[Unit]
Description = Endofossil Test: Clone over SSH using fresh identity

[Service]
Type = oneshot
PrivateUsers = yes
DynamicUser = yes

User = fossil-test-user-%i
RuntimeDirectory = fossil-test-%i

# BindPaths = /run/fossil-test-%i:/.ssh
# Environment = FOSSIL_HOME=/.ssh

BindPaths = /run/fossil-test-%i:/root/.ssh
Environment = HOME=/root FOSSIL_HOME=/root/.ssh

ExecStart = sh -c '[ "$HOME" != /root ] || set -- fakeroot "$@"; "$@"' - sh -exc '\
cd; \
! touch /test.file 2>/dev/null; \
mountpoint -q .ssh || ln -s . .ssh; \
mkdir .ssh/known_hosts.d; \
ssh-keygen -t ed25519 -f .ssh/id_ed25519 -N ""; \
ssh -o BatchMode=yes -o StrictHostKeyChecking=accept-new -- %i@localhost :; \
ssh -o BatchMode=yes -o StrictHostKeyChecking=yes        -- %i@localhost uptime; \
cd .ssh; \
fossil clone ssh://%i@localhost/fossil-instance-1 db~$(date -Ins).fossil; \
fossil clone ssh://%i@localhost/a/b/c/fossil-instance-2 db~$(date -Ins).fossil; \
fossil clone ssh://%i@localhost/fossil/db db~$(date -Ins).fossil; \
'