[Unit]
Description=Nextcloud cron.php job for %i

[Service]
Type=oneshot
ExecStart={{ elevate_media_nextcloud_base_path }}/%i/config/run-cron.sh
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
ProtectKernelTunables=yes
ProtectControlGroups=yes
RestrictRealtime=yes
RestrictAddressFamilies=AF_UNIX AF_INET