[Unit]
Description=Nextcloud files:scan job

[Service]
Type=oneshot
ExecStart=/usr/bin/docker exec -u www-data nextcloud.service /var/www/html/occ files:scan --path /_elevate_/files/Share
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectHome=yes
ProtectKernelTunables=yes
ProtectControlGroups=yes
RestrictRealtime=yes
RestrictAddressFamilies=AF_UNIX