The only update service we really need to guard like this is
systemd-tmpfiles-setup.service since if invoked manually might create
/var/run/nologin and thus blocking the user from login. The other
services are pretty much idempotent and don't suffer by this problem,
hence let's simplify them.
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service local-fs.target
Before=sysinit.target shutdown.target systemd-update-done.service
-RefuseManualStart=yes
-RefuseManualStop=yes
ConditionNeedsUpdate=/etc
[Service]
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-remount-fs.service
Before=sysinit.target shutdown.target systemd-update-done.service
-RefuseManualStart=yes
-RefuseManualStop=yes
ConditionNeedsUpdate=/etc
[Service]
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service systemd-remount-fs.service
Before=sysinit.target shutdown.target systemd-update-done.service
-RefuseManualStart=yes
-RefuseManualStop=yes
ConditionNeedsUpdate=/etc
[Service]
Conflicts=shutdown.target
After=systemd-readahead-collect.service systemd-readahead-replay.service local-fs.target
Before=sysinit.target shutdown.target
-RefuseManualStart=yes
-RefuseManualStop=yes
ConditionNeedsUpdate=|/etc
ConditionNeedsUpdate=|/var