# -*- systemd -*-
# 
# Copyright © 2019 Teddy Hogeborn
# Copyright © 2019 Björn Påhlsson
# 
# This file is part of Mandos.
# 
# Mandos is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# 
#     Mandos is distributed in the hope that it will be useful, but
#     WITHOUT ANY WARRANTY; without even the implied warranty of
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#     GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with Mandos.  If not, see <http://www.gnu.org/licenses/>.
# 
# Contact the authors at <mandos@recompile.se>.
# 
# This systemd.service(5) unit file will start the Mandos
# password-agent(8mandos) program, which will in turn run
# mandos-client(8mandos) to get a password and send the password to
# any and all active password questions using the systemd “Password
# Agent” mechanism.

# This file should be installed in the root file system as
# "/usr/lib/dracut/modules.d/90mandos/ask-password-mandos.service" and
# will be installed in the initramfs image file as
# "/lib/systemd/system/ask-password-mandos.service" by dracut when
# dracut creates the initramfs image file.

[Unit]
Description=Forward Password Requests to remote Mandos server
Documentation=man:intro(8mandos) man:password-agent(8mandos) man:mandos-client(8mandos)
DefaultDependencies=no
Conflicts=shutdown.target
Before=shutdown.target
ConditionKernelCommandLine=!mandos=off
ConditionFileIsExecutable=/lib/mandos/password-agent
ConditionFileIsExecutable=/lib/mandos/mandos-client
ConditionFileNotEmpty=/etc/mandos/keys/pubkey.txt
ConditionFileNotEmpty=/etc/mandos/keys/seckey.txt
ConditionFileNotEmpty=/etc/mandos/keys/tls-pubkey.pem
ConditionFileNotEmpty=/etc/mandos/keys/tls-privkey.pem
ConditionPathIsMountPoint=!/sysroot

[Service]
ExecStart=/lib/mandos/password-agent -- /lib/mandos/mandos-client --pubkey=/etc/mandos/keys/pubkey.txt --seckey=/etc/mandos/keys/seckey.txt --tls-pubkey=/etc/mandos/keys/tls-pubkey.pem --tls-privkey=/etc/mandos/keys/tls-privkey.pem