diff --git a/modules/module-list.nix b/modules/module-list.nix
index 1f25f2aa1e0..3f66ff917fd 100644
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@@ -48,6 +48,7 @@
   ./security/pam.nix
   ./security/pam_usb.nix
   ./security/polkit.nix
+  ./security/rngd.nix
   ./security/rtkit.nix
   ./security/setuid-wrappers.nix
   ./security/sudo.nix
diff --git a/modules/security/rngd.nix b/modules/security/rngd.nix
new file mode 100644
index 00000000000..1dfea8ce96f
--- /dev/null
+++ b/modules/security/rngd.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  options = {
+    security.rngd.enable = mkOption {
+      default = true;
+      description = ''
+        Whether tho enable the rng daemon, which adds entropy from
+        hardware sources of randomness to the kernel entropy pool when
+        available. It is strongly recommended to keep this enabled!
+      '';
+    };
+  };
+
+  config = mkIf config.security.rngd.enable {
+    boot.systemd.services.rngd = {
+      wantedBy = [ config.boot.systemd.defaultUnit ];
+
+      description = "Hardware RNG Entropy Gatherer Daemon";
+
+      serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f";
+    };
+  };
+}