#!/bin/bash

echo "selinux command is untested. copy paste systemd file if you want"
echo "reboot afterwards(selinux unset, need reboot to take effect, or just do sudo setenforce 0 for temp unset)"
echo "make sure /root/m exists"
echo "remember to change the remote port or host if needed"

# disable selinux
sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config

sudo cat << 'EOF' > /etc/systemd/system/ssh-tunnel.service
[Unit]
Description=Persistent SSH Tunnel
After=network.target
StartLimitIntervalSec=0

[Service]
Type=simple
ExecStart=/usr/bin/ssh \
    -i /root/m \
    -o "ExitOnForwardFailure=yes" \
    -o "StrictHostKeyChecking=no" \
    -N -R 24:localhost:22 root@p.0nom.ch
Restart=always
RestartSec=10
RemainAfterExit=no
KillMode=process

[Install]
WantedBy=multi-user.target
EOF

sudo chmod 600 /root/m
sudo systemctl daemon-reload
sudo systemctl enable --now ssh-tunnel