[Unit]
Description=Create SSH connection to %I
Requires=network-online.target
After=network-online.target
StopWhenUnneeded=yes

[Service]
Type=notify
NotifyAccess=all
DynamicUser=yes

LoadCredential=ssh:/etc/nnss/%i

# https://enotty.pipebreaker.pl/posts/2024/01/how-systemd-exponential-restart-delay-works/
Restart=on-failure
RestartSec=5min
RestartSteps=6
RestartMaxDelaySec=24h

RuntimeDirectory=nnss-%i
StateDirectory=nnss-%i
ExecStart=ssh -F /usr/lib/nnss/ssh_config default

NoNewPrivileges=yes
CapabilityBoundingSet=
RestrictNamespaces=true
SystemCallFilter=@system-service