[Unit]
Description=Mask Local Mnt Directory (/local/mnt)
DefaultDependencies=no
RequiresMountsFor=/local /mnt
BindsTo=mnt.mount
ConditionPathIsMountPoint=!/local/mnt
Conflicts=umount.target
Before=umount.target
RefuseManualStart=true
RefuseManualStop=true

[Service]
Type=oneshot

# Mask `/local/mnt` to avoid confusion, since it will have most of the contents
# of `/mnt` but not any of the mounts.
ExecStart=/usr/bin/mount --bind --options nosuid,nodev,noexec,private /srv /local/mnt

# If `/mnt` is unmounted, this unit will stop because of `BindsTo` above. Try
# to undo the mount since otherwise the empty directory could be bind-mounted
# over `/mnt` if `mnt.mount` is restarted.
ExecStop=/usr/bin/umount /local/mnt

RemainAfterExit=true
StandardError=journal+console