     Can I setup a unit that gets started automatically when a particular
     dev-disk-by-uuid device becomes present?

Just link it under dev-disk-foo.device.wants/ (systemctl enable, or systemctl

Alternatively, ENV{SYSTEMD_WANTS}="foo.service" from udev will have the same

Thanks for pointing me to that.  This is what I've ended up with at the moment:

ACTION=="add", SUBSYSTEM=="block", ENV{DEVTYPE}=="partition",
ENV{ID_BUS}=="usb", ENV{ID_FS_TYPE}=="crypto_LUKS",

# cat clevis-luks-unlock@.service
Description=Clevis decrypt disk %I

ExecStart=/usr/bin/clevis luks unlock -d %I

The only thing that's a bit funky with it is that it generates:

Invalid unit name "clevis-luks-unlock@/dev/sda1.service" escaped as
"clevis-luks-unlock@-dev-sda1.service" (maybe you should use systemd-escape?).

But I'm not sure how else to handle it.

If I left it as ENV{SYSTEMD_WANTS}="clevis-luks-unlock@" I would get the
following instance:


which I can unescape with %f but not sure how to get that to the actual device

Any suggestions?

Use $kernel in rule and /dev/%I in service.

