{ pkgs, ... }: {
    services.cron = {
        enable = true;
        systemCronJobs = [
            # Backups to nuc-docker01
            ''0 0 * * * root rsync --delete -avr /Storage/Data/Docker/sysctl.io/ root@nuc-docker01:/Storage/Data/Docker/sysctl.io/''
            ''0 3 * * * root rsync -avr /Storage/Data/Docker/sysctl.io/nextcloud/html/data/albert/files/InstantUpload/ root@nuc-docker01:/Storage/Video/Pictures/InstantUpload/''
            ''0 5 * * * root rsync -avr /Storage/Data/Docker/sysctl.io/nextcloud/html/data/albert/files/Wallpapers/ root@nuc-docker01:/Storage/Video/Pictures/Wallpapers''
            # DERP relay certs
            ''@daily root cp /Storage/Data/Docker/sysctl.io/letsencrypt/certs/certs/\*.sysctl.io.crt   /Storage/Data/Docker/sysctl.io/letsencrypt/certs/certs/derp.sysctl.io.crt''
            ''@daily root cp /Storage/Data/Docker/sysctl.io/letsencrypt/certs/private/\*.sysctl.io.key /Storage/Data/Docker/sysctl.io/letsencrypt/certs/private/derp.sysctl.io.key''
            # Back up the docker containers monthly:
            ''@monthly root ssh nuc-docker01 "rm -rf /Storage/Backups/Docker/sysctl.io/*"; for i in $(docker ps --format '{{.Names}}'); do docker export $i | gzip -cf | ssh root@nuc-docker01 "cat > /Storage/Backups/Docker/sysctl.io/$i.tar.gz"; done''
            # Set a random Pi-Hole password
            ''* * * * * root docker exec  pihole sudo pihole -a -p $(openssl rand -hex 128)''
            # Run the ClamAV scan
            ''@monthly root /Storage/Data/docker-compose/sysctl.io/scripts/clamscan-cron.sh''
            # Archive Loki logs monthly
            ''@monthly root /Storage/Data/docker-compose/sysctl.io/scripts/backup-logs.sh >> /Storage/Data/Temporary/log_backups.log''
            # Run the ClamAV scan
            ''@monthly root /Storage/Data/docker-compose/sysctl.io/scripts/clamscan-cron.sh''
            # Run the Nextcloud cronjobs hourly
            ''@hourly root docker exec -uwww-data nextcloud php -f /var/www/html/cron.php''
            # Run the Pixelfed scheduler
            ''* * * * * root docker exec pixelfed-app php artisan schedule:run''
            # Update / CLean Mastodon caches
            ''@daily root docker exec mastodon-web tootctl preview_cards  remove --days 7''
            ''@daily root docker exec mastodon-web tootctl media remove --days 7 --prune-profiles''
            ''@daily root docker exec mastodon-web tootctl accounts prune''
            ''@daily root docker exec mastodon-web tootctl statuses remove --days 7''
            ''@daily root docker exec mastodon-web tootctl media remove --remove-headers --include-follows --days 7''
            ''@daily root docker exec mastodon-web tootctl preview_cards remove --days 7''
            ''@daily root docker exec mastodon-web tootctl media remove-orphans''
        ];
    };
}
# Old crontab:
#  # At reboot, apply the ip_tables modprobe so Wireguard works
#  @reboot /usr/sbin/modprobe ip_tables
#  
#  # At reboot, restart Docker.  Otherwise, iptables / the firewall freaks out
#  @reboot /usr/bin/systemctl stop docker; /usr/bin/systemctl start docker
#  
#  # Every day, get storage space for monitoring
#  @daily source ~/.bashrc; for i in `ls /Storage/Data/Docker`; do echo echo "$(date): $(du -s /Storage/Data/Docker/$i)" | sed -e 's/\/Storage\/Data\/Docker\/\$i//' >> /root/sizes/$i.log; done
#  
#  # Clean up NextCloud files weekly to save space
#  @weekly source ~/.bashrc; /usr/bin/docker exec -uwww-data nextcloud php occ versions:cleanup
# DONE # Run the Nextcloud cronjobs hourly
# DONE @hourly  source ~/.bashrc; /usr/bin/docker exec -uwww-data nextcloud php -f /var/www/html/cron.php
#  
#  
#  # Clear out Mastodon caches daily
# DONE @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl preview_cards  remove --days 1
# DONE @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl media          remove --days 1 --prune-profiles
# DONE @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl accounts       prune
# DONE @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl statuses       remove --days 1
# DONE @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl media remove --remove-headers --include-follows --days 0
# DONE @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl preview_cards remove --days 1
# DONE @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl media remove-orphans
#  
# DONE # Run the Pixelfed scheduler
# DONE * * * * * /usr/bin/docker exec pixelfed-app php artisan schedule:run
#  
# DONE  # Run the ClamAV scan
# DONE  @monthly source ~/.bashrc; /Storage/Data/docker-compose/sysctl.io/scripts/clamscan-cron.sh
#  
# DONE # Set a random PiHole password every minute
# DONE * * * * * /usr/bin/docker exec  pihole sudo pihole -a -p $(openssl rand -hex 128)
#  
# NOT NEEDED # back up crontab:
# NOT NEEDED # 0 0 * * * /usr/bin/crontab -l > /Storage/Data/Temporary/crontab
#  
#  # Back up and delete local copies of Loki logs monthly
# DONE  @monthly  source ~/.bashrc; /Storage/Data/docker-compose/sysctl.io/scripts/backup-logs.sh >> /Storage/Data/Temporary/log_backups.log
#  
# DONE  # Back up the docker containers weekly:
# DONE  @weekly source ~/.bashrc; ssh nuc-docker01 "rm -rf /Storage/Backups/Docker/sysctl.io/*"; for i in $(docker ps --format '{{.Names}}'); do docker export $i | gzip -cf | ssh root@nuc-docker01 "cat > /Storage/Backups/Docker/sysctl.io/$i.tar.gz"; done
#  
#  # Set up DERP relay certs for headscale-derp:
# DONE  @hourly cp /Storage/Data/Docker/letsencrypt/certs/certs/\*.sysctl.io.crt   /Storage/Data/Docker/letsencrypt/certs/certs/derp.sysctl.io.crt
# DONE  @hourly cp /Storage/Data/Docker/letsencrypt/certs/private/\*.sysctl.io.key /Storage/Data/Docker/letsencrypt/certs/private/derp.sysctl.io.key