[Unit]
Description=Entropy Harvesting Daemon
Documentation=man:haveged(8)
DefaultDependencies=no
ConditionVirtualization=!container
After=systemd-random-seed.service
Before=sysinit.target shutdown.target

[Service]
ExecStartPre=+/usr/bin/sysctl -w kernel.random.write_wakeup_threshold=1024
ExecStart=/usr/bin/haveged --Foreground --verbose=1
SuccessExitStatus=143
DynamicUser=on
AmbientCapabilities=CAP_SYS_ADMIN
NoNewPrivileges=on
PrivateDevices=on
PrivateNetwork=on
PrivateTmp=on
ProtectSystem=full
ProtectHome=on

[Install]
WantedBy=sysinit.target