[Unit]
Description=Maintain SSH reverse tunnel for MCP endpoints
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
Environment="MCP_TUNNEL_HOST=mcp.example.com"
Environment="MCP_TUNNEL_USER=mcp"
Environment="MCP_TUNNEL_KEY=%h/.ssh/mcp_reverse"
Environment="MCP_REMOTE_STREAMABLE_PORT=8250"
Environment="MCP_LOCAL_STREAMABLE_PORT=14000"
Environment="MCP_REMOTE_BROWSER_PORT=8251"
Environment="MCP_LOCAL_BROWSER_PORT=14001"
Environment="MCP_TUNNEL_EXTRA_ARGS="
EnvironmentFile=-%h/.config/mcp-browser/tunnel.env

ExecStart=/usr/bin/env sh -c '\
  set -eu; \
  exec /usr/bin/ssh -F /dev/null -i "$MCP_TUNNEL_KEY" -NT \
    -o ExitOnForwardFailure=yes \
    -o ServerAliveInterval=15 \
    -o ServerAliveCountMax=3 \
    -o StreamLocalBindUnlink=yes \
    -R 127.0.0.1:"$MCP_REMOTE_STREAMABLE_PORT":127.0.0.1:"$MCP_LOCAL_STREAMABLE_PORT" \
    -R 127.0.0.1:"$MCP_REMOTE_BROWSER_PORT":127.0.0.1:"$MCP_LOCAL_BROWSER_PORT" \
    $MCP_TUNNEL_EXTRA_ARGS \
    "$MCP_TUNNEL_USER@$MCP_TUNNEL_HOST"'

Restart=always
RestartSec=5
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=read-only
PrivateTmp=yes
ProtectControlGroups=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
RestrictSUIDSGID=yes
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
ReadOnlyPaths=%h/.ssh

[Install]
WantedBy=default.target