diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
index 6181d2c3eeb7..4a7ef8b71686 100644
--- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml
@@ -40,7 +40,7 @@
   </section>
   <section xml:id="sec-release-22.11-new-services">
     <title>New Services</title>
-    <itemizedlist spacing="compact">
+    <itemizedlist>
       <listitem>
         <para>
           <link xlink:href="https://github.com/jollheef/appvm">appvm</link>,
@@ -48,6 +48,13 @@
           <link xlink:href="options.html#opt-virtualisation.appvm.enable">virtualisation.appvm</link>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/leetronics/infnoise">infnoise</link>,
+          a hardware True Random Number Generator dongle. Available as
+          <link xlink:href="options.html#opt-services.infnoise.enable">services.infnoise</link>.
+        </para>
+      </listitem>
     </itemizedlist>
   </section>
   <section xml:id="sec-release-22.11-incompatibilities">
diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md
index 145393d0debb..89a799cafc50 100644
--- a/nixos/doc/manual/release-notes/rl-2211.section.md
+++ b/nixos/doc/manual/release-notes/rl-2211.section.md
@@ -25,6 +25,9 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - [appvm](https://github.com/jollheef/appvm), Nix based app VMs. Available as [virtualisation.appvm](options.html#opt-virtualisation.appvm.enable).
 
+- [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
+  Available as [services.infnoise](options.html#opt-services.infnoise.enable).
+
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
 
 ## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 902fffd60f9b..d59d7bfe40d9 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -983,6 +983,7 @@
   ./services/security/hologram-server.nix
   ./services/security/hologram-agent.nix
   ./services/security/kanidm.nix
+  ./services/security/infnoise.nix
   ./services/security/munge.nix
   ./services/security/nginx-sso.nix
   ./services/security/oauth2_proxy.nix
diff --git a/nixos/modules/services/security/infnoise.nix b/nixos/modules/services/security/infnoise.nix
new file mode 100644
index 000000000000..4fb8adaf33f8
--- /dev/null
+++ b/nixos/modules/services/security/infnoise.nix
@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.infnoise;
+in {
+  options = {
+    services.infnoise = {
+      enable = mkEnableOption "the Infinite Noise TRNG driver";
+
+      fillDevRandom = mkOption {
+        description = ''
+          Whether to run the infnoise driver as a daemon to refill /dev/random.
+
+          If disabled, you can use the `infnoise` command-line tool to
+          manually obtain randomness.
+        '';
+        type = types.bool;
+        default = true;
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.infnoise ];
+
+    services.udev.extraRules = ''
+      SUBSYSTEM=="usb", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6015", SYMLINK+="infnoise", TAG+="systemd", GROUP="dialout", MODE="0664", ENV{SYSTEMD_WANTS}="infnoise.service"
+    '';
+
+    systemd.services.infnoise = mkIf cfg.fillDevRandom {
+      description = "Infinite Noise TRNG driver";
+
+      bindsTo = [ "dev-infnoise.device" ];
+      after = [ "dev-infnoise.device" ];
+
+      serviceConfig = {
+        ExecStart = "${pkgs.infnoise}/bin/infnoise --dev-random --debug";
+        Restart = "always";
+        User = "infnoise";
+        DynamicUser = true;
+        SupplementaryGroups = [ "dialout" ];
+        DeviceAllow = [ "/dev/infnoise" ];
+        DevicePolicy = "closed";
+        PrivateNetwork = true;
+        ProtectSystem = "strict";
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true; # only reads entropy pool size and watermark
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        LockPersonality = true;
+        MemoryDenyWriteExecute = true;
+      };
+    };
+  };
+}
diff --git a/pkgs/misc/drivers/infnoise/default.nix b/pkgs/misc/drivers/infnoise/default.nix
index b64cb56c4076..47ff00459923 100644
--- a/pkgs/misc/drivers/infnoise/default.nix
+++ b/pkgs/misc/drivers/infnoise/default.nix
@@ -1,43 +1,60 @@
-{ lib, stdenv, fetchFromGitHub, libftdi }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch, libftdi
+, infnoise, testers }:
 
