{ config, pkgs, inputs, lib, system, ... }: 
let
  unstable = inputs.nixpkgs-nixos-unstable;
  package = unstable.legacyPackages."${system}".gitea-actions-runner;
in
{
  sops.secrets."gitea-runner-token" = {
    sopsFile = ./gitea-runner-token.sops;
    format = "binary";
  };
  virtualisation.podman = {
    enable = true;
    autoPrune.enable = true;
    defaultNetwork.settings = { dns_enabled = true; };
  };
  disabledModules = [ "services/continuous-integration/gitea-actions-runner.nix" ];
  imports = [ "${unstable}/nixos/modules/services/continuous-integration/gitea-actions-runner.nix" ];

  services.gitea-actions-runner = {
    inherit package;
    instances.bolty1 = {
      enable = true;
      url = "https://git.cyplo.dev";
      tokenFile = config.sops.secrets."gitea-runner-token".path;
      name = "bolty1";
      hostPackages = with pkgs; [
        bash
        coreutils
        curl
        gawk
        gitMinimal
        gnused
        nodejs
        wget
        sudo
      ];
      labels = [
        "nixery-nix-node:docker://nixery.dev/shell/nix/git/nodejs:latest"
        "nix-flakes:docker://nixpkgs/nix-flakes:latest"
        "node16:docker://node:16-bullseye" # compat with github actions
        "node-latest:docker://node:lts-bookworm" # compat with github actions
        "ubuntu-kinetic:docker://ubuntu:kinetic" # compat with github actions
        "linux_amd64:host" # compat with github actions
      ];
    };
  };
}