NetworkManager/clients/cloud-setup/nm-cloud-setup.service.in

[Unit]
Description=Automatically configure NetworkManager in cloud
After=NetworkManager.service

[Service]
Type=oneshot
ExecStart=@libexecdir@/nm-cloud-setup

#Environment=NM_CLOUD_SETUP_LOG=TRACE

# Cloud providers are disabled by default. You need to
# Opt-in by setting the right environment variable for
# the provider.
#Environment=NM_CLOUD_SETUP_EC2=yes
#Environment=NM_CLOUD_SETUP_GCP=yes

CapabilityBoundingSet=
LockPersonality=yes
MemoryDenyWriteExecute=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=strict
RestrictAddressFamilies=AF_UNIX AF_NETLINK AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
SystemCallFilter=@system-service

[Install]
WantedBy=NetworkManager.service