 stdenv.mkDerivation rec {
   pname = "infnoise";
-  version = "unstable-2019-08-12";
+  version = "0.3.2";
 
   src = fetchFromGitHub {
-    owner = "13-37-org";
+    owner = "leetronics";
     repo = "infnoise";
-    rev = "132683d4b5ce0902468b666cba63baea36e97f0c";
-    sha256 = "1dzfzinyvhyy9zj32kqkl19fyhih6sy8r5sa3qahbbr4c30k7flp";
+    rev = "e80ddd78085abf3d06df2e0d8c08fd33dade78eb";
+    sha256 = "sha256-9MKG1InkV+yrQPBTgi2gZJ3y9Fokb6WbxuAnM7n7FyA=";
   };
 
-  # Patch makefile so we can set defines from the command line instead of it depending on .git
-  patches = [ ./makefile.patch ];
+  patches = [
+    # Patch makefile so we can set defines from the command line instead of it depending on .git
+    ./makefile.patch
+
+    # Fix getc return type
+    (fetchpatch {
+      url = "https://github.com/leetronics/infnoise/commit/7ed7014e14253311c07e530c8f89f1c8f4705c2b.patch";
+      sha256 = "sha256-seB/fJaxQ/rXJp5iPtnobXXOccQ2KUAk6HFx31dhOhs=";
+    })
+  ];
+
   GIT_COMMIT = src.rev;
   GIT_VERSION = version;
   GIT_DATE = "2019-08-12";
 
   buildInputs = [ libftdi ];
 
-  sourceRoot = "source/software";
   makefile = "Makefile.linux";
   makeFlags = [ "PREFIX=$(out)" ];
   postPatch = ''
+    cd software
     substituteInPlace init_scripts/infnoise.service --replace "/usr/local" "$out"
   '';
 
+  postInstall = ''
+    make -C tools
+    find ./tools/ -executable -type f -exec \
+      sh -c "install -Dm755 {} $out/bin/infnoise-\$(basename {})" \;
+  '';
+
+  passthru = {
+    tests.version = testers.testVersion { package = infnoise; };
+  };
+
   meta = with lib; {
-    homepage = "https://github.com/13-37-org/infnoise";
+    homepage = "https://github.com/leetronics/infnoise";
     description = "Driver for the Infinite Noise TRNG";
     longDescription = ''
       The Infinite Noise TRNG is a USB key hardware true random number generator.
       It can either provide rng for userland applications, or provide rng for the OS entropy.
-      Add the following to your system configuration for plug and play support, adding to the OS entropy:
-      systemd.packages = [ pkgs.infnoise ];
-      services.udev.packages = [ pkgs.infnoise ];
     '';
     license = licenses.cc0;
-    maintainers = with maintainers; [ StijnDW ];
+    maintainers = with maintainers; [ StijnDW zhaofengli ];
     platforms = platforms.linux;
   };
 }
diff --git a/pkgs/misc/drivers/infnoise/makefile.patch b/pkgs/misc/drivers/infnoise/makefile.patch
index b38519036d2c..871a6c508ce6 100644
--- a/pkgs/misc/drivers/infnoise/makefile.patch
+++ b/pkgs/misc/drivers/infnoise/makefile.patch
@@ -1,7 +1,7 @@
 diff --git a/software/Makefile.linux b/software/Makefile.linux
 index db48aa5..df8b3d2 100644
---- a/Makefile.linux
-+++ b/Makefile.linux
+--- a/software/Makefile.linux
++++ b/software/Makefile.linux
 @@ -1,6 +1,6 @@
 -GIT_VERSION := $(shell git --no-pager describe --tags --always)
 -GIT_COMMIT  := $(shell git rev-parse --verify HEAD)