[Unit]
Description=Random seed load/save
Documentation=man:random-seed(8) man:random(4)
DefaultDependencies=no
RequiresMountsFor=@default_seed_dir@
Conflicts=shutdown.target
After=systemd-remount-fs.service
Before=sysinit.target shutdown.target
ConditionVirtualization=!container

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=@sbindir@/random-seed load
ExecStop=@sbindir@/random-seed save
#CapabilityBoundingSet=CAP_SYS_ADMIN
#NoNewPrivileges=yes
#PrivateDevices=yes
#PrivateNetwork=yes
#ProtectKernelTunables=yes
#ProtectKernelModules=yes
#LockPersonality=yes
#TemporaryFileSystem=/:ro
#BindPaths=@default_seed_dir@
TimeoutSec=30s

[Install]
WantedBy=sysinit.target