[Unit]
Description=Prune 0x0 files
After=remote-fs.target

[Service]
Type=oneshot
User=0x0
WorkingDirectory=/srv/0x0
BindPaths=/srv/0x0

Environment=FLASK_APP=fhost
ExecStart=/srv/0x0/venv/bin/flask prune
ProtectProc=noaccess
ProtectSystem=strict
ProtectHome=tmpfs
PrivateTmp=true
PrivateUsers=true
ProtectKernelLogs=true
LockPersonality=true

[Install]
WantedBy=multi-user.target