+end
+
+systemd_service "docker-system-prune" do
+ description "Cleanup up unused docker images and containers"
+ after ["docker.service"]
+ wants ["docker.service"]
+ user "root"
+ exec_start "/usr/bin/docker system prune --all --force"
+ sandbox :enable_network => true
+ memory_deny_write_execute false
+ restrict_address_families "AF_UNIX"
+end
+
+systemd_timer "docker-system-prune" do
+ description "Cleanup up unused docker images and containers"
+ on_boot_sec "2h"
+ on_unit_active_sec "7d"
+ randomized_delay_sec "4h"
+end
+
+service "docker-system-prune.timer" do
+ action [:enable, :start]