[Unit]
Description=Socket to connect to a service running inside a network namespace

[Socket]
ListenStream=/run/nnss-%i.sock

# By default, the above socket is world writable
# To restrict to just the web server, Run
# sudo systemctl edit nnss-sproxy@.socket --drop-in=sockperms.conf
# and add below settings. (change to your web server user)
# SocketGroup=caddy
# SocketMode=0660


[Install]
WantedBy=sockets.target