#---------------------------------------------------------------------------
# /usr/lib/systemd/system/haveged.service - service unit
#
# Creation:     2023-01-15 hbfl
# Last Update:  $Id$
#
# Copyright (c) 2011-@@YEAR@@ Holger Bruenjes, holgerbruenjes(at)gmx(dot)net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#-----------------------------------------------------------------------

[Unit]
Description=Entropy Daemon based on the HAVEGE algorithm
Documentation=man:haveged(8) http://www.issihosts.com/haveged/
DefaultDependencies=no
ConditionVirtualization=!container
#Conflicts=shutdown.target
# Don't wait for systemd-random-seed.service, leads to deadlock with fips=1
#After=systemd-random-seed.service
Before=sysinit.target shutdown.target systemd-journald.service

[Service]
Environment=  HAVEGED_OPTIONS="-w 1024 -v 0 -F"
EnvironmentFile=-/etc/sysconfig/haveged
ExecStart=/usr/sbin/haveged $HAVEGED_OPTIONS
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_SYS_CHROOT
PrivateNetwork=yes
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions 
Restart=always
SuccessExitStatus=137 143

[Install]
WantedBy=sysinit.target