 100644 modules/jitter-rng/jitter-rng.nix

diff --git a/modules/all-modules.nix b/modules/all-modules.nix
index abce5db..98352c1 100644
--- a/modules/all-modules.nix
+++ b/modules/all-modules.nix
@@ -8,6 +8,7 @@
    ./bridge
    ./busybox.nix
    ./dhcp6c
+   ./jitter-rng
    ./dnsmasq
    ./firewall
    ./hardware.nix
diff --git a/modules/jitter-rng/default.nix b/modules/jitter-rng/default.nix
new file mode 100644
index 0000000..aa6f9e5
--- /dev/null
+++ b/modules/jitter-rng/default.nix
@@ -0,0 +1,21 @@
+## CPU Jitter RNG
+## ==============
+##
+## CPU Jitter RNG is a random number generator # providing non-physical true
+## random generation # that works equally for kernel and user-land. It relies
+## on the availability of a high-resolution timer.
+{ lib, pkgs, ... }:
+let
+  inherit (lib) mkOption types;
+  inherit (pkgs) liminix;
+in {
+  options.system.service.jitter-rng = mkOption {
+    type = liminix.lib.types.serviceDefn;
+  };
+
+  config = {
+    system.service.jitter-rng = pkgs.liminix.callService ./jitter-rng.nix {
+    };
+  };
+}
+
diff --git a/modules/jitter-rng/jitter-rng.nix b/modules/jitter-rng/jitter-rng.nix
new file mode 100644
index 0000000..1072be1
--- /dev/null
+++ b/modules/jitter-rng/jitter-rng.nix
@@ -0,0 +1,18 @@
+{
+  liminix
+, lib
+, jitterentropy-rngd
+}:
+{ }:
+let
+  inherit (liminix.services) longrun;
+  name = "jitterentropy-rngd";
+in
+longrun {
+  # Does it need to be unique?
+  inherit name;
+  run = ''
+    mkdir -p /run/jitterentropy-rngd
+    ${jitterentropy-rngd}/bin/jitterentropy-rngd -v -p /run/jitterentropy-rngd/${name}.pid
+  '';
+}