{ config, lib, ... }:
with lib;
let
  cfg = config.eboskma.drone;
in
{
  options.eboskma.drone = {
    enable = mkEnableOption "activate drone CI";
  };

  config = mkIf cfg.enable {
    virtualisation.docker = {
      enable = true;
      autoPrune = {
        enable = true;
        dates = "weekly";
      };
    };

    virtualisation.oci-containers.containers = {
      drone = {
        autoStart = true;
        image = "drone/drone:2";
        ports = [ "8100:80" ];
        volumes = [ "drone_data:/data" ];
        environmentFiles = [ config.sops.secrets.drone.path ];
      };

      drone-runner-docker = {
        autoStart = true;
        image = "drone/drone-runner-docker:1";
        ports = [ "3000:3000" ];
        volumes = [ "/var/run/docker.sock:/var/run/docker.sock" ];
        environmentFiles = [ config.sops.secrets.drone-runner.path ];
      };
    };

    users.users.${config.eboskma.var.mainUser}.extraGroups = [ "docker" ];
  };
}