[Unit]
Description=Setup a secure tunnel to %I
After=network.target

#
# Add secure-tunnel@<name> file with necessary env vars:
#
#USER=			# user to run the unit with
#REMOTE_PORT=	# some port on the remote machine to forward to
#REMOTE_USER=	# user on the remote machine
#TARGET_PORT=	# ssh port of the target machine usually 22
#
[Service]
User="${USER}"
EnvironmentFile=%h/.config/systemd/user/secure-tunnel@%i
ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -R ${REMOTE_PORT}:localhost:${TARGET_PORT} ${TARGET} -l ${REMOTE_USER}

# Restart every >2 seconds to avoid StartLimitInterval failure
RestartSec=5
Restart=always

[Install]
WantedBy=multi-user.target