From 739cca01c4e9b57a705b53b3d0e0c7b06ce297f8 Mon Sep 17 00:00:00 2001
From: Balakrishnan Balasubramanian <git.user@balki.me>
Date: Sun, 27 Jul 2025 22:00:03 -0400
Subject: [PATCH] Make unique dynamic user for each ssh connection and improve
 doc

---
 nnss-ssh@.service | 4 ++++
 nnssB@.service    | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/nnss-ssh@.service b/nnss-ssh@.service
index 5e7dbd9..5ed794f 100644
--- a/nnss-ssh@.service
+++ b/nnss-ssh@.service
@@ -8,9 +8,13 @@ StopWhenUnneeded=yes
 Type=notify
 NotifyAccess=all
 DynamicUser=yes
+User=nnss-ssh-%i
 
 LoadCredential=ssh:/etc/nnss/%i
 
+# Note: App service running in the namespace should have Restart=always,
+# otherwise, both the ssh connection and the app will be stopped as this unit
+# has StopWhenUnneeded set
 # https://enotty.pipebreaker.pl/posts/2024/01/how-systemd-exponential-restart-delay-works/
 Restart=on-failure
 RestartSec=5min
diff --git a/nnssB@.service b/nnssB@.service
index bfba811..7639228 100644
--- a/nnssB@.service
+++ b/nnssB@.service
@@ -10,7 +10,7 @@ NotifyAccess=all
 RuntimeDirectory=nnssB%i
 
 # Add SOCKS_PROXY environment variable to below file. E.g.
-# SOCKS_PROXY=socks5://127.0.0.1:9050
+# echo SOCKS_PROXY=socks5://127.0.0.1:9050 > /etc/nnss/env_tor
 EnvironmentFile=/etc/nnss/env_%i
 
 ExecStart=/usr/lib/nnss/tunsocks.sh "%i" use_env setup