[Unit] Description=dwelling-upload-clean [Service] Type=oneshot DynamicUser=yes ExecStart=/usr/bin/dwelling-upload-clean -dir /srv/upload -expiry 36h ReadOnlyPaths=/ # Set here path to directory where uploads are stored. ReadWritePaths=/srv/upload NoExecPaths=/ ExecPaths=/usr/bin/dwelling-upload-clean AmbientCapabilities= CapabilityBoundingSet= LockPersonality=true MemoryDenyWriteExecute=true NoNewPrivileges=true PrivateDevices=true ProtectClock=true ProtectControlGroups=true ProtectHome=true ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true ProtectSystem=strict RestrictAddressFamilies= RestrictNamespaces=true RestrictRealtime=true RestrictSUIDSGID=true SystemCallArchitectures=native [Install] WantedBy=multi-user.target