# Must be sent to /etc/systemd/system
[Unit]
Description=Setup a secure tunnel to {{ANS_ADDR_TARGET}}
After=network.target

[Service]
User={{ANS_REMOTE_USER}}
ExecStartPre=cd /home/{{ANS_REMOTE_USER}}
EnvironmentFile=/etc/default/secure-tunnel
ExecStart=/usr/bin/ssh -p ${REMOTE_PORT} -NT -i /home/{{ANS_REMOTE_USER}}/.ssh/{{KEY_NAME}} -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${RTARGET_PORT}:localhost:22 ${ANS_TARGET_USER}@${TARGET}

# Restart every >2 seconds to avoid StartLimitInterval failure
RestartSec=5
Restart=always

[Install]
WantedBy=multi-user.target