[Unit]
Description="HashiCorp Vault Agent"
Documentation=https://www.vaultproject.io/docs/
Requires=network-online.target
After=network-online.target
ConditionFileNotEmpty={{ vault_agent_root_dir }}/etc/vault-agent.hcl
StartLimitIntervalSec=60
StartLimitBurst=6
Before=consul.service
Before=nomad.service

# Vault version {{ vault_current_version }}
[Service]
Type=notify
User=root
Group=root
SyslogIdentifier=vault-agent
ProtectSystem=full
ProtectHome=read-only
PrivateTmp=yes
PrivateDevices=yes
SecureBits=keep-caps
AmbientCapabilities=CAP_IPC_LOCK
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_CHOWN CAP_FOWNER CAP_DAC_OVERRIDE
NoNewPrivileges=yes
ExecStart=/usr/local/bin/vault agent -config={{ vault_agent_root_dir }}/etc/
ExecReload=/bin/kill --signal HUP $MAINPID
KillMode=process
KillSignal=SIGINT
Restart=on-failure
RestartSec=5
TimeoutStopSec=30
LimitNOFILE=65536
LimitMEMLOCK=infinity

[Install]
WantedBy=multi-user.target
{% if vault_agent_nomad.nomad_pki.enabled or vault_agent_nomad.vault_token.enabled or vault_agent_nomad.consul_pki.enabled or vault_agent_nomad.consul_token.enabled %}
WantedBy=nomad.service
{% endif %}
{% if vault_agent_consul.consul_pki.enabled %}
WantedBy=consul.service
{% endif %}