I wrote my comment before I saw yours, but you'll probably be interested in it[0].

The best thing about systemd is also the worst thing: it's monolithic. You can containarize applications lightly all the way to having a full fledged VM. You can run as user or root. You can limit system access like CPU, RAM, network, and even the physical hardware. You even have homed which gives you more control over your user environments. There's systemd mounts[1], boot, machines, timers, networks, and more. It's overwhelming.

I think two commands everyone should know if dealing with systemd services is:

  - `systemctl edit foo.service` to create an override file which sits on top of the existing service file (so your changes don't disappear when you upgrade)
  - `systemd-analyze security foo.service` which will give you a short description of the security options and a score specifying your exposure level.

I've replaced all my cron jobs with systemd jobs now and while it is a bit more work up front (just copy paste templates...) there are huge benefits to be had. Way more flexibility in scheduling and you're not limited to such restrictions as your computer being off[3]

[0] https://news.ycombinator.com/item?id=45318649

[1] I've found mounts really helpful and can really speed up boot times. You can make your drives mount in the background and after any service you want. You can also set timeouts so that they will power down and automount as needed. That can save you a good amount on electricity if you got a storage service. This might also be a good time to remind people that you likely want to add `noatime` to your mount options (even if you use fstab)[2].

[2] https://opensource.com/article/20/6/linux-noatime

[3] You can have it run the service on the next boot (or whenever) if it was supposed to run when the machine was powered off.