[Unit]
Description=Mask Local Var Directory (/local/var)
DefaultDependencies=no
RequiresMountsFor=/local /var
BindsTo=var.mount
ConditionPathIsMountPoint=!/local/var
Conflicts=umount.target
Before=umount.target
RefuseManualStart=true
RefuseManualStop=true

[Service]
Type=oneshot

# Mask `/local/var` to avoid confusion, since it will have most of the contents
# of `/var` but not any of the mounts.
ExecStart=/usr/bin/mount --bind --options nosuid,nodev,noexec,private /srv /local/var

# If `/var` is unmounted, this unit will stop because of `BindsTo` above. Try
# to undo the mount since otherwise the empty directory could be bind-mounted
# over `/var` if `var.mount` is restarted.
ExecStop=-/usr/bin/umount /local/var

RemainAfterExit=true
StandardError=journal+console