{ pkgs, ... }:
let
  crowdsecservice = "crowdsec-prefix";
  tailscale-cloudflare-dns-sync-service = "tailscale-cloudflare-dns-sync";
in
{
  systemd.services = {
    ${crowdsecservice} = {
      enable = true;
      description = "Get IPv6 Prefix to add to Crowdsec Whitelist";
      serviceConfig = {
        Type = "oneshot";
        ExecStart = "/mnt/lilly-ssd/appdata/crowdsec/crowdsec-prefix-change-script/checkprefix.sh";
        WorkingDirectory = "/mnt/lilly-ssd/appdata/crowdsec/crowdsec-prefix-change-script";
      };
    };
    ${tailscale-cloudflare-dns-sync-service} = {
      enable = true;
      description = "Start the tailscale-cloudflare-dns-sync Docker container";
      serviceConfig = {
        Type = "oneshot";
        ExecStart = "${pkgs.docker}/bin/docker start tailscale-cloudflare-dns-sync";
      };
    };
  };
  systemd.timers = {
    ${crowdsecservice} = {
      enable = true;
      description = "Run Crowdsec-Prefix check regularly.";
      timerConfig = {
        OnCalendar = "*:0/5";
        Persistent = true;
      };
      wantedBy = [ "timers.target" ];
    };
  };
}