diff --git a/hosts/nixdesk/profiles/ssh-public-port-2050.nix b/hosts/nixdesk/profiles/ssh-public-port-2050.nix
index 3fa53fc..07ee9c5 100644
--- a/hosts/nixdesk/profiles/ssh-public-port-2050.nix
+++ b/hosts/nixdesk/profiles/ssh-public-port-2050.nix
@@ -1,16 +1,15 @@
 {pkgs, ...}: {
-  # services.openssh.ports = [22 2050];
-  systemd.services.port2050-natpmp = {
-    bindsTo = ["sshd"]; # might not work
-    confinement = {
-      enable = true;
-      mode = "chroot-only";
-    };
-    serviceConfig.ExecStart = ''
+  systemd.services.ssh-port2050-natpmp = {
+    bindsTo = ["sshd.socket"];
+    after = ["sshd.socket"];
+    serviceConfig.Restart = "on-failure";
+    serviceConfig.ExecStart = pkgs.writeScript "ssh-port2050-natpmp" ''
+      #!${pkgs.bash}/bin/bash
+
       while true
       do
         ${pkgs.libnatpmp}/bin/natpmpc -a 2050 22 tcp 60
-        sleep 30
+        ${pkgs.coreutils}/bin/sleep 30
       done
     '';
   };