From fe1e1152264fb4b476dc9dd58dc4af66816191d7 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 16 Jun 2021 20:45:42 +0200
Subject: rng-tools5 is now available everywhere

---
 roles/vm/guest/base/defaults/main.yml |  4 ----
 roles/vm/guest/base/handlers/main.yml |  5 +++--
 roles/vm/guest/base/tasks/main.yml    | 36 +++++++++++++++++------------------
 3 files changed, 21 insertions(+), 24 deletions(-)

(limited to 'roles/vm/guest/base')

diff --git a/roles/vm/guest/base/defaults/main.yml b/roles/vm/guest/base/defaults/main.yml
index ce072e95..54261f55 100644
--- a/roles/vm/guest/base/defaults/main.yml
+++ b/roles/vm/guest/base/defaults/main.yml
@@ -1,6 +1,2 @@
 ---
-vm_guest_rngd_config:
-  HRNGDEVICE: /dev/hwrng
-  RNGDOPTIONS: '"-s 256 -W 80%"'
-
 vm_guest_autologin_on_serial: yes
diff --git a/roles/vm/guest/base/handlers/main.yml b/roles/vm/guest/base/handlers/main.yml
index 2dfdddcb..7c746ae2 100644
--- a/roles/vm/guest/base/handlers/main.yml
+++ b/roles/vm/guest/base/handlers/main.yml
@@ -3,6 +3,7 @@
   command: /usr/sbin/update-grub
 
 - name: restart rngd
-  service:
-    name: rng-tools
+  systemd:
+    name: rngd
     state: restarted
+    daemon_reload: yes
diff --git a/roles/vm/guest/base/tasks/main.yml b/roles/vm/guest/base/tasks/main.yml
index b76ee762..7a383fe1 100644
--- a/roles/vm/guest/base/tasks/main.yml
+++ b/roles/vm/guest/base/tasks/main.yml
@@ -1,28 +1,28 @@
 ---
 - name: install rngd
   apt:
-    name: rng-tools
+    name: rng-tools5
     state: present
     force_apt_get: yes
 
-- name: configure rngd [1/2]
-  loop: '{{ vm_guest_rngd_config | dict2items  }}'
-  loop_control:
-    label: "{{ item.key }}"
-  lineinfile:
-    path: /etc/default/rng-tools
-    line: '{{ item.key }}={{ item.value }}'
-    regexp: '^#?{{ item.key }}='
-  notify: restart rngd
+- name: get size of entropy pool
+  check_mode: no
+  command: cat /proc/sys/kernel/random/poolsize
+  changed_when: false
+  register: entropy_pool_size
 
-- name: configure rngd [2/2]
-  loop: '{{ vm_guest_rngd_config | dict2items }}'
-  loop_control:
-    label: "{{ item.key }}"
-  lineinfile:
-    path: /etc/default/rng-tools
-    regexp: '^{{ item.key }}=(?!{{ item.value }})'
-    state: absent
+- name: create systemd override directory for rngd
+  file:
+    path: /etc/systemd/system/rngd.service.d
+    state: directory
+
+- name: configure rngd
+  copy:
+    content: |
+      [Service]
+      ExecStart=
+      ExecStart=/usr/sbin/rngd -f -r /dev/hwrng -s 256 -W {{ ((entropy_pool_size.stdout_lines | first | int) * 0.8) | int }}
+    dest: /etc/systemd/system/rngd.service.d/hwrng-device.conf
   notify: restart rngd
 
 
-- 
cgit v1.2.3