[Unit]
Description=Nextcloud cron.php job

[Service]
Type=oneshot
ExecStart=/usr/bin/docker exec -u www-data nextcloud.service php -f /var/www/html/cron.php
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
ProtectKernelTunables=yes
ProtectControlGroups=yes
RestrictRealtime=yes
RestrictAddressFamilies=AF_UNIX