[Unit]
Description=Prune 0x0 files
After=remote-fs.target

[Service]
Type=oneshot
User=boop
Group=http
WorkingDirectory=/opt/boop
BindPaths=/opt/boop

Environment=FLASK_APP=fhost
ExecStart=/opt/boop/.local/bin/flask prune
ProtectProc=noaccess
ProtectSystem=strict
ProtectHome=tmpfs
PrivateTmp=true
PrivateUsers=true
ProtectKernelLogs=true
LockPersonality=true

[Install]
WantedBy=multi-user.target