From 4966180de1daeb87b71458e2d4f04db5e000e23d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= <cyplo@cyplo.net>
Date: Sun, 6 Mar 2022 10:06:56 +0000
Subject: [PATCH] use haveged on real hardware only

---
 nixos/boxes/bolty/real-hardware.nix | 1 +
 nixos/security.nix                  | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/boxes/bolty/real-hardware.nix b/nixos/boxes/bolty/real-hardware.nix
index 9a2f7775..7f9b7394 100644
--- a/nixos/boxes/bolty/real-hardware.nix
+++ b/nixos/boxes/bolty/real-hardware.nix
@@ -8,4 +8,5 @@
   ];
   services.fwupd.enable = true;
   services.thermald.enable = true;
+  services.haveged.enable = true;
 }
diff --git a/nixos/security.nix b/nixos/security.nix
index 5fe41e86..95a24502 100644
--- a/nixos/security.nix
+++ b/nixos/security.nix
@@ -7,7 +7,6 @@
   security.virtualisation.flushL1DataCache = "always";
   security.apparmor.enable = true;
   security.apparmor.killUnconfinedConfinables = true;
-  services.haveged.enable = true;
   networking.firewall.enable = true;
   services.clamav.daemon.enable = true;
   services.clamav.updater.enable = true;