[Unit]
Description=Nextcloud files:scan job timer for {{ elevate_media_nextcloud_instance_name }}

[Service]
Type=oneshot
Environment=NEXTCLOUD_OCC_NON_INTERACTIVE=1
{# TODO: make path(s) configurable and add one ExecStart per path #}
ExecStart=/usr/local/bin/nextcloud-occ {{ elevate_media_nextcloud_instance_name }} files:scan --path /_elevate_/files/Share
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
ProtectKernelTunables=yes
ProtectControlGroups=yes
RestrictRealtime=yes
RestrictAddressFamilies=AF_UNIX AF_INET