{ pkgs, config, ... }:
{
  services.gitea-actions-runner = {
    package = pkgs.forgejo-actions-runner;

    instances = {
      nix = {
        name = "nix";
        enable = true;
        url = "https://git.datarift.nl";
        tokenFile = config.sops.secrets.runner-nix-token.path;
        labels = [ "nix:docker://ghcr.io/eboskma/forgejo-nix-runner:latest" ];
        settings = {
          log = {
            level = "info";
          };
          runner = {
            capacity = 1;
          };
          container = {
            privileged = true;
            valid_volumes = [
              "/nix"
              "/run/podman/podman.sock"
              "/etc/containers/policy.json"
            ];
            docker_host = "-";
          };
        };
      };
    };
  };
}