[Unit]
Description=Online ext4 Metadata Check for %I
OnFailure=e2scrub_fail@%i.service
Documentation=man:e2scrub(8)

[Service]
Type=oneshot
WorkingDirectory=/
PrivateNetwork=true
ProtectSystem=true
ProtectHome=read-only
PrivateTmp=yes
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectHostname=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions 
AmbientCapabilities=CAP_SYS_ADMIN CAP_SYS_RAWIO
NoNewPrivileges=yes
User=root
IOSchedulingClass=idle
CPUSchedulingPolicy=idle
Environment=SERVICE_MODE=1
ExecStart=/usr/sbin/e2scrub -t %I
SyslogIdentifier=%